HPE Community
Aruba & ProVision-based
1753396 Members
7292 Online
108792 Solutions
New Discussion

Re: How to permit incoming connections on ACLs (Aruba 2930F)

 
SHtan
Advisor

‎10-18-2021 02:53 AM - last edited on ‎10-19-2021 09:00 PM by

‎10-18-2021 02:53 AM - last edited on ‎10-19-2021 09:00 PM by

How to permit incoming connections on ACLs (Aruba 2930F)

Hi all,

Having this ACL problem on a 2930F.

I want to permit

  • SSH access from 192.168.100.130 to 192.168.100.83
  • UDP access from 192.168.100.83 to 192.168.100.87

Block all the rest. 

192.168.100.83 and 192.168.100.87 are IP addresses are on the same VLAN on the 2930F switch.

I am sitting on 192.168.100.130 which is another VLAN routed by a Firewall via intervlan routing.

 

I have this 

ip access-list extended "Permit SSH and UDP, Deny all"

10 permit tcp 192.168.100.130 0.0.0.0 192.168.100.83 0.0.0.0 eq 22 log

20 permit udp 192.168.100.83 0.0.0.0 192.168.100.87 0.0.0.0 eq 514 log

30 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 

 

The above permits udp packets from 192.168.100.83 to 192.168.100.87 (I can see it in the syslog) but I am not able to access 192.168.100.83 from 192.168.100.130

Any ideas?

0 Kudos
3 REPLIES 3
-Alex-
HPE Pro

‎10-18-2021 04:35 AM

‎10-18-2021 04:35 AM

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Hello SHtan,

If you have applied the ACL inbound direction you have to modify the traffic to its proper vlan.

E.g. If the device 192.168.100.130 is in another vlan and you have applied this on its vlan it is ok but from the perspective 192.168.100.83->192.168.100.130 is it allowed in its vlan?

Hope this helps!

I am an HPE Employee

Accept or Kudo

0 Kudos
SHtan
Advisor

‎10-18-2021 10:10 AM

‎10-18-2021 10:10 AM

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Thanks for your reply! That means I'll need two ACLs; one for the first VLAN containing 192.168.1.83 and another for the second VLAN containing 192.168.1.130? Should the ACLs be applied as VLAN ACLs or interface ACLs?

First time doing this - sorry for the bother!

0 Kudos
-Alex-
HPE Pro

‎10-19-2021 12:07 AM

‎10-19-2021 12:07 AM

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Hello SHtan,

Exactly, you need proper ACL for each vlan and apply to it coordingly.

Hope this helps!

I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.