- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: How to permit incoming connections on ACLs (Ar...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2021 02:53 AM - last edited on 10-19-2021 09:00 PM by support_s
10-18-2021 02:53 AM - last edited on 10-19-2021 09:00 PM by support_s
How to permit incoming connections on ACLs (Aruba 2930F)
Hi all,
Having this ACL problem on a 2930F.
I want to permit
- SSH access from 192.168.100.130 to 192.168.100.83
- UDP access from 192.168.100.83 to 192.168.100.87
Block all the rest.
192.168.100.83 and 192.168.100.87 are IP addresses are on the same VLAN on the 2930F switch.
I am sitting on 192.168.100.130 which is another VLAN routed by a Firewall via intervlan routing.
I have this
ip access-list extended "Permit SSH and UDP, Deny all"
10 permit tcp 192.168.100.130 0.0.0.0 192.168.100.83 0.0.0.0 eq 22 log
20 permit udp 192.168.100.83 0.0.0.0 192.168.100.87 0.0.0.0 eq 514 log
30 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
The above permits udp packets from 192.168.100.83 to 192.168.100.87 (I can see it in the syslog) but I am not able to access 192.168.100.83 from 192.168.100.130
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2021 04:35 AM
10-18-2021 04:35 AM
Re: How to permit incoming connections on ACLs (Aruba 2930F)
Hello SHtan,
If you have applied the ACL inbound direction you have to modify the traffic to its proper vlan.
E.g. If the device 192.168.100.130 is in another vlan and you have applied this on its vlan it is ok but from the perspective 192.168.100.83->192.168.100.130 is it allowed in its vlan?
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2021 10:10 AM
10-18-2021 10:10 AM
Re: How to permit incoming connections on ACLs (Aruba 2930F)
Thanks for your reply! That means I'll need two ACLs; one for the first VLAN containing 192.168.1.83 and another for the second VLAN containing 192.168.1.130? Should the ACLs be applied as VLAN ACLs or interface ACLs?
First time doing this - sorry for the bother!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2021 12:07 AM
10-19-2021 12:07 AM
Re: How to permit incoming connections on ACLs (Aruba 2930F)
Hello SHtan,
Exactly, you need proper ACL for each vlan and apply to it coordingly.
Hope this helps!