Aruba & ProVision-based

How to permit incoming connections on ACLs (Aruba 2930F)

 
SHtan
Advisor

How to permit incoming connections on ACLs (Aruba 2930F)

Hi all,

Having this ACL problem on a 2930F.

I want to permit

  • SSH access from 192.168.100.130 to 192.168.100.83
  • UDP access from 192.168.100.83 to 192.168.100.87

Block all the rest. 

192.168.100.83 and 192.168.100.87 are IP addresses are on the same VLAN on the 2930F switch.

I am sitting on 192.168.100.130 which is another VLAN routed by a Firewall via intervlan routing.

 

I have this 

ip access-list extended "Permit SSH and UDP, Deny all"

10 permit tcp 192.168.100.130 0.0.0.0 192.168.100.83 0.0.0.0 eq 22 log

20 permit udp 192.168.100.83 0.0.0.0 192.168.100.87 0.0.0.0 eq 514 log

30 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 

 

The above permits udp packets from 192.168.100.83 to 192.168.100.87 (I can see it in the syslog) but I am not able to access 192.168.100.83 from 192.168.100.130

Any ideas?

3 REPLIES 3
-Alex-
HPE Pro

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Hello SHtan,

If you have applied the ACL inbound direction you have to modify the traffic to its proper vlan.

E.g. If the device 192.168.100.130 is in another vlan and you have applied this on its vlan it is ok but from the perspective 192.168.100.83->192.168.100.130 is it allowed in its vlan?

Hope this helps!

I am an HPE Employee

Accept or Kudo

SHtan
Advisor

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Thanks for your reply! That means I'll need two ACLs; one for the first VLAN containing 192.168.1.83 and another for the second VLAN containing 192.168.1.130? Should the ACLs be applied as VLAN ACLs or interface ACLs?

First time doing this - sorry for the bother!

-Alex-
HPE Pro

Re: How to permit incoming connections on ACLs (Aruba 2930F)

Hello SHtan,

Exactly, you need proper ACL for each vlan and apply to it coordingly.

Hope this helps!

I am an HPE Employee

Accept or Kudo