- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Problem with Extended ACL
-
-
Forums
- Products
- Servers and Operating Systems
- Storage
- Software
- Services
- HPE GreenLake
- Company
- Events
- Webinars
- Partner Solutions and Certifications
- Local Language
- China - 简体中文
- Japan - 日本語
- Korea - 한국어
- Taiwan - 繁體中文
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Blog, Poland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-14-2017 05:53 AM
11-14-2017 05:53 AM
Problem with Extended ACL
Hi,
I have a problem with an Extended ACL. I have 3 external locations that are accessible via a 4th location. Each of the 3 locations is connected to location 4 via OSPF. At all 3 locations there is the vlan 1000. For testing there is also the location 4. The 3 or 4 locations are nowhere to go except to the other sites in the Vlan 1000
The locations have the following IP settings for the Vlan 1000
Location 1:
IP: 10.60.210.254/24
Comware Switch HPE 5800-24G-SFP
Location 2:
IP: 10.60.211.254/24
5406Rzl2
Location 3:
IP: 10.60.213.254/24
5406Rzl2
Location 4:
IP: 10.60.212.254/24
5406zl
Today I tried to connect site 3 to 4. Unfortunately, the ACL rules do not work.
Config Location 3:
ip access-list extended "KW-in"
10 permit ip 10.60.210.0 0.0.0.255 10.60.213.0 0.0.0.255 log
20 permit ip 10.60.211.0 0.0.0.255 10.60.213.0 0.0.0.255 log
30 permit ip 10.60.212.0 0.0.0.255 10.60.213.0 0.0.0.255 log
40 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "KW-out"
10 permit ip 10.60.213.0 0.0.0.255 10.60.210.0 0.0.0.255 log
20 permit ip 10.60.213.0 0.0.0.255 10.60.211.0 0.0.0.255 log
30 permit ip 10.60.213.0 0.0.0.255 10.60.212.0 0.0.0.255 log
40 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 1000
name "KW-Transfer"
tagged B15-B16
ip access-group "KW-in" in
ip access-group "KW-out" out
ip address 10.60.213.254 255.255.255.0
exit
Config Location 4
ip access-list extended "KW-in"
10 permit ip 10.60.210.0 0.0.0.255 10.60.212.0 0.0.0.255 log
20 permit ip 10.60.211.0 0.0.0.255 10.60.212.0 0.0.0.255 log
30 permit ip 10.60.213.0 0.0.0.255 10.60.212.0 0.0.0.255 log
40 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "KW-out"
10 permit ip 10.60.212.0 0.0.0.255 10.60.210.0 0.0.0.255 log
20 permit ip 10.60.212.0 0.0.0.255 10.60.211.0 0.0.0.255 log
30 permit ip 10.60.212.0 0.0.0.255 10.60.213.0 0.0.0.255 log
40 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 1000
name "KWTransfer-Test"
tagged A5,A11-A12,Trk1
ip access-group "KW-in" in
ip access-group "KW-out" out
ip address 10.60.212.254 255.255.255.0
exit
where is my mistake? For information, the devices do not sit directly on the switch but are still distributed to other switches.
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-28-2018 12:36 AM - edited 02-28-2018 01:21 AM
02-28-2018 12:36 AM - edited 02-28-2018 01:21 AM
Re: Problem with Extended ACL
Basically ACL's work at Layer 3.... have you called these ACL's on layer 3 interfaces..? If yes, are those ports serving the purpose of blocking/allowing traffic to respective source & destinations.
As your query seems to be configuration assitance. You may either contact our pre-sales team or open a support case if you believe configuration is not expected as per document,
Please refer documents below for respective switches.
5800 series : https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02647469
5400 series : https://support.hpe.com/hpsc/doc/public/display?docId=c04943057
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2022 Hewlett Packard Enterprise Development LP