Stateful fw beetwen vlans on 5406R switch

santomas · ‎06-21-2019

I have problem with SWITCH HPE 5406Rzl

configuration for Router is ok

Hi, can anyone explain me why I can not connect to 10.100.10.3 from 10.200.200.200 when ACL10_in is applied on switch?

I think I can not connect because it is stateless fw on switch?

I see option ip access-group ACL10_in (in, out vlan-in), I made few combination with in, out vlan-in but without any results

jguse · ‎06-23-2019

Hello,

Please check the ACL10_in rules. You are permitting the host on VLAN 10 to communicate only with the host on VLAN 20, but not with the host 10.200.200.200. Adding a rule to ACL10_in to permit traffic to host 10.200.200.200 should resolve the issue.

Best regards,
Justin

Working @ HPE

santomas · ‎07-02-2019

Thank you jguse for your reply.

I know when I put :

ACL10_in

permit ip host 10..100.10.3 host 10.100.20.5

permit ip host 10.100.10.3 host 10.200.200.200 #this traffic is initiated from 10.200.200.200 and this ACE is for return traffic

but I don't want to doubled my acl.

for ex.

ACL10_in

permit ip host 10..100.10.3 host 10.100.20.5

permit ip host 10.100.10.3 host 10.200.200.200

ACL20_in

permit ip 10.100.20.0 0.0.0.255 10.200.200.0 0.0.0.255

ACLs above permit traffic initieted from 10..100.10.3 to 10.100.20.5 but not return traffic from 10.100.20.5 to 10.100.10.3

there is needed second entry in ACL20_in permt ip host 10.100.20.5 host 10.100.10.3 for return traffic.,

But I don't want to create two entries one for outcoming and second for incoming traffic for every particulary traffic.

Stateful fw beetwen vlans on 5406R switch

Stateful fw beetwen vlans on 5406R switch

Re: Stateful fw beetwen vlans on 5406R switch

Re: Stateful fw beetwen vlans on 5406R switch

Hewlett Packard Enterprise International