- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- VLAN ACL HP 2920-48G
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-25-2016 01:35 AM
03-25-2016 01:35 AM
VLAN ACL HP 2920-48G
I have two VLAN. VLAN100 and VLAN200.
VLAN100 should have access to 192.168.20.0/24, 192.168.0.0/24 and block all other 192168.0.0/16 ,172.16.0.0/16 and 10.0.0.0/8 networks and allow Internet access.
VLAN200 should not have access to nothing, only replie to traffic coming from VLAN100.
I am trying to ping from VLAN100 to VLAN200 but with out success.
hostname "HP-2920-48G" module 1 type j9728a ip access-list extended "vlan100" 10 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 100 permit ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 300 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255 log 310 deny ip 0.0.0.0 255.255.255.255 172.16.0.0 0.0.255.255 log 320 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 log 400 permit ip 192.168.0.0 0.0.0.255 0.0.0.0 255.255.255.255 exit ip access-list extended "vlan200" 10 permit ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255 exit ip default-gateway 192.168.0.1 ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip routing snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" no untagged 1,20 untagged 2-19,21-48 no ip address exit vlan 100 name "VLAN100" untagged 1 ip access-group "vlan100" vlan-in ip address 192.168.0.205 255.255.255.0 exit vlan 200 name "VLAN200" untagged 20 ip access-group "vlan200" vlan-in ip address 192.168.20.1 255.255.255.0 exit no autorun no dhcp config-file-update no dhcp image-file-update password manager
What is the right solution for my access-list?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-25-2016 01:55 AM
03-25-2016 01:55 AM
Re: VLAN ACL HP 2920-48G
I think i have solved the problem.
ip access-list extended "vlan200" 10 permit ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255 20 permit icmp 192.168.20.0 0.0.0.255 0.0.0.0 255.255.255.255 100 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 established 900 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP