Community
Aruba & ProVision-based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Re: vlan acls

 
BrianCC
New Member

‎04-07-2016 11:51 AM - edited ‎04-07-2016 11:56 AM

‎04-07-2016 11:51 AM - edited ‎04-07-2016 11:56 AM

vlan acls

Hi, I'm trying to prevent vlan 4 (172.26.96.0/22 from accessing all other vlans.

but

I would like vlan 4 to be able to access 172.24.1.4 on udp 67

and

I would like vlan 4 to be able to access the internet default gateway

 

Procurve 5400

 

Thanks,

Brian

0 Kudos
Reply
2 REPLIES 2
Tausif-M
Member

‎04-11-2016 01:13 AM

‎04-11-2016 01:13 AM

Re: vlan acls

Dear

 

Plz try the below..

 

1. for preventing vlan 4 from all other vlans

20 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

2. for allowing vlan 4 to communictae 172.24.1.4 on UDP 67

11 permit udp 0.0.0.0 255.255.255.255 172.24.1.4 0.0.0.0 eq 67

3. For allowing vlan 4 to communicate default gateway

10 permit ip 0.0.0.0 255.255.255.255 X.X.X.X 255.255.255.255

Where X.X.X.X is your Default Gateway.

0 Kudos
Reply
16again
Respected Contributor

‎04-11-2016 10:15 AM

‎04-11-2016 10:15 AM

Re: vlan acls

Try below. Maybe syntax isn;t 100% , but I'm doing too much vendors at the moment
#first, pass dhcp requests:
permit udp any any eq 67
#allow pinging the GW: (assuming .1 is GW)
permit icmp any host 172.26.96.1
#Block other VLANs, assuming they are RFC1918 networks
deny ip any 10.0.0.0  0.255.255.255
deny ip any 192.168.0.0  0.0.255.255
deny ip any 172.16.0.0  0.15.255.255
#Permit internet access
permit ip any any

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.