- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 5900AF ACLs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2018 12:13 PM
01-13-2018 12:13 PM
5900AF ACLs
Hello Everyone!
I need to do the following
I have 2 VANs (VLAN 1 and VALAN 2) and I need RDP access bidirectional between 2 specific hosts of those 2 VlANs. VLAN1 is routable VLAN 2 is not
I made the following configiration:
interface Vlan-interface1
ip address 192.168.2.250 255.255.255.0
packet-filter 3001 inbound
acl number 3001
rule 10 permit tcp source 192.168.1.50 0 destination 192.168.2.50 0 destination-port eq 3389
rule 50 deny ip any
With this configuration i have RDP access from 192.168.1..50 but not the oposite
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2018 01:30 AM - edited 01-15-2018 01:31 AM
01-15-2018 01:30 AM - edited 01-15-2018 01:31 AM
Re: 5900AF ACLs
Hi,
the reverse will not work because you have only allowed destination port 3389, and when your client/server roles are reversed, the destination will be a different port, typically a random port (you can read more about how ports should be assigned in RFC 6335 https://tools.ietf.org/html/rfc6335) . The switch ACL is just looking at each single packet, it does not keep track of established connections.
In your case, when the destination port is not 3389 (which a random port should never be) inbound on vlan 1, the packet (the answer from the server) will be blocked. (see drawings)
You don't have any nice solutions to this. But,
1: you could allow all ports. This would make it work.
2: Maybe you could force your RDP client to initiate on a specific (not random) port, and then allow that port aswell.
Regards.
Region Midtjylland