- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 5900AF ACLs
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
5900AF ACLs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-13-2018 12:13 PM
01-13-2018 12:13 PM
5900AF ACLs
5900AF ACLs
Hello Everyone!
I need to do the following
I have 2 VANs (VLAN 1 and VALAN 2) and I need RDP access bidirectional between 2 specific hosts of those 2 VlANs. VLAN1 is routable VLAN 2 is not
I made the following configiration:
interface Vlan-interface1
ip address 192.168.2.250 255.255.255.0
packet-filter 3001 inbound
acl number 3001
rule 10 permit tcp source 192.168.1.50 0 destination 192.168.2.50 0 destination-port eq 3389
rule 50 deny ip any
With this configuration i have RDP access from 192.168.1..50 but not the oposite
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-15-2018 01:30 AM - edited 01-15-2018 01:31 AM
01-15-2018 01:30 AM - edited 01-15-2018 01:31 AM
Re: 5900AF ACLs
Re: 5900AF ACLs
Hi,
the reverse will not work because you have only allowed destination port 3389, and when your client/server roles are reversed, the destination will be a different port, typically a random port (you can read more about how ports should be assigned in RFC 6335 https://tools.ietf.org/html/rfc6335) . The switch ACL is just looking at each single packet, it does not keep track of established connections.
In your case, when the destination port is not 3389 (which a random port should never be) inbound on vlan 1, the packet (the answer from the server) will be blocked. (see drawings)
You don't have any nice solutions to this. But,
1: you could allow all ports. This would make it work.
2: Maybe you could force your RDP client to initiate on a specific (not random) port, and then allow that port aswell.
Regards.
Region Midtjylland
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP