Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

A5800 ACL lists and Syslog

Michael A. McKenney
Respected Contributor

A5800 ACL lists and Syslog

My A5820 and two A5800 switches are in IRF.  I have four VLANs (8, 10, 20, 192) configured.   I can route traffic internally between the four VLANs.  My next project is configuring Syslog and ACL lists to control traffic between the VLANs.  I can't find any documentation on setting up syslog.  Do I need separate ACL lists to control traffic going into each VLAN or one ACL list?

 

2 REPLIES
Fredrik Lönnman
Honored Contributor

Re: A5800 ACL lists and Syslog

Syslog is configured under info-center section. Depending on the traffic you'd need to block and to where you could use either separate or the same ACL, we can't really tell you since it depends on what you want to do.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

Michael A. McKenney
Respected Contributor

Re: A5800 ACL lists and Syslog

Most of my trusted servers are in VLAN 192 and VLAN 20.   I have VLAN 8 and 10 that hold external servers like IIS, Citrix, etc.   I want to be able to have SQL traffic from VLAN 8 be permitted into VLAN 192

 

acl number 3000
 hardware-count enable
 rule 10 permit tcp source 216.45.8.2 0 destination 216.45.3.231 0 destination-port eq 1433
 rule 15 permit tcp source 216.45.8.2 0 destination 216.45.3.231 0 destination-port eq 1434
 rule 20 permit udp source 216.45.8.2 0 destination 216.45.3.231 0 destination-port eq 1433
 rule 25 permit udp source 216.45.8.2 0 destination 216.45.3.231 0 destination-port eq 1434

[Americorp-acl-adv-3000]int vlan 192
[Americorp-Vlan-interface192]dis this
#
interface Vlan-interface192
 ip address 216.45.3.254 255.255.255.192
 packet-filter 3000 inbound
#
return