Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

MSR2003 Guest VLAN 20 only access to internet

PeoplesProjects
Occasional Contributor

MSR2003 Guest VLAN 20 only access to internet

Hi,

i have a HPE MSR2003 router where i have created 2 subinterfaces:

-G0/0.10 192.168.10.0/24

-G0/0.20 Guest   192.168.20.0/24

Now i want to provide guest only access to the internet and not be able to communicate with the 192.168.10.0 network.

I have created an access-list:

-[PP-R1]access-list advanced 3001

-[PP-R1-acl-ipv4-adv-3001]rule 0 deny ip source 192.168.20.0 0.0.0.255 destinatio
n 192.168.10.0 0.0.0.255

[PP-R1-acl-ipv4-adv-3001]rule 5 permit ip source any destination any

and was trying to add this to the G0/0.10 interface.

-[PP-R1-acl-ipv4-adv-3001]int g0/0.10

-[PP-R1-GigabitEthernet0/0.10]packet-filter 3001 inbound

without success.

Any ideas what i was doing wrong?