- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: VLAN ACL Filter doesn't work
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2013 11:42 AM
11-18-2013 11:42 AM
VLAN ACL Filter doesn't work
Can't get ACL to work. I have a simple setup with vlans 60-63 and each vlan represents vlan interface below
interface vlan 60
ip address 10.1.60.1 24
interface vlan 61
ip address 10.1.61.1 24
interface vlan 62
ip address 10.1.62.1 24
interface vlan 63
ip address 10.1.63.1 24
All I want to do is to block traffic from VLANs 61-63 to reach VLAN 60. See the config below
acl number 3000
rule deny ip source 10.1.61.0 0.0.0.255 destination 10.1.60.0 0.0.0.255
rule deny ip source 10.1.62.0 0.0.0.255 destination 10.1.60.0 0.0.0.255
rule deny ip source 10.1.63.0 0.0.0.255 destination 10.1.60.0 0.0.0.255
rule deny ip source 10.1.64.0 0.0.0.255 destination 10.1.60.0 0.0.0.255
interface vlan 60
ip address 10.1.60.1 24
packet-filter 3000 outbound
I put a workstation on VLAN 63 and able to ping the vlan interface 60's ip address 10.1.60.1
Please advise!
Thanks,
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2013 05:04 PM
11-18-2013 05:04 PM
Re: VLAN ACL Filter doesn't work
What if you put the rule "inbound" on the VLAN 63 interface instead?
What about other IP addresses on VLAN 60, aside from the router address?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2013 03:02 AM
11-20-2013 03:02 AM
Re: VLAN ACL Filter doesn't work
Hi,
agree with Vince, the test address is not valid, since it belongs to the switch itself (this traffic is not going 'out' on the vlan interface, but handled by the software of the switch).
So I would suggest to try to reach a real host on the remote vlans,
Best regards,Peter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2013 03:26 PM
11-20-2013 03:26 PM
Re: VLAN ACL Filter doesn't work
Thanks Vince and Peter,
I will put a host and test instead of pinging the interface itself.
BTW, is it possible to block the interface as well from pinging?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2013 04:25 PM
11-20-2013 04:25 PM
Re: VLAN ACL Filter doesn't work
For your BTW, an outbound ACL looking for the opposite traffic on VLAN 60 should block it, I guess.