- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: ACLs For 5406zl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2013 04:23 PM
01-29-2013 04:23 PM
I have a network with one 5406zl switch and about 20 2520 switches.
So many VLANs were configured on the network, one of them VLAN 15 (10.15.0.0/16) and another one is VLAN 70 (10.70.0.0/16)
I have been asked to enable the communication between one host on VLAN 15 (10.15.0.1) and one host on VLAN 70 (10.70.0.5) only, and prevent any other communication between these two VLANs and any other VLANs.
since I'm new with the whole ACL concept, I have been trying but i couldn't find the right way to do it.
Could I do it on this network ?
and HOW !!
Thanks in advance
Solved! Go to Solution.
- Tags:
- 5406. routing
- ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2013 05:27 AM
01-30-2013 05:27 AM
SolutionHi,
1/ define ACLs in global config
ip access-list extended acl-v0015-in
# allow traffic between 2 hosts
permit ip host 10.15.0.1 host 10.70.0.5
# no more commands required, last (implicit rule) is to drop all other traffic
ip access-list extended acl-v0070-in
permit ip host 10.70.0.5 host 10.15.0.1
2/ Link the ACLs to the routed VLAN interfaces on the Core, these apply to the INBOUND direction from the core point of view:
vlan 15
ip access-group acl-v0015-in in
vlan 70
ip access-group acl-v0070-in in
That should be it,
Best regards,Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2013 10:09 AM
01-30-2013 10:09 AM
Re: ACLs For 5406zl
Dear Peter;
but in this case i'll prevent any traffic between hosts in the same VLAN ,, right ?
how would i allow the communication between the hosts in vlan 70 ??
thanx in advance .. :-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2013 01:11 PM
01-30-2013 01:11 PM
Re: ACLs For 5406zl
Hi,
No, the provided configuration will only block traffic between vlans (routed traffic), not the traffic inside the vlan (switched traffic).
So the hosts inside v70 will be able to connect to each other, and the hosts inside the other vlan can also connect to each other, only traffic between the vlans is filtered by the acl.
If you do want to filter the switched traffic, you have to use this command:
vlan x
ip access-group acl-name vlan
The vlan keyword means the acl is applied to the switched traffic (host to host inside this vlan)
Best regards,Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2013 10:48 PM
02-02-2013 10:48 PM
Re: ACLs For 5406zl
Thank you peter :-)
it worked fine :)