Improve my ACL's configuration

fouji · ‎03-27-2021

Hello,

Excuse me for my english, but I'm French

I would like to improve my ACL configuration

My switches are HPE FlexNetwork 5510 (JH148A) and use Comware firmware.

My Network is :

Hyper-V servers' Network > Vlan 5 : 192.168.5.0

My servers' Network > Vlan 6 : 192.168.6.0

My users' Network > Vlan 7 : 192.168.7.0

My current ACL' s configuration is :

system-view
> acl number 3000
rule 10 permit IP destination 192.168.5.0 0.0.0.255
rule 11 permit IP destination 192.168.6.0 0.0.0.255
rule 20 deny IP


interface vlan-interface 5
packet-filter 3000 inbound

The active directory's server is currently in the vlan 7. The IP address of this server is 192.168.7.80

Please could you tell me how allow the Hyper-V's server to authenticate with this LDAP's server.

I tried :

system-view
> acl number 3000
rule 10 permit IP destination 192.168.5.0 0.0.0.255
rule 11 permit IP destination 192.168.6.0 0.0.0.255
rule 12 permit tcp source 192.168.7.80 0 source-port eq 389
rule 13 permit udp source 192.168.7.80 0 source-port eq 389 
rule 20 deny IP

interface vlan-interface 5
packet-filter 3000 inbound

I also tried :

system-view
> acl number 3000
rule 10 permit IP destination 192.168.5.0 0.0.0.255
rule 11 permit IP destination 192.168.6.0 0.0.0.255
rule 12 permit tcp source 192.168.7.80 0 source-port eq 389
rule 13 permit udp source 192.168.7.80 0 source-port eq 389
rule 14 permit tcp source 192.168.5.0 0.0.0.255 source-port eq 389
rule 15 permit udp source 192.168.5.0 0.0.0.255 source-port eq 389 
rule 20 deny IP

interface vlan-interface 5
packet-filter 3000 inbound

But that didn't work

Please, I would like the Hyper-V can autheticate on Active Directory's server without this server being able to access the vlan 5 ?

Thank you for your help

Regards,

akg7 · ‎04-23-2021

Hello,

Have you got the solution or issue is till present?

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company

fouji · ‎04-26-2021

hello,

No, I haven't got the solution.

Thanks

akg7 · ‎05-07-2021

Hello,

What is the LDAP server config configured in switch?

Have you configured AAA in the switch?

https://techhub.hpe.com/eginfolib/networking/docs/switches/5130ei/5200-3946_security_cg/content/485048043.htm

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Improve my ACL's configuration

Improve my ACL's configuration

Re: Improve my ACL's configuration

Re: Improve my ACL's configuration

Re: Improve my ACL's configuration