HPE Community
LAN Routing
1753760 Members
4908 Online
108799 Solutions
New Discussion

Re: acl switch procurve 5406zl

 
audit69005
Occasional Visitor

‎02-24-2017 03:07 AM

‎02-24-2017 03:07 AM

acl switch procurve 5406zl

I block on setting up ACL on our hp switch procurve 5406zl.
On the switch the ip routing is activated and all the vlans have an address so all the vlans communicate with each other. I would therefore like to set up communication restrictions between vlan on the switch.
I have 2 vlan (vlan 4 and vlan 10); On the vlan 4 I have a machine in 192.168.4.157 and on the vlan 10 I have a machine in 192.168.10.1. I wish that these machines no longer communicate in ping icmp.
So I wrote the following acl rule

Ip access-list extended drop_icmp_vlan10
Deny icmp host 192.168.4.157 host 192.168.10.1
Vlan 10 ip access-group drop_icmp_vlan10 in

Paf against this rule also prohibits the ping from other machines of the vlan4.

Have you ever encountered this problem?

0 Kudos
1 REPLY 1
Vince-Whirlwind
Honored Contributor

‎02-26-2017 08:50 PM

‎02-26-2017 08:50 PM

Re: acl switch procurve 5406zl

I don't know what "paf" means, so I'm not sure what you are saying, but you've got your acl line the wrong way around.

It should be
vlan 4 ip access-group drop_icmp in.

And maybe there's an implicit deny at the end, so you would need to add allow ip any any at the end

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.