Hello
The first thing that may be a problem is the order of the ACL rules. The rules are processed top down and as soon as a rule is matched the action is performed and the remaining rules are not evaluated. For this reason you should put more specific rules at the top of the ACL.
In your case you have deny ip host 192.168.152.112 any as a first rule and permit ip host 192.168.152.112 host 192.168.152.102 as a second rule.
The first rule is more general and it catches packets matching the second rule. So if a packet with source IP 192.168.152.112 and destination IP 192.168.152.102 is seen by the switch only the first rule (deny) will be triggered and the packet denied. So you should reverse the order.
You are not writing if this ACL was applied (ip access-group command), how it was applied. You can apply it on a physical port or a VLAN. Inbound or outbound direction. On a VLAN you can apply it to routed or switched traffic. Many things depend on how the ACL was applied.
You should also keep in evaluate if your ACL should be permitting traffic in both directions or only in one. If you are allowing traffic from A to B, it doesnt mean that traffic from B to A is also allowed. But this also depends on where the ACL is applied and in which direction.
If you want to learn more about the ACLs on the 2930 switches, you can check the Access Security Guide, Chapter 12 Access Control List.
Please note that there may be another way to achieve what you want. You can filter traffic based on port number and not IP addressing. If you have a single host per port this may also be an option, please check in the same manual chapter 25 Source port filter.
Hi!
ACLs are used against traffic routed incoming/outgoing related VLANs (inter-VLANs) and don't apply for traffic among hosts within the very same VLAN...my bad...with VLAN ACL it's possible...eventually document yourself about the alternate Private VLAN technique used to segregate traffic between hosts residing into a particular VLAN.
Have a look here.
I'm not an HPE Employee
