- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- ip routing and acl default behavior
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2018 04:09 AM
02-28-2018 04:09 AM
ip routing and acl default behavior
Hello,
I'm bit new to HP switching and because I have acute problem I have to ask quick and some what easy question:
I have two 5406 stacked together acting also dhcp-service, default gateways and IGMP Querier for 9 vlan's.
There is "ip routing" enabled in stack with "ip route 0.0.0.0 0.0.0.0 10.170.92.1" command wich seems to define gateway to wan...
Also there is extended acl's for every vlan (assigned in int vlan xx configuration with command "ip access-group ACLxx in") where I try to isolate couple vlan's totally from network that they cannot be seen outside their own vlan. Stack should only act as an igmp querier and dhcp-server for those "isolated vlans".
Thoug I have denied icmp (eg. ping) between 10.10.10.0/24 network (wich lives in vlan 10 with stack configured ip 10.10.10.1) and 10.10.20.0/20 (wich lives vlan 20 with stack configured ip 10.10.20.1)
There is proper IGMP denial ACL rule is in both vlans (1 deny icmp 10.10.x.0 0.0.255.255 0.0.0.0 255.255.255.255) but still I can ping client 10.10.10.130 from client 10.10.20.250(?!?!?!?)
Questions are:
By default, does "ip routing" feature create routers between all connected networks in stack or do I have some kind of misconfiguration? (where do i find documentation about this? Is there command reference for cli of this switching os?)
What is default behavior of extended ACL? If there is no matching configuration line in acl, does acl drop packet or pass it forward by default?
I will be really appreciated if somebody can answers these qustions!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2018 02:06 AM
03-04-2018 02:06 AM
Re: ip routing and acl default behavior
Have to answer to myself...
Yes, by default ip routing feature creates routes between every connect ip networks and floods traffic between vlans
ACL, when applied to port/vlan/etc, will drop packet if no matching permit ace are found.