LAN Routing

ip routing and acl default behavior

Occasional Advisor

ip routing and acl default behavior


I'm bit new to HP switching and because I have acute problem I have to ask quick and some what easy question:

I have two 5406 stacked together acting also dhcp-service, default gateways and IGMP Querier for 9 vlan's.

There is "ip routing" enabled in stack with "ip route" command wich seems to define gateway to wan...

Also there is extended acl's for every vlan (assigned in int vlan xx configuration with command "ip access-group ACLxx in") where I try to isolate couple vlan's totally from network that they cannot be seen outside their own vlan. Stack should only act as an igmp querier and dhcp-server for those "isolated vlans".

Thoug I have denied icmp (eg. ping) between network (wich lives in vlan 10 with stack configured ip and (wich lives vlan 20 with stack configured ip 

There is proper IGMP denial ACL rule is in both vlans (1 deny icmp 10.10.x.0 but still I can ping client from client!?!?!?)

Questions are:

By default, does "ip routing" feature create routers between all connected networks in stack or do I have some kind of misconfiguration? (where do i find documentation about this? Is there command reference for cli of this switching os?)

What is default behavior of extended ACL? If there is no matching configuration line in acl, does acl drop packet or pass it forward by default?

I will be really appreciated if somebody can answers these qustions!


Occasional Advisor

Re: ip routing and acl default behavior

Have to answer to myself...

Yes, by default ip routing feature creates routes between every connect ip networks and floods traffic between vlans

ACL, when applied to port/vlan/etc, will drop packet if no matching permit ace are found.