ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

ACL for Internet Access Only

PO_Support
Visitor

ACL for Internet Access Only

Hi all,

Just wounding if anyone could help me out as im new to ACL's on HP switches.

I have a guest wifi network 10.61.35.0/24 which is vlan 35.

I want create an ACL and apply it to vlan 35 so it ONLY can have access to the internet. (HTTP, HTTPS, DNS)

I do not want vlan 35 to have any access to our internal network.

All help will be highly appreciated.

Thank you

 

4 REPLIES
16again
Respected Contributor

Re: ACL for Internet Access Only

Which switch type?
Without any prior knowledge, I'd first try to add extra VLAN35 to the firewall, and do filtering/blocking on the firewall.

PO_Support
Visitor

Re: ACL for Internet Access Only

Hi there,

I’m running a HP Switch 5406zl (J8697A).

Unfortunately in our scenario we need to block it from the switch.

PO_Support
Visitor

Re: ACL for Internet Access Only

I would like to create an ACL something like this if possible?

ip access-list extended "GuestWIFI"
   permit HTTP
   permit HTTPS
   permit DNS
   deny ALL

All help would be highly appreciated.

16again
Respected Contributor

Re: ACL for Internet Access Only

That way, guests still have access to internal webservers (=management of most devices) and dns.  Expanding your setup , blocking all rfc1918 addresses, and allowing ping to defaultGW:


ip access-list extended "GuestWIFI"
  permit icmp dest <DG IP>
  deny ip dest 10.0.0.0/8
  deny ip 192.168.0.0/16
  deny ip dest 172.16.0.0/12
   permit HTTP
   permit HTTPS
   permit DNS
   deny ALL