HPE Community
Aruba & ProVision-based
1753416 Members
5119 Online
108793 Solutions
New Discussion

Creating ACL on HP 5400

 
Ronniemerr08
Occasional Contributor

‎10-09-2015 02:59 PM

‎10-09-2015 02:59 PM

Creating ACL on HP 5400

I'm looking for some advice on creating and applying an ACL on one of our HP 5400's. 

 

Here's the scenario:

I need to create an ACL to deny certain networks from accessing port 8443 on one of our servers and allow everyone else. I'm not sure if it'd be a VLAN ACL, because some of the users I need to block are on the same VLAN/network as the server itself. I've been playing around with a VLAN ACL and even placing the ACL on the port the server is connected to using a single test IP, but no luck

 

Here's what I've been trying:

>ip access-list extended Block_8443

>deny TCP host (test machine IP) host (server IP address) eq 8443

>permit ip any any

> vlan # ip access-group Block_8443 out

 

The test machine IP is on a completely different network than the server. With the ACL applied, from that PC I can get to the server's webpage on port 8443. I even tried just putting deny IP host (test machine IP) host (server IP address) in the ACL, but I can still get to the server from that PC.

 

Any advice?

0 Kudos
1 REPLY 1
Ronniemerr08
Occasional Contributor

‎10-09-2015 04:19 PM

‎10-09-2015 04:19 PM

Re: Creating ACL on HP 5400

After some testing, I did figure this out. I guess I just needed to apply it to the VLAN with the server as a VLAN ACL (if that makes sense).

 

Here's what worked for me:

 

>ip access-list extended Block_8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

 

>permit ip any any

 

>vlan # ip access-group Block_8443 vlan

 

Hope this helps anyone having the same issue I did.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.