ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Creating ACL on HP 5400

Ronniemerr08
Occasional Contributor

Creating ACL on HP 5400

I'm looking for some advice on creating and applying an ACL on one of our HP 5400's. 

 

Here's the scenario:

I need to create an ACL to deny certain networks from accessing port 8443 on one of our servers and allow everyone else. I'm not sure if it'd be a VLAN ACL, because some of the users I need to block are on the same VLAN/network as the server itself. I've been playing around with a VLAN ACL and even placing the ACL on the port the server is connected to using a single test IP, but no luck

 

Here's what I've been trying:

>ip access-list extended Block_8443

>deny TCP host (test machine IP) host (server IP address) eq 8443

>permit ip any any

> vlan # ip access-group Block_8443 out

 

The test machine IP is on a completely different network than the server. With the ACL applied, from that PC I can get to the server's webpage on port 8443. I even tried just putting deny IP host (test machine IP) host (server IP address) in the ACL, but I can still get to the server from that PC.

 

Any advice?

1 REPLY
Ronniemerr08
Occasional Contributor

Re: Creating ACL on HP 5400

After some testing, I did figure this out. I guess I just needed to apply it to the VLAN with the server as a VLAN ACL (if that makes sense).

 

Here's what worked for me:

 

>ip access-list extended Block_8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

>deny tcp x.x.x.x/24 host <server ip> eq 8443

 

>permit ip any any

 

>vlan # ip access-group Block_8443 vlan

 

Hope this helps anyone having the same issue I did.