- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 2910 al ACL
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2009 11:57 AM
тАО06-22-2009 11:57 AM
2910 al ACL
VLAN 10: 192.168.10.0/24
VLAN 20: 192.168.20.0/24
Is it possible to block the traffic from VLAN 10 to VLAN 20, but allow traffic from VLAN 20 to VLAN 10. It seems i need to use the established command in the ACL, but can't seem to get this to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2009 11:42 PM
тАО06-22-2009 11:42 PM
Re: 2910 al ACL
one permitting trafic from vlan10 to vlan20
another permitting trafic from vlan20 to vlan10 "established".
so only reverse traffic from vlan20 to vlan10 is alowed when first a connection was initiated from vlan10.
Pieter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 12:54 AM
тАО06-24-2009 12:54 AM
Re: 2910 al ACL
Thnx for you're reply. However. I don't see why I need 2 ACLs. At this moment VLAN10 & VLAN20 can communicate with eachother, so why should I create an ACL permitting trafic from vlan10 to vlan20?
Do you have an working example from the 2nd ACL? Can't get this to work...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 06:42 AM
тАО06-24-2009 06:42 AM
Re: 2910 al ACL
if you only want to limit acces one way and alow it all the other way, then one acl will do.
BTW I looked deeper in the doc's for the 2900 series but found no reference to acl's or the "established" option; only "port-based access-control".
are you sure the 2910 understands ACL's?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2009 06:57 AM
тАО06-24-2009 06:57 AM
Re: 2910 al ACL
the 2900 series does not seem to include the "2910al".
this has another documentation set in wich acls and "established" are documented.
http://www.hp.com/rnd/support/manuals/2910.htm
is this the model you are referring to ?
Pieter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2009 11:08 PM
тАО06-25-2009 11:08 PM
Re: 2910 al ACL
Thats the model Im referring to.
After playing around for a while I managed to create an access list, that seems to do what i want.
For those of you interested:
ip access-list extended "110"
10 permit tcp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 established
20 permit udp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
30 permit icmp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 0
40 deny icmp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
50 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
60 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
After this I had to bind the ACL to al the interfaces untagged in this vlan. (strange I cant bind it to the VLAN itself).
int 1-12
ip access-group "110" in
exit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2009 11:19 PM
тАО06-25-2009 11:19 PM