- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 5308xl acls/vlan setup
Switches, Hubs, and Modems
1752268
Members
4673
Online
108786
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2007 07:47 AM
тАО02-23-2007 07:47 AM
5308xl acls/vlan setup
I am trying to get ACLs working on our 5308xl switch to filter traffic to a couple of servers we have located on the switch. The switch is connected by uplink over a standard ethernet cross over to our core router ATM.
I have created a couple ACLs to filter traffic from specific IPs but this only seems to apply to the management interface IP. I am guessing this is because the box is not performing routing of any kind, so I setup an additional vlan 2 with an IP/mask of 10.252.252.254 255.255.255.0. And untagged the port I had a laptop on B24 in this case for testing. I also set a default gateway of 10.1.1.1 and enabled ip routing. The laptop on vlan2 can ping the vlan2 gateway, but does not route packets past that, and setting a static route for the 10.252.252.0/24 subnet on a machine which is not on the switch and is using the 10.1.1.1 does not allow that machine to ping vlan2's IP of 10.252.252.254.
I have very little experience with vlans and any help would be much appreciated. Thanks.
I have created a couple ACLs to filter traffic from specific IPs but this only seems to apply to the management interface IP. I am guessing this is because the box is not performing routing of any kind, so I setup an additional vlan 2 with an IP/mask of 10.252.252.254 255.255.255.0. And untagged the port I had a laptop on B24 in this case for testing. I also set a default gateway of 10.1.1.1 and enabled ip routing. The laptop on vlan2 can ping the vlan2 gateway, but does not route packets past that, and setting a static route for the 10.252.252.0/24 subnet on a machine which is not on the switch and is using the 10.1.1.1 does not allow that machine to ping vlan2's IP of 10.252.252.254.
I have very little experience with vlans and any help would be much appreciated. Thanks.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2007 08:52 AM
тАО02-23-2007 08:52 AM
Re: 5308xl acls/vlan setup
Have you enabled 'ip routing'? It needs to be enabled for ACL's to function on the 5300. ACL's only apply to traffic that is being routed on this switch.
If you can attach your running-config and a quick network map - it would certainly help someone here to give you an answer on this.
If you can attach your running-config and a quick network map - it would certainly help someone here to give you an answer on this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2007 09:57 AM
тАО02-23-2007 09:57 AM
Re: 5308xl acls/vlan setup
; J4819A Configuration Editor; Created on release #E.10.52
hostname "HP ProCurve Switch 5308xl"
module 1 type J4821A
module 4 type J4907A
module 5 type J4907A
module 6 type J4907A
module 3 type J4821A
module 7 type J4878A
module 2 type J4820A
ip default-gateway 10.1.1.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A4,B1-B24,C1-C4,D1-D16,E1-E16,F2-F16,G1-G4
ip address dhcp-bootp
exit
vlan 2
name "VLAN 200"
untagged F1
ip address 10.252.252.254 255.255.255.0
exit
------------
address assigned through dhcp for the switch is 10.3.1.243
the swich as stated before is connected to our core router where the 10.1.1.1 gateway is also connected
Thanks again.
hostname "HP ProCurve Switch 5308xl"
module 1 type J4821A
module 4 type J4907A
module 5 type J4907A
module 6 type J4907A
module 3 type J4821A
module 7 type J4878A
module 2 type J4820A
ip default-gateway 10.1.1.1
ip routing
vlan 1
name "DEFAULT_VLAN"
untagged A1-A4,B1-B24,C1-C4,D1-D16,E1-E16,F2-F16,G1-G4
ip address dhcp-bootp
exit
vlan 2
name "VLAN 200"
untagged F1
ip address 10.252.252.254 255.255.255.0
exit
------------
address assigned through dhcp for the switch is 10.3.1.243
the swich as stated before is connected to our core router where the 10.1.1.1 gateway is also connected
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2007 07:07 PM
тАО02-23-2007 07:07 PM
Re: 5308xl acls/vlan setup
Hi
When IP Routing enabled on a Routing Switch, the default gateway is meanless.
I don't think with your posted configuration the 5300 can ping our Core Router 10.1.1.1, unless you add a static route to it because your Vlan1 IP in different subnet from your Core subnet unless you have /8 subnet which also have a problem in this case because it will overlap with your Vlan2 subnet.
My suggestion is, to assign a static IP to your Vlan 1 and be sure it can reach your Core then show us what are the filters you need by the use of ACLs, where are the servers located (What Vlan) and what do you want to filter exactly?
A network map will also help to understand your topology.
Good Luck !!!
When IP Routing enabled on a Routing Switch, the default gateway is meanless.
I don't think with your posted configuration the 5300 can ping our Core Router 10.1.1.1, unless you add a static route to it because your Vlan1 IP in different subnet from your Core subnet unless you have /8 subnet which also have a problem in this case because it will overlap with your Vlan2 subnet.
My suggestion is, to assign a static IP to your Vlan 1 and be sure it can reach your Core then show us what are the filters you need by the use of ACLs, where are the servers located (What Vlan) and what do you want to filter exactly?
A network map will also help to understand your topology.
Good Luck !!!
Science for Everyone
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP