- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- 5406zl ACLs HELP!!!
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2010 02:42 AM
04-19-2010 02:42 AM
5406zl ACLs HELP!!!
I'm working with a HP Procurve 5406zl and I need to add an Access List in some ips, but it's impossible 'cause always when allocate the ACL to the VLAN the network fall :(.
The mask's lan it´s a /22 (255.255.252.0).
Ok... These following IPs "10.128.180.19, 10.128.180.105 and 10.128.180.41" ONLY will have to access to 10.128.183.226
And... These following IPs "10.128.180.14 and 10.128.180.12" ONLY will have to access to 10.128.183.227.
How should the ACL would have to create?
Many thanks in advance and greetings from Spain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2010 05:39 AM
04-19-2010 05:39 AM
Re: 5406zl ACLs HELP!!!
In my opinion the ACLs work only on interVLAN traffic.
In other words the ACLs filter the traffic that flows from a VLAN to another VLAN (routing must be active on switch)
The rule you want is a more a firewall rule than a ACL.
Someone else agrees with me?
Regards
Massimo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2010 09:57 PM
04-19-2010 09:57 PM
Re: 5406zl ACLs HELP!!!
Yeap... I know... it's a Firewall Rule.. but in my work don't use a Firewall.. but ALL the traffic passing by an ONLY vlan (180).
So... this was my 'extended access list':
6 deny ip 0.0.0.0 255.255.255.255 10.128.183.227 0.0.0.0
7 deny ip 0.0.0.0 255.255.255.255 10.128.183.226 0.0.0.0
10 permit ip 10.128.180.41 0.0.0.0 10.128.183.226 0.0.0.0
11 permit ip 10.128.180.105 0.0.0.0 10.128.183.226 0.0.0.0
20 permit ip 10.128.180.14 0.0.0.0 10.128.183.227 0.0.0.0
21 permit ip 10.128.180.12 0.0.0.0 10.128.183.227 0.0.0.0
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
And it was applied to the VLAN:
vlan 180
name "PCs Impresoras"
untagged B1-B17,B19-B24,C1-C12,D1,D3,D5,D7,D12-D13,D17
ip address 10.128.180.8 255.255.252.0
tagged Trk1-Trk5,Trk10
ip access-group "Firewall Impresoras" in
ip access-group "Firewall Impresoras" out
ip access-group "Firewall Impresoras" connection-rate-filter
exit
Is this OK? What's wrong?
Thanks a lot in advance....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2010 02:15 AM
04-20-2010 02:15 AM
Re: 5406zl ACLs HELP!!!
Anyway, I gave a look to Access Security Guide (K.14.52), page 10-11 (terminology):
the filtered traffic is always inbound on something.
Your traffic is in the same VLAN, so It is not suitable for RACL or VACL.
In my opinion you should do the task with static port ACL (page 10-87).
Ciao
Massimo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2010 04:01 AM
04-20-2010 04:01 AM
Re: 5406zl ACLs HELP!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2010 03:19 AM
04-21-2010 03:19 AM
Re: 5406zl ACLs HELP!!!
Thanks 4 your reply Pamela, but your solution doesn't work :(. I've delete the two first lines but all the IP's can reach/ping the 'supposed restricted IPs' :(.
Grazie Mille Massimo... with your comment I've discover the 'port-security' command and sounds really cool.. 'cause I can autorized MACs by ports and I guess it might be a good solution for what I want.
I'll tell you if it works ;)
Davvero ... molte grazie per la tua collaborazione.
Cheers from Madrid.
Mariano.