HPE Community
Switches, Hubs, and Modems
1752680 Members
5584 Online
108789 Solutions
New Discussion юеВ

Re: ACCESS LIST ON HP PROCURVE 5304XL

 
Eskinder Mesfin
Occasional Advisor

тАО10-23-2009 10:02 PM

тАО10-23-2009 10:02 PM

ACCESS LIST ON HP PROCURVE 5304XL

i just set up hp procurve 5304xl as a coreswitch and configure vlan and ip routing on it.There is one vlan for servers /hosted vlan/ and 5 others vlan,like vlan 100,200,300... what i want is , i want to restrict vlan 200 to access only two servers
from the servers/hosted vlan.
hosted vlan is 10.1.1.0/24 subnet
the other vlan are in 10.1.[2/3/4/5].0/24 subnet
so i created an access list like
ip accesslist exten 110
deny ip 10.1.4.0/24 10.1.1.4/24
deny ip 10.1.4.0/24 10.1.1.8/24
permit ip any any
exit
and apply this to hosted vlan
like
vlan 1 ip access-gr 110 in

but it does not work what shall i do
0 Kudos
4 REPLIES 4
Shadow13
Respected Contributor

тАО10-24-2009 03:57 AM

тАО10-24-2009 03:57 AM

Re: ACCESS LIST ON HP PROCURVE 5304XL

ip accesslist exten 110
deny ip 10.1.4.0/24 10.1.1.4/24
deny ip 10.1.4.0/24 10.1.1.8/24
permit ip any any


by this you denied 10.1.4.0/24 subnet from accessing 10.1.1.4 and 10.1.1.8 and access any other ip

can you please tell me exactly what subnets you want to deny.
and please post your vlan configuration.

"i want to restrict vlan 200 to access only two servers
from the servers/hosted vlan. "

from this i understand that you want vlan 200 to only access 2 servers, is that right ?

0 Kudos
Eskinder Mesfin
Occasional Advisor

тАО10-25-2009 10:27 PM

тАО10-25-2009 10:27 PM

Re: ACCESS LIST ON HP PROCURVE 5304XL

Here is my configurations attached and i want to restrict vlan 200 /10.1.2.0/24 subnet from accessing the server with ip address 10.1.1.2 and allow any other.PLz help me how i should protect these subnet from accessing that server.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-26-2009 07:51 AM

тАО10-26-2009 07:51 AM

Re: ACCESS LIST ON HP PROCURVE 5304XL

>>>
ip access-list extended "110"
exit
ip access-list extended "120"
deny ip 10.1.2.1 0.0.0.255 10.1.1.2 0.0.0.0
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 100
ip access-group "100" in
exit
<<<

There is some mismatch here....
ACL-110 is empty
ACL-120 is not referred to (in attached config)
ACL-100 does not exist

you may want to change
vlan 100
ip access-group "100" in
to
vlan 100
ip access-group "120" in


Pieter
0 Kudos
cenk sasmaztin
Honored Contributor

тАО10-26-2009 11:03 AM

тАО10-26-2009 11:03 AM

Re: ACCESS LIST ON HP PROCURVE 5304XL

please test this config

ip access-list extended "120"
deny ip 10.1.2.0 0.0.0.255 10.1.1.2 0.0.0.0
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
module 2 type J4878B
module 1 type J4907A
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "INTERNET"
untagged A1,A3-A16,B1-B4
ip address 10.1.0.2 255.255.255.0
no untagged A2
exit
vlan 100
name "HOSTEDSEV"
ip address 10.1.1.1 255.255.255.0
tagged A1,A14
exit
vlan 200
name "OTS"
untagged A2
ip address 10.1.2.1 255.255.255.0
ip helper-address 10.1.1.4
ip helper-address 10.1.0.1
tagged A1,A14
ip access-group "120" in
exit
vlan 300
name "4_AFRI"
ip address 10.1.3.1 255.255.255.0
ip helper-address 10.1.1.4
ip helper-address 10.1.0.1
tagged A1,A14
exit
vlan 400
name "ACCESS"
ip address 10.1.4.1 255.255.255.0
ip helper-address 10.1.1.4
ip helper-address 10.1.0.1
tagged A1,A14
exit
vlan 500
name "eZ_call"
ip address 10.1.5.1 255.255.255.0
ip helper-address 10.1.1.4
ip helper-address 10.1.0.1
tagged A1,A14
exit
ip route 0.0.0.0 0.0.0.0 10.1.0.1
router rip
exit
password manager
cenk

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.