Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ACL for VLANs

SOLVED
Go to solution
Superdust
Advisor

ACL for VLANs

I got some Procurve 2610 and some older 2626m switches in a network.

I would like to make some access lists for some of the VLANs on these.

I want only port (tcp/udp) 20-23, 25, 37, 53, 80, 110 and 443 and the packets necessary for ethernet to work? To pass through.
This filter should only apply to certain IP addresses. For the others all should be open as before.

How would I achieve this?

I also have some Cisco 3560s in the network...
1 REPLY
Pieter 't Hart
Honored Contributor
Solution

Re: ACL for VLANs

depends on which device does the routing in your network
you need a router to forward traffic between vlan's.
one of your switches can be the current router?
but the 2610 cannot apply acl's to vlan's only to ports.
the 3560 can do the job, but maybe you got another

look at the 3500 series Access Security Guide

http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ASG-Jan08-K_13_01.pdf

Routed IP Traffic ACL (RACL). An RACL is an ACL configured on a VLAN
to filter routed IP traffic entering or leaving the switch on that interface, as
well as IP traffic having a destination on the switch itself. (Except for filtering
IP traffic to an IP address on the switch itself, RACLs can operate only while
IP routing is enabled. Refer to â Notes on IP Routingâ on page 10-25.)
VLAN ACL (VACL). A VACL is an ACL configured on a VLAN to filter IP
traffic entering the switch on that VLAN interface and having a destination on
the same VLAN.
Static Port ACL. A static port ACL is an ACL configured on a port to filter
IP traffic entering the switch on that port, regardless of whether the IP traffic
is routed, switched, or addressed to a destination on the switch itself.