- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: ACL problem on 5300xl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 06:31 AM
тАО03-13-2007 06:31 AM
I only want some hosts to be able to access clients in vlan 21.
See my config, and plz explain why its not working.
Running configuration:
; J4819A Configuration Editor; Created on release #E.10.44
hostname "SE-SW-001"
snmp-server contact " "
snmp-server location "Serverrum"
max-vlans 256
time timezone 60
time daylight-time-rule Middle-Europe-and-Portugal
connection-rate-filter sensitivity low
ip access-list extended "100"
permit ip 10.206.23.42 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.23.50 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.150 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.151 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.152 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.153 0.0.0.0 10.206.21.128 0.0.0.127
exit
module 1 type J4907A
module 2 type J4907A
module 3 type J4907A
ip default-gateway 10.206.22.1
sntp server 207.46.130.100
ip routing
ip arp-age 30
timesync sntp
sntp unicast
vlan 11
name "VLAN11"
untagged A3-A4
ip address 128.1.50.41 255.255.0.0
tagged A1
ip igmp
exit
vlan 22
name "VLAN22"
untagged A5,A8-A14,B1,B3-B10,B12-B16,C1,C3-C10,C12-C16
ip address 10.206.22.254 255.255.255.0
tagged A1
ip igmp
exit
vlan 23
name "VLAN23"
ip address 10.206.23.254 255.255.255.0
ip helper-address 10.206.22.133
tagged A1
ip igmp
exit
vlan 25
name "VLAN25"
ip address 10.206.25.254 255.255.255.0
ip helper-address 10.206.22.133
tagged A1
ip igmp
exit
vlan 20
name "VLAN20"
no ip address
ip igmp
exit
vlan 24
name "VLAN24"
ip address 10.206.24.254 255.255.255.0
ip helper-address 10.206.22.133
tagged A1
ip igmp
exit
vlan 21
name "VLAN21"
ip address 10.206.21.254 255.255.255.128
tagged A1
ip access-group "100" in
exit
ip route 0.0.0.0 0.0.0.0 10.206.22.1
filter connection-rate A1-A16,B1-B16,C1-C16 notify-only
spanning-tree
spanning-tree priority 0
password manager
password operator
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 10:00 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 08:03 PM
тАО03-13-2007 08:03 PM
Re: ACL problem on 5300xl
why should it be "out" direction?
I only want those six machines to be able to reach the 10.206.21.128/25 network located behind vlan 21... shouldn't that be direction "in".
plz explain.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2007 09:09 PM
тАО03-13-2007 09:09 PM
Re: ACL problem on 5300xl
ip access-list extended "100"
permit ip 10.206.23.42 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.23.50 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.150 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.151 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.152 0.0.0.0 10.206.21.128 0.0.0.127
permit ip 10.206.25.153 0.0.0.0 10.206.21.128 0.0.0.127
The fist half is the source which will be coming 'in' via another VLAN. It will be leaving 'out' 10.206.21.218.
That's probably not the best way of explaining it.
What helped me understand this better was the ACL theory section in the IP Routing Foundations course - ftp://ftp.hp.com/pub/networking/training/IRF_SG_061305.zip
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2007 11:41 PM
тАО03-14-2007 11:41 PM
Re: ACL problem on 5300xl
Many thanks matt!
I'll give you points...