HPE Community
Switches, Hubs, and Modems
1752610 Members
3876 Online
108788 Solutions
New Discussion юеВ

Re: ACL

 
Evgeniy Paukov
Occasional Advisor

тАО10-31-2007 08:44 PM

тАО10-31-2007 08:44 PM

ACL

Good afternoon! It is established HP procurve 2650, two computers A and B. How to adjust ACL list thus what from computer A on computer B there was no access, and with B on A was? Thanks
0 Kudos
9 REPLIES 9
OLARU Dan
Trusted Contributor

тАО10-31-2007 10:53 PM

тАО10-31-2007 10:53 PM

Re: ACL

OK.

2650 has routing capabilities?

If yes,

i1. ip routing
i2. define ip subnets for the vlan interfaces, and assign ipas to these interfaces
i3. put ip acls on the vlan interfaces that have ipa assigned
i4. put the 2 pcs in 2 different vlans/subnets
i4'. make sure the pcs have ipas
i4". check back here if you [still] have any problems

else

i5. no can do

endif

i6. get better @ english

Are you programmer, btw?

Cheers,
Dan
0 Kudos
Evgeniy Paukov
Occasional Advisor

тАО10-31-2007 11:49 PM

тАО10-31-2007 11:49 PM

Re: ACL

Computers are in different VLAN. The matter is that at creation of a rule for one vlan (A) for example "deny 0.0.0.0 0.0.0.0", from another vlan (A) it is impossible to come in vlan (B), and I need to come. How it is possible to make?
0 Kudos
Matt Hobbs
Honored Contributor

тАО11-01-2007 12:10 AM

тАО11-01-2007 12:10 AM

Re: ACL

The 2650 does not support ACLs. This is not possible.
0 Kudos
Evgeniy Paukov
Occasional Advisor

тАО11-01-2007 12:54 AM

тАО11-01-2007 12:54 AM

Re: ACL

OK.
And on 5304?
0 Kudos
Matt Hobbs
Honored Contributor

тАО11-01-2007 01:00 AM

тАО11-01-2007 01:00 AM

Re: ACL

5300 series supports fairly basic ACLs, but if your requirement is so that computer A cannot access computer B, but computer B can access computer A - then you need support the 'established' command in the ACL's. Only the newer 5400/3500 products support this feature along with many other more advanced ACL options.

'established' looks for new TCP connections so it can determine the direction of where the connection is coming from.
0 Kudos
Evgeniy Paukov
Occasional Advisor

тАО11-01-2007 01:05 AM

тАО11-01-2007 01:05 AM

Re: ACL

What can you advise as to act to me?
0 Kudos
Evgeniy Paukov
Occasional Advisor

тАО11-01-2007 01:07 AM

тАО11-01-2007 01:07 AM

Re: ACL

And 5304 will support given type ACL?
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО11-02-2007 04:09 AM

тАО11-02-2007 04:09 AM

Re: ACL

Hi

If you can manage a 3500/5400 then i'm with Matt's suggestion.

Otherwise, with the 5300 you can do it like this:

- Create a Vlan for PC-A with a proper IP address.
- Create another Vlan for PC-B with a proper IP address
- Enable IP Routing on the 5300.
- Now PC-A can talk to PC-B and vise versa
- Apply an ACL allows PC-A Vlan to talk to PC-B Vlan.
- Apply an ACL denies PC-B Vlan to talk to PC-A Vlan.

I think in that way you can achieve your goal.

Good Luck !!!
Science for Everyone
0 Kudos
Evgeniy Paukov
Occasional Advisor

тАО11-06-2007 05:11 PM

тАО11-06-2007 05:11 PM

Re: ACL

Thanks.
I shall try and I shall write here ├Р┬┐├Р┬╛├Р┬╗├С ├С ├Р┬╕├Р┬╗├Р┬╛├С ├С or not
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.