Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ACL

SOLVED
Go to solution

ACL

Hi all, I need to creat an admin vlan and 3 other vlan, the admin vlan can access the 3 other vlan, but no one can access the other vlan.
how could I do that??
I tried that and the result is all vlans can't access any one.
9 REPLIES

Re: ACL

I mean that:
we have vlans admin, 1, 2 and 3:

admin vlan access vlan 1,2 and 3
but
vlan 1 can't access other
vlan 2 can't access other
vlan 3 can't access other
Evert Goor
Trusted Contributor

Re: ACL

First of all it would help to tell us what type of hardware your using. And the problem is that a hp switch is not a firewall.

If you make an ACL you will be blocking traffik based on originor destiantion. And that blocking is not based on a session.

You can make acl's that the 3 other vlans can not acces each other but they can allways access the management vlan.

Good luck

Re: ACL

One more thing, I use 5412 core switch, and I want to create on it 4 vlan, one of them is admin vlan and can access the the other 3 vlans. but the other 3 vlan can't access each one and also can't access the admin vlan.
Evert Goor
Trusted Contributor

Re: ACL

Not possible with standard hardware. For this you need a Firewall.

Re: ACL

Dear Evert Goor,
Thank you for your response, actualy I used 5412zl core switch, and I tried to solve this by creating an ACL. but the result is each of vlan 1, 2 and 3 can't access each other and also can't access admin vlan which this is I want.
but the bad thing I got it is that admin vlan also can't access the other vlan, but the required result is admin vlan can access any thing.
Kevin Richter_1
Valued Contributor
Solution

Re: ACL

The basic implementations of routing and ACLs will not allow this to happen. You're looking for an enhanced feature: an "established" parameter for a TCP based ACL. The 5400 does support the established parameter.

on vlan 1's ACL, you'd include a line such as:

permit tcp any any established

This will permit replies to established sessions/conversations from vlan 1 (source) back to the admin vlan (destination). Vlan 1 users will not be able to originate new TCP sessions but only reply to sessions allowed in from Admin.

You would do the same for vlans 2 & 3.

Note that ACL's are NOT a replacement for a stateful firewall. ACL's are best used to take load off of a firewall.
Check the cabling. Next, check the cabling again.

Re: ACL

Thanks Kevin for your response, I will check it after 2 days upon I go to the site and I will update you about the result.

Re: ACL

Dear Kevin Richter
Thanks a lot, you are very great, it's working.
thank you again

Re: ACL

the Kevin Richter is help me to resolve this issue without using a firewall module.
So thank for you Kevin and thanks everyone whoes help me.