- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Access-list doubt with tagged ports and virtua...
Switches, Hubs, and Modems
1752577
Members
4843
Online
108788
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2008 10:38 AM
06-03-2008 10:38 AM
Access-list doubt with tagged ports and virtual hosts
Hi,
we have a Procurve 3500 Layer 3, and we want to configure an access-list within vlans.
The problem is that we have defined 3 vlans on the same two tagged paravirtual machine (Xen Source) ports and this vlans, must communicate with others vlans.
What we have to do in order to:
enable ssh (22) access from vlan4 to vlan3.
enable smtp (25) access from vlan2 to vlan3.
___________________________
___________________________
sw01-ly3(config)# show vlan 3
Status and Counters - VLAN Information - Ports - VLAN 3
VLAN ID : 3
Name : VLAN03-dades
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
4 Tagged Learn Down
5 Tagged Learn Up
7 Untagged Learn Down
8 Untagged Learn Down
9 Untagged Learn Down
10 Untagged Learn Down
11 Untagged Learn Down
12 Untagged Learn Down
VLAN03-dades | Manual 192.168.3.254 255.255.255.0 No
sw01-ly3# show vlan 2
Status and Counters - VLAN Information - Ports - VLAN 2
VLAN ID : 2
Name : VLAN02-acces
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
2 Untagged Learn Up
3 Untagged Learn Down
VLAN02-acces | Manual 192.168.2.254 255.255.255.0 No
sw01-ly3# show vlan 4
Status and Counters - VLAN Information - Ports - VLAN 4
VLAN ID : 4
Name : VLAN04-gestio
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
4 Tagged Learn Down
5 Tagged Learn Up
VLAN04-gestio | Manual 192.168.4.254 255.255.255.0 No
Many thanks.
we have a Procurve 3500 Layer 3, and we want to configure an access-list within vlans.
The problem is that we have defined 3 vlans on the same two tagged paravirtual machine (Xen Source) ports and this vlans, must communicate with others vlans.
What we have to do in order to:
enable ssh (22) access from vlan4 to vlan3.
enable smtp (25) access from vlan2 to vlan3.
___________________________
___________________________
sw01-ly3(config)# show vlan 3
Status and Counters - VLAN Information - Ports - VLAN 3
VLAN ID : 3
Name : VLAN03-dades
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
4 Tagged Learn Down
5 Tagged Learn Up
7 Untagged Learn Down
8 Untagged Learn Down
9 Untagged Learn Down
10 Untagged Learn Down
11 Untagged Learn Down
12 Untagged Learn Down
VLAN03-dades | Manual 192.168.3.254 255.255.255.0 No
sw01-ly3# show vlan 2
Status and Counters - VLAN Information - Ports - VLAN 2
VLAN ID : 2
Name : VLAN02-acces
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
2 Untagged Learn Up
3 Untagged Learn Down
VLAN02-acces | Manual 192.168.2.254 255.255.255.0 No
sw01-ly3# show vlan 4
Status and Counters - VLAN Information - Ports - VLAN 4
VLAN ID : 4
Name : VLAN04-gestio
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
4 Tagged Learn Down
5 Tagged Learn Up
VLAN04-gestio | Manual 192.168.4.254 255.255.255.0 No
Many thanks.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2008 12:31 AM
06-04-2008 12:31 AM
Re: Access-list doubt with tagged ports and virtual hosts
Hi
For the SSH:
Sw(config)#ip access-list extended SSH
Sw(config-ext-nacl)#permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#permit ip any any
Sw(config)#vlan 3 ip access-group SSH in
For the SMTP:
Sw(config)#ip access-list extended SMTP
Sw(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 25
Sw(config-ext-nacl)#permit ip any any
Sw(config)#vlan 3 ip access-group SMTP in
Note (please check for any mistakes):
You can permit or deny any other traffic based on your security requirements then you can apply the ACLs.
Good Luck !!!
For the SSH:
Sw(config)#ip access-list extended SSH
Sw(config-ext-nacl)#permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#permit ip any any
Sw(config)#vlan 3 ip access-group SSH in
For the SMTP:
Sw(config)#ip access-list extended SMTP
Sw(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 22
Sw(config-ext-nacl)#deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255 eq 25
Sw(config-ext-nacl)#permit ip any any
Sw(config)#vlan 3 ip access-group SMTP in
Note (please check for any mistakes):
You can permit or deny any other traffic based on your security requirements then you can apply the ACLs.
Good Luck !!!
Science for Everyone
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP