- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Acess List behaviour in Procurve 3500 switch
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-27-2009 10:56 PM
тАО11-27-2009 10:56 PM
Acess List behaviour in Procurve 3500 switch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-28-2009 04:06 AM
тАО11-28-2009 04:06 AM
Re: Acess List behaviour in Procurve 3500 switch
Could you post the ACL up or just the line of the ACL that allows VLAN 11 hosts to reach the 3500?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2009 07:14 PM
тАО11-29-2009 07:14 PM
Re: Acess List behaviour in Procurve 3500 switch
ip access-list standard "10"
10 permit 10.0.0.1 0.0.0.0
20 permit 10.0.0.11 0.0.0.0
25 permit 10.0.2.61 0.0.0.0
26 permit 10.0.0.100 0.0.0.0
27 permit 10.0.6.201 0.0.0.0
30 permit 10.0.2.11 0.0.0.0
40 permit 10.0.2.12 0.0.0.0
50 permit 10.0.2.51 0.0.0.0
51 permit 10.0.2.54 0.0.0.0
60 deny 0.0.0.0 255.255.255.255
exit
10.0.0.11 is the VLAN1 IP address of the 3500 switch.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2009 02:05 AM
тАО11-30-2009 02:05 AM
Re: Acess List behaviour in Procurve 3500 switch
Ok so you're using a standard ACL, what direction have you applied the ACL in? And what subnet do the hosts of VLAN 11 live on?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2009 03:01 AM
тАО11-30-2009 03:01 AM
Re: Acess List behaviour in Procurve 3500 switch
VLAN11 subnet is 10.0.10.0. VLAN11 ip address of 3500 is 10.0.10.1 and we cannot ping the hosts of VLAN11 from 3500 if the ACL is applied.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2009 04:03 AM
тАО11-30-2009 04:03 AM
Re: Acess List behaviour in Procurve 3500 switch
Applying the ACL in the "OUT" directions does not restrict what VLAN 11 hosts can access, it restricts what can talk inbound to the VLAN 11 hosts.
ACL directions are always with respect to the switch, i.e. "OUT" means packets outbound of the switch (which means inbound to VLAN 11).
The reason you can't ping the hosts with your current setup is that the IP of the switch in VLAN 11 is not in the ACL.
If you add in 10.0.10.1 into the ACL you should be fine.
(ACLs don't normally apply to intra-subnet traffic but the exception to the rule is if the communication is to an IP that's on the switch)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-30-2009 09:55 PM
тАО11-30-2009 09:55 PM
Re: Acess List behaviour in Procurve 3500 switch
ip access-list standard "10"
10 permit 10.0.0.1 0.0.0.0
16 permit 10.0.10.1 0.0.0.0
20 permit 10.0.0.11 0.0.0.0
25 permit 10.0.2.61 0.0.0.0
26 permit 10.0.0.100 0.0.0.0
27 permit 10.0.6.201 0.0.0.0
30 permit 10.0.2.11 0.0.0.0
40 permit 10.0.2.12 0.0.0.0
50 permit 10.0.2.51 0.0.0.0
51 permit 10.0.2.54 0.0.0.0
60 deny 0.0.0.0 255.255.255.255
exit
The second line permits VLAN11 ip address of the switch. But we are still cannot ping the hosts of VLAN11 from the switch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-01-2009 02:09 AM
тАО12-01-2009 02:09 AM
Re: Acess List behaviour in Procurve 3500 switch
Can you post the full config from that switch?
Also, what firmware revision are you running?