- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Maybe RACL, maybe not. Need to restrict some t...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2020 11:13 AM
11-16-2020 11:13 AM
Maybe RACL, maybe not. Need to restrict some traffic for training room.
We have a training vlan of 10.3.4.0/24. I need it to have access to our DNS server and some other server and Internet access. Here is a "snippit" of what I have.
ip access-list extended "Training Lab"
10 permit tcp 10.3.4.0 255.255.255.0 192.168.xxx.77 255.255.255.255 eq 53
20 permit tcp 10.3.4.0 255.255.255.0 192.168.xxx.97 255.255.255.255 eq 53
30 permit udp 10.3.4.0 255.255.255.0 192.168.xxx.77 255.255.255.255 eq 68
...
200 deny ip 10.3.4.0 255.255.255.0 192.168.xxx.0 255.255.0.0
210 deny ip 10.3.4.0 255.255.255.0 10.0.xxx.0 255.0.0.0
220 permit ip 10.3.4.0 255.255.255.0 0.0.0.0 0.0.0.0
I then apply this to the vlan with address 10.3.4.0/24 and it shows as
ip access-list extended "Training Lab" vlan-in
The issue is when I apply this RACL I cannot access anything. The training network is coming through one switch where the vlan does not have an ip and the trunk to the next switch is tagged. The next switch is the core switch where the gateway IP of the vlan is assigned to the vlan. I have been applying the RACL to the vlan on the secondary and not the main switch? DO I need it on the main switch, the secondary switch, or both?
Thank you,
Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2020 11:07 PM
11-16-2020 11:07 PM
Re: Maybe RACL, maybe not. Need to restrict some traffic for training room.
ACL applies where the routing happens.
If your "Core" switch is the switch performing IP Routing (VLANs have SVIs on this switch and IP Routing feature is enabled...and if clients use those SVIs...then your Core is the right switch where to apply your ACL).
I'm not an HPE Employee