- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Need to setup specific ACL on an HP switch 541...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2009 08:24 PM
тАО03-12-2009 08:24 PM
Need to setup specific ACL on an HP switch 5412zl series
So the goal is
1, 5, 20, 100 to 222 permit #file shares, snmp, pretty much everything
222 to 1, 5, 20, 100 deny except SMTP
I did the following
ip access-list extended "sd_smtp"
10 permit tcp 192.168.0.0 0.0.15.255 192.168.0.0 0.0.15.255 gt 0
20 permit icmp any any # for ping
20 permit tcp 10.222.2.10 0.0.0.0 192.168.1.30 0.0.0.0 eq 25
Exit
In the end I ran this
vlan 222 ip access-group SD in
but it didn t work. I played with the ACLs for a bit to no avail, that is above is just a sample of many variants of the sample above
Can someone write a proper access-list that will work with the configuration attached?
Thanks,
Filu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-16-2009 08:19 AM
тАО03-16-2009 08:19 AM
Re: Need to setup specific ACL on an HP switch 5412zl series
deny tcp 10.222.2.0 0.0.0.255 192.168.0.0 0.0.255.255 eq 25
deny tcp 10.222.2.0 0.0.0.255 10.0.0.0 0.255.255.255 eq 25
permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
and attach interface vlan 222 out baund this rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-17-2009 07:34 AM
тАО03-17-2009 07:34 AM
Re: Need to setup specific ACL on an HP switch 5412zl series
See the first line in ACL: deny tcp 10.222.2.0 0.0.0.255 192.168.0.0 0.0.255.255 eq 25. Kinda confusing to me, as I thought I want to allow it.
Now, the reason to attach the ACL to 222 OUT is to filter the traffic from vlan 2222 to the router, correct? So any traffic comes in (from router to vlan 222?) fine and unrestricted but comes out from vlan 222 to router filtered. But this is what puzzles me, why does the traffic come restricted from vlan 222 out to the router on port 25? I need this vlan 222 to be able to send alert emails to vlan 1, 5 etc.
Please explain, and hopefully I'll be smarter soon :)
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-17-2009 09:03 AM
тАО03-17-2009 09:03 AM
Re: Need to setup specific ACL on an HP switch 5412zl series
1, 5, 20, 100 to 222 permit #file shares, snmp, pretty much everything
222 to 1, 5, 20, 100 deny except SMTP
is this true ????
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-17-2009 09:38 AM
тАО03-17-2009 09:38 AM
Re: Need to setup specific ACL on an HP switch 5412zl series
except meaning excluding
I suppose antipodal
new rule for you please test and say me result
permit tcp 192.168.0.0 0.0.255.255 10.222.2.0 0.0.0.255 eq 25
permit tcp 10.0.0.0 0.255.255.255 10.222.2.0 0.0.0.255 eq 25
permit tcp 10.0.0.0 0.255.255.255 10.222.2.0 0.0.0.255 eq 53 fordns
permit tcp 10.0.0.0 0.0.255.255 10.222.2.0 0.0.0.255 eq 67 fordhcp
permit tcp 10.0.0.0 0.0.255.255 10.222.2.0 0.0.0.255 eq 68 fordhcp