HPE Community
Switches, Hubs, and Modems
1753819 Members
9512 Online
108805 Solutions
New Discussion

Re: ProCurve ACL questions

 
groque
Frequent Advisor

‎08-05-2009 10:25 AM

‎08-05-2009 10:25 AM

ProCurve ACL questions

Hey guys,

I don't have my ProCurve units in just yet so I cant test this but I have a newbish question for you guys I just want to make sure this works.

Basically I have my IP addressing and my local network documented. My user VLAN is split in half

ie: 192.168.0.0 /25 for users 1, 192.168.0.128 /25 for users 2.

I am planning to get a ProCruve 2910al and I want the least amount of ACL's on these switches.

My server VLAN is 192.168.2.0 /24. I want to permit both my user networks. Is it possible to create one ACL that states

Permit 192.168.0.0 /24 (which should match both user networks) to 192.168.2.0

Is this possible?

Thanks guys

note: these IP's are just used for testing
0 Kudos
1 REPLY 1
Pieter 't Hart
Honored Contributor

‎08-05-2009 10:45 PM

‎08-05-2009 10:45 PM

Re: ProCurve ACL questions

>>> least amount of ACL's <<<
that is no ACL at all (default permit all).
this will also allow both users to access the server.
(but also users-1 to access users-2.)

As for the /24 to match both /25 networks, that will work.
In an ACL it's a "mask" to use in filtering and basically in this context is not related with subnets.

there is a "but".
I think you got another possible problem here.
you seem to use both /25 subnets in the same user vlan. is that right?
then what ip-adress do you give the switch to be able to route?
Best practice is to use a separate vlan for each subnet.

sometimes the /25 is not really used as subnet mask, but used for an ip-number range.
please check if the workstations have an /24 mask configured.
In this case you have no trouble.

Pieter
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.