HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Problems with ACLs.

Go to solution
Occasional Visitor

Problems with ACLs.

Any help would be most appreciated. I have a 5406zl and 2600 switch configured with multiple VLANs. We have a perimeter firewall on the default vlan (id:1) and have recently introduced a Wireless/Guest VLAN (id:30).

What I would like to do, is to restrict all access from the Wireless/Guest VLAN to only the perimeter firewall and beyond.

So effectively, if the firewall is on and the Guest VLAN is I want all traffic coming from the network to be restricted to the firewall on and not be able to access anything else on the default vlan.

Any help would be most appreciated.

Thanks for looking.
Pieter 't Hart
Honored Contributor

Re: Problems with ACLs.

Simpelest way is NOT to configure routing between the gest VLAN and the default vlan.
Then you don't need to fiddle with ACL's.

- Only the firewall needs an ip-adress in this vlan.
- If the switch is configured for routing, don't give it an ip-adress in this guest vlan.
- Don't give any other switch an ip-adress in this guest vlan.

The switches will forward packets on layer-2 to other ports in the same vlan as if it was a physical separate network.

NB! you may want to add another vlan to make your access-point reachable for management.
Offcourse your AP's must support this.
Occasional Visitor

Re: Problems with ACLs.

I like your bit of lateral thinking... however, though I don't doubt that your method doesn't work, I managed to implement the appropriate ACLs, but thanks for your help.
Pieter 't Hart
Honored Contributor

Re: Problems with ACLs.

As it was not the solution to your question, 10 points is a bit high.
But thanks very much, you flipped me over the 2500 points and changed my hat from wizzard to royalty.