- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Procurve 5400zl - ACL - restrict vlan acces
Switches, Hubs, and Modems
1748255
Members
4034
Online
108760
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2011 01:31 PM
02-11-2011 01:31 PM
Procurve 5400zl - ACL - restrict vlan acces
Hallo...
I'm struggling with some ACL configurations.
Basic informations.
Switch HP procurve 5412zl
VLAN 10 (Administration)
VLAN 20 (Servers)
VLAN 30 (Students)
VLAN 40 (Guest)
VLAN 50 (Internet)
VLAN 60 (Device NET, printer etc.)
VLAN 70 (Management NET)
On VLAN 10, 30, 40, 60 and 70 the switch is acting as default gateway
Between VLAN 20 and the servers we got a firewall, so the servers are on another subnet than VLAN20.
Types of setups we are trying to reach.
1. All VLANs have access througt VLAN 50, to the internet
2. VLAN 10 is only accessable from VLAN 20 (from the servers from another subnet) and 70
3. When we are adding a new VLAN, then it's by default blocked from VLAN 10 without changing the ACL.
4. VLAN 70 have access to all VLANs
5. VLAN 60 is only accessable from VLAN 20 (from the servers from another subnet) and of course VLAN 70
Best regards
Kim
I'm struggling with some ACL configurations.
Basic informations.
Switch HP procurve 5412zl
VLAN 10 (Administration)
VLAN 20 (Servers)
VLAN 30 (Students)
VLAN 40 (Guest)
VLAN 50 (Internet)
VLAN 60 (Device NET, printer etc.)
VLAN 70 (Management NET)
On VLAN 10, 30, 40, 60 and 70 the switch is acting as default gateway
Between VLAN 20 and the servers we got a firewall, so the servers are on another subnet than VLAN20.
Types of setups we are trying to reach.
1. All VLANs have access througt VLAN 50, to the internet
2. VLAN 10 is only accessable from VLAN 20 (from the servers from another subnet) and 70
3. When we are adding a new VLAN, then it's by default blocked from VLAN 10 without changing the ACL.
4. VLAN 70 have access to all VLANs
5. VLAN 60 is only accessable from VLAN 20 (from the servers from another subnet) and of course VLAN 70
Best regards
Kim
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2011 11:56 PM
02-13-2011 11:56 PM
Re: Procurve 5400zl - ACL - restrict vlan acces
if your firewall is "strong enough" why not use the firewall to do traffic-filtering between your vlan's?
It's probably much easier to configure the rules you demand on the firewall than with acl's on the procurve.
1. All VLANs have access throug VLAN 50, to the internet
=> that's no problem, if the 5400 routes between vlan's, default all traffic is allowed.
2. VLAN 10 is only accessable from VLAN 20 (from the servers from another subnet) and 70
- vlan-20 is only to connect this network to the firewall?,
-> your rule should be configured for the real adresses of the server network (if no NAT is used), not the connecting vlan-20.
so the acl must permit the server-subnet and vlan-70 subnet.
3. When we are adding a new VLAN, then it's by default blocked from VLAN 10 without changing the ACL.
-> thats default behaviour, access is denied until explicitly permitted (as done in 2.).
4. VLAN 70 have access to all VLANs
- same as 1.
5. VLAN 60 is only accessable from VLAN 20 (from the servers from another subnet) and of course VLAN 70
->same as 2.
It's probably much easier to configure the rules you demand on the firewall than with acl's on the procurve.
1. All VLANs have access throug VLAN 50, to the internet
=> that's no problem, if the 5400 routes between vlan's, default all traffic is allowed.
2. VLAN 10 is only accessable from VLAN 20 (from the servers from another subnet) and 70
- vlan-20 is only to connect this network to the firewall?,
-> your rule should be configured for the real adresses of the server network (if no NAT is used), not the connecting vlan-20.
so the acl must permit the server-subnet and vlan-70 subnet.
3. When we are adding a new VLAN, then it's by default blocked from VLAN 10 without changing the ACL.
-> thats default behaviour, access is denied until explicitly permitted (as done in 2.).
4. VLAN 70 have access to all VLANs
- same as 1.
5. VLAN 60 is only accessable from VLAN 20 (from the servers from another subnet) and of course VLAN 70
->same as 2.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP