Beginning Nov 15, 2021, the Networking Forum discussion boards moved to the Aruba Airheads community

Switches, Hubs, and Modems

1753335 Members

5252 Online

108792 Solutions

VLAN ACL on 3400cl

Simple requirement: configure a GUEST VLAN at a remote office that allows access to the internet, but NOT any internal resources.

ISSUE: I can ping devices on VLAN 1 from VLAN3. This cannot be the case.

I have learned that ACLs are required to achieve this result. Can you please assist with the correct ACL commands?

Firewall <--> Procurve 3400cl <-- Metro Ethernet --> Procurve 2626

1 port on Procurve 2626 is needed for this VLAN. It should get access to only the internet. The computer on this port is configured manually with the static IP address: 192.168.93.100/24.

Configs below.

======================
hostname "ProCurve Switch 3400cl-24G"
interface 17
flow-control
exit
interface 22
speed-duplex 100-full
exit
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "LAN"
untagged 1-21,23-24
ip address 192.168.1.3 255.255.255.0
ip helper-address 192.168.1.4
ip helper-address 192.168.1.2
no untagged 22
exit
vlan 2
name "WAN"
untagged 22
ip address 10.0.0.1 255.255.255.0
exit
vlan 3
name "GUEST"
forbid 1-21,23-24
ip address 192.168.91.3 255.255.255.0
exit
dhcp-relay option 82 keep
ip route 192.168.3.0 255.255.255.0 10.0.0.3
ip route 192.168.4.0 255.255.255.0 10.0.0.4
ip route 192.168.2.0 255.255.255.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.93.0 255.255.255.0 10.0.0.3
primary-vlan 2

======================
hostname "ProCurve Switch 2626"
interface 26
speed-duplex 10-full
exit
ip default-gateway 10.0.0.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "LAN"
forbid 1
untagged 2-25
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.10
ip helper-address 192.168.1.4
ip helper-address 192.168.1.2
no untagged 1,26
exit
vlan 2
name "WAN"
untagged 26
ip address 10.0.0.3 255.255.255.0
exit
vlan 3
name "GUEST"
forbid 2-25
untagged 1
ip address 192.168.93.1 255.255.255.0
exit
dhcp-relay option 82 keep
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.1.0 255.255.255.0 10.0.0.1
ip route 192.168.4.0 255.255.255.0 10.0.0.4
ip route 192.168.2.0 255.255.255.0 10.0.0.2
primary-vlan 2
======================

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

VLAN ACL on 3400cl

VLAN ACL on 3400cl