HPE Community
Web and Unmanaged
1752630 Members
6224 Online
108788 Solutions
New Discussion

Re: ACL not working as expected on a V1910.

 
matosl
Occasional Contributor

‎04-26-2011 05:28 AM - last edited on ‎07-21-2013 09:20 PM by

‎04-26-2011 05:28 AM - last edited on ‎07-21-2013 09:20 PM by

ACL not working as expected on a V1910.

I have VLAN1 interface configured with IP 192.168.10.5 and VLAN10 with IP 10.0.0.254, with an Advanced ACL configured to deny traffic from network 192.168.10.0 to network 10.0.0.0 as follows:

5 deny ip source 192.168.10.0 0.0.0.255
destination 10.0.0.0 0.0.0.255 logging

Still traffic passes from VLAN1 to VLAN10. What's wrong with my configuration?

 

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to Web and Unmanaged. - Hp Forum Moderator

2 people had this problem.
0 Kudos
9 REPLIES 9
Cajuntank MS
Valued Contributor

‎04-26-2011 01:05 PM

‎04-26-2011 01:05 PM

Re: ACL not working as expected on a V1910.

First of all, you are trying to use a standard ACL which only supports a source. You must use a extended ACL which supports source and destination. So your ACL will look something like:

ip-access list 100 deny ip 192.168.10.0 0.0.0.255 10.0.0.0 0.0.0.255 logging
ip-access list 100 permit ip any any

You then need to apply that ACL to the source interface in question:

interface VLAN 1
ip access-group 100 in


So three things, use an extended ACL to support source and destination, apply another processing line in your ACL to permit ip; otherwise, it's an implicit deny (the ACL will process in order, so after the deny between the subnets, if you don't specify a permit, other subnets will be denied to talk to that subnet as well), and lastly, apply the ACL to the source interface.
0 Kudos
matosl
Occasional Contributor

‎05-02-2011 11:31 AM

‎05-02-2011 11:31 AM

Re: ACL not working as expected on a V1910.

it is configured with an advanced so it supports source and destination the problem is that that the acl's aren't applying!!!
0 Kudos
danilomar53
Occasional Visitor

‎10-25-2011 07:49 AM

‎10-25-2011 07:49 AM

Re: ACL not working as expected on a V1910.

Have the same problem,

I believe that acl's can't be applied to interfaces in that switch (HP V1910),

 

Software Version
5.20 Release 1108P01

 

because switch doesn't support that  functionality?

0 Kudos
Oleksandr
Collector

‎12-10-2012 06:18 AM

‎12-10-2012 06:18 AM

Re: ACL not working as expected on a V1910.

Same for me.

Do you have any solusion?

0 Kudos
vlavlavlad
Occasional Advisor

‎01-01-2013 09:12 PM - last edited on ‎04-03-2017 11:30 PM by

‎01-01-2013 09:12 PM - last edited on ‎04-03-2017 11:30 PM by

Re: ACL not working as expected on a V1910.

You have to do all this through the cli. Yes you can tie an acl to an iterface vlan or port. Here is this link that walks you how to get into the right cli mode and the following link is the download to the 9 section pdf package that has all the info on how to do this.

 

http://glazenbakje.wordpress.com/2012/08/21/hp-v1910-secret-commando-list-how-to-enable-it/

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S5500_Series_Switches/Command/Command/H3C_S5500-EI_CR-Release_2202-V1.03/

 

You want to download all . For the acl command list reference pdf link is here

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S5500_Series_Switches/Command/Command/H3C_S5500-EI_CR-Release_2202-V1.03/07/

 

Very nice switch to work with specially with the l ite layer 3 routing support . I paid $515 for mines from amazon 48 port 

0 Kudos
vlavlavlad
Occasional Advisor

‎01-01-2013 09:15 PM

‎01-01-2013 09:15 PM

Re: ACL not working as expected on a V1910.

Don't forget to patch to the latest release firmware. I'm currently running  1513P01

 

 

0 Kudos
vlavlavlad
Occasional Advisor

‎01-01-2013 09:16 PM

‎01-01-2013 09:16 PM

Re: ACL not working as expected on a V1910.

The only way to tie an acl straight to an interface or port directly without a qos policy is through the cli

0 Kudos
tintix
Visitor

‎01-30-2013 02:26 AM

‎01-30-2013 02:26 AM

Re: ACL not working as expected on a V1910.

Had a similar problem. I wanted to isolate 2 VLANs - one @ port 13 and the second @ port 15.

To create an ACL is not enough. Please read the manual from page 439 till page 447 http://www.scribd.com/doc/61599089/234/ACL-QoS-configuration-example

In my case I had to apply the policy on both ports to isolate the VLANs. And it worked - no CLI magic was needed.

 

0 Kudos
JackyCuong
Occasional Visitor

‎10-08-2014 03:13 AM

‎10-08-2014 03:13 AM

Re: ACL not working as expected on a V1910.

Follow this administration guide, It's work for me. Take a look at Chapter 23.

Point to your Switch model (Layer 2 or 3)

 

http://h17007.www1.hp.com/docs/interoperability/Cisco/HP-Networking-and-Cisco-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.