- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- Access list issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2016 08:11 AM
04-01-2016 08:11 AM
Access list issue
HP 1920 access list issue. I have a case where I have a vlan for guest/public access. The vlan is 4000 172.16.0.0/24. I only want this vlan to get internet access. I also need it to access a dc for dhcp and dns, which is located on vlan 1080 10.1.8.10/24. I create the following access-list and applied it to vlan 4000
- ip access-list extended guest
- 10 permit ip 172.16.0.0 0.0.0.255 10.1.8.10 0.0.0.0
- 50 deny ip 172.16.0.0 0.0.0.255 10.1.0.0 0.0.255.255
- 60 permit ip 172.16.0.0 0.0.0.255 0.0.0.0 255.255.255.255
Devices are not getting a DHCP address from the server, even though there is a helper address on the vlan interface. However if I manually add an ip address o nthe 172.16.0.0/24 network, I can in fact access the dc at 10.1.8.10, the internet but not any other internal address. So it would appear that my access-list is somewhat correct in that it is fuctioning how I want to. However, you remove the static address and it will not get an address from the pool we have already established connection to the DC. Arrgh, please help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2016 10:35 AM
04-01-2016 10:35 AM
Re: Access list issue
Probably, your access-list also blocks dhcp traffic.
add a rule to allow udp source port 68 to dest port 67
or replace line 60 with permit ip any any .
I'd also filter AD access down to only DNS. What's the use of guest network, if it can still reach one of the most important servers?