Access list issue

mfubar · ‎04-01-2016

HP 1920 access list issue. I have a case where I have a vlan for guest/public access. The vlan is 4000 172.16.0.0/24. I only want this vlan to get internet access. I also need it to access a dc for dhcp and dns, which is located on vlan 1080 10.1.8.10/24. I create the following access-list and applied it to vlan 4000

ip access-list extended guest
10 permit ip 172.16.0.0 0.0.0.255 10.1.8.10 0.0.0.0
50 deny ip 172.16.0.0 0.0.0.255 10.1.0.0 0.0.255.255
60 permit ip 172.16.0.0 0.0.0.255 0.0.0.0 255.255.255.255

Devices are not getting a DHCP address from the server, even though there is a helper address on the vlan interface. However if I manually add an ip address o nthe 172.16.0.0/24 network, I can in fact access the dc at 10.1.8.10, the internet but not any other internal address. So it would appear that my access-list is somewhat correct in that it is fuctioning how I want to. However, you remove the static address and it will not get an address from the pool we have already established connection to the DC. Arrgh, please help

16again · ‎04-01-2016

Probably, your access-list also blocks dhcp traffic.
add a rule to allow udp source port 68 to dest port 67
or replace line 60 with permit ip any any .

I'd also filter AD access down to only DNS. What's the use of guest network, if it can still reach one of the most important servers?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Access list issue

Access list issue

Re: Access list issue