- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- V1910-48G - ACL deny access from vlan40 to other v...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2014 02:00 PM - last edited on 06-05-2014 07:54 PM by Maiko-I
06-05-2014 02:00 PM - last edited on 06-05-2014 07:54 PM by Maiko-I
V1910-48G - ACL deny access from vlan40 to other vlans?
Hi guys,
I would like to know if the V1910 is capable of denying access from a given vlan and into other vlans on the switch?
I need vlan40 to be for guest only and they should only be allowed to travel through the network and go on the internet.
Can some show me the commands to accomplish this?
I've tried the following commands with no luck at all:
acl number 3001
rule 0 deny ip source 10.203.40.0 0 destination 10.203.10.0 0
traffic classifier vlan40_2_vlan10
if-match acl 3001
traffic behavior deny_stats_2
filter deny
qos policy vlan40_acl_vlan10
classifier vlan40_2_vlan10 behavior deny_stats_2
qos vlan-policy vlan40_acl_vlan10 vlan 10 inbound
See my configuration on my switch:
#
version 5.20, Release 1513P85
#
sysname HP
#
dhcp relay server-group 1 ip 10.203.10.11
#
domain default enable system
#
undo ipv6
#
telnet server enable
#
ip ttl-expires enable
#
password-recovery enable
#
acl number 3001
rule 0 deny ip source 10.203.40.0 0 destination 10.203.10.0 0
#
vlan 1
#
vlan 10
description Server
name VLAN_10
#
vlan 20
description Clients
name VLAN_20
#
vlan 30
description Clients_Wifi
name VLAN_30
#
vlan 40
description Clients_Wifi
name VLAN_40
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier vlan40_2_vlan10 operator and
if-match acl 3001
#
traffic behavior deny_stats_2
filter deny
#
qos policy vlan40_acl_vlan10
classifier vlan40_2_vlan10 behavior deny_stats_2
#
user-group system
#
local-user admin
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
stp mode rstp
stp enable
#
interface Bridge-Aggregation1
description LACP_link_to_SYNOLOGY
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
ip address 10.203.5.2 255.255.255.0
#
interface Vlan-interface10
ip address 10.203.10.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface20
ip address 10.203.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface30
ip address 10.203.30.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface40
ip address 10.203.40.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface GigabitEthernet1/0/1
stp edged-port enable
#
interface GigabitEthernet1/0/2
stp edged-port enable
#
interface GigabitEthernet1/0/3
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/4
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/5
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/6
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/7
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/8
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/9
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/10
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/11
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/12
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/13
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/14
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/15
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/16
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/17
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/18
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/19
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/20
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/21
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/22
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/23
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/24
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/25
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/26
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/27
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/28
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/29
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/30
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/31
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/32
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/33
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/34
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/35
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/36
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/37
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/38
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/39
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/40
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/41
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/42
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/43
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/44
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/45
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
stp edged-port enable
link-aggregation port-priority 100
port link-aggregation group 1
#
interface GigabitEthernet1/0/46
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
stp edged-port enable
link-aggregation port-priority 100
port link-aggregation group 1
#
interface GigabitEthernet1/0/47
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/48
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/49
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/50
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/51
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/52
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 Vlan-interface1 10.203.5.1
#
snmp-agent
snmp-agent local-engineid 8000000B03CC3E5FE426FA
snmp-agent sys-info contact motz
snmp-agent sys-info location serverroom
snmp-agent sys-info version v3
#
dhcp enable
#
ssh server enable
#
qos vlan-policy vlan40_acl_vlan10 vlan 10 inbound
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme
#
return
P.S. This thread has been moved from Comware-Based to Web & Unmanaged. - Hp forum moderator