- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Help with ACL's on HP 2920
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2015 06:59 AM - edited 12-04-2015 07:02 AM
12-04-2015 06:59 AM - edited 12-04-2015 07:02 AM
Help with ACL's on HP 2920
Hi all,
I'm fairly new to networking, and I would appreciate any help with configuring ACL's on a HP 2920.
I have several VLAN's, and I want to block communication between some of them, and do some other configurations. In the end, this is what I want to accomplish:
- Allow all traffic from vlan20 to vlan10
- Allow all traffic from vlan30 to vlan10
- Allow traffic on tcp port 8880 from vlan40 to vlan10
- Deny all traffic from vlan50 to vlan10
- Allow all traffic from vlan99 to vlan10
So, I think this is what I need to configure:
ip access-list extended "VLAN10-In"
permit ip 192.168.20.0/24 192.168.10.0/24
permit ip 192.168.30.0/24 192.168.10.0/24
permit tcp 192.168.40.0/24 192.168.10.0/24 eq 8880
deny ip 192.168.50.0/23 192.168.10.0/24
permit ip 192.168.99.0/24 192.168.10.0/24
(VLAN50 is a /23 network, it's not a typo).
And then, I assume that I have to apply this configuration to the VLAN10 itself, am I right?
Regards
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2015 07:48 AM
12-12-2015 07:48 AM
Re: Help with ACL's on HP 2920
Hello. 2920 supports ingress port and VLAN ACLs. If your intention is to only allow hosts on VLAN 20, 30, 40 (TCP 8080 only), and 99 to send traffic to VLAN 10 then that ACL will work, but bear in mind those hosts will only be allowed to send traffic with an IP destination of 192.168.10.0/24. All other IP traffic, DHCP discover packets for example, will be dropped. And all VLAN 50 traffic will be dropped.
Also remember there is an implicit "deny ip any any" at the end of the ACL so anything not explicitly permitted will be dropped.
Once you determine what traffic you want to permit you would then apply it on the ingress port (interface x ip access-group y) or VLAN (vlan x ip access-group y).