Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Procurve 2920-24G doesn't support outbound ACLs?

 
Highlighted
Occasional Contributor

Procurve 2920-24G doesn't support outbound ACLs?

I've gone through the command references for multiple versions of WB.16.x, and there's no mention of this not being supported.

Yet on my 2920Gs:
On a VLAN - can only do an ip access-group xyz vlan-in
On an interface - can only do an ip access-group xyz in

No out availabe.  I've tried WB.16.03.0003, WB.16.03.0007, WB.16.10.0007.  Funny enough, on WB.15.18.0006 out does appear for VLAN.

Switch01(vlan-5)# ip access-group test
vlan-in Apply the IPv4 ACL for bridged and routed inbound packets on this VLAN.

Is this really true?  I can only do inbound ACL on a 2920?

 

4 REPLIES 4
Highlighted
HPE Pro

Re: Procurve 2920-24G doesn't support outbound ACLs?

Hi,

Can you please check below document if it is useful for you, if not then can you please share the device product number which starts from 'JXXXXX'

https://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00055680en_us-2.pdf

 

Thanks!

I am an HPE Employee

Accept or Kudo

Highlighted

Re: Procurve 2920-24G doesn't support outbound ACLs?

Curious about this as well. I have a 2920 48g and it seemed silly that I had to apply inbound ACL to 6 VLANs when all I was trying to do was block outbound traffic from 1 VLAN to the rest of them. Would have loved a vlan-out function on the ACL VLAN application.

Highlighted

Re: Procurve 2920-24G doesn't support outbound ACLs?

Wanted to add this...this is from 16.10 Security guide for 2920 which I was hoping was going to let me use "vlan-out" function for VACLs.....not to mention this "shared" function........Am I missing something? Seems like this is supposed to be implemented but not?

https://psnow.ext.hpe.com/doc/a00061587en_us

IPv4 access-group (VACL)
Allows for the configuration of an IPv4 ACL on a vlan to be shared. VACLs are applied from vlan context.
Syntax
ip access-group ACL-ID in|out|vlan-in|vlan-out|connection-rate-filter shared
no ip access-group ACL-ID in|out|vlan-in|vlan-out|connection-rate-filter shared
Description
Apply the specified IPv4 ACL on this VLAN interface. When ACLs are shared, hardware resource usage is
optimized where possible.
Parameter
shared
Apply the IPv4 ACL so as to share hardware resources.
Restrictions
Per-application statistics will not be available when ACLs are applied as shared.
ip access-group my-acl out shared
switch(config)# vlan 1
switch(vlan-1)# ip access-group my-acl vlan-out shared
switch(vlan-1)# ip access-group my-acl out shared

Highlighted
HPE Pro

Re: Procurve 2920-24G doesn't support outbound ACLs?

Hi,

This seems a chip limitation. Can you share product number of the device starts with 'JXXXXXX'.

The ArubaOS-Switch 16.07/16.08  guides applies to this product line J9726A, J9727A, J9728A, J9729A, J9836A.

Thanks!

I am an HPE Employee

Accept or Kudo