HPE Community
Comware Based
1832295 Members
1907 Online
110041 Solutions
New Discussion

Vlan ACL issue s5600

 
MuhammedShadab
Occasional Contributor

‎08-12-2010 06:49 AM

‎08-12-2010 06:49 AM

Vlan ACL issue s5600

Hi





I have two H3C-S5600-50Clayer 3 switches running different VLANs.





My inter VLAN communication works 100% after assigning VLAN interfaces on the switches. The problem I am facing is as follows. I want to Permit communication between some vlan and deny communication between some vlan,But when i exec deny statement all the traffic is block.





How must the command look, must it be applied globally, per VLAN or per port ? what must the match order be ? The s5600 supports inbound packet-filtering.





I have read all the manuals available from 3 COM but the info is a bit scarce or I do not understand it 100% correctly





If you would like more info please do not hesitate to ask



best regards


Muhammed Shadab



0 Kudos
1 REPLY 1
Fred_Mancen_1
Super Advisor

‎08-13-2010 08:00 AM

‎08-13-2010 08:00 AM

Re: Vlan ACL issue s5600

Hi Muhammed.




By default, any ACL has a implicit "deny" at the end of the rule. So, try to setup your rules including the permit rules first; this will permit only the networks you want and block all the additional traffic. If you need to block a specific network or host, include it in a deny rule after the permit rules just to ensure that host or network will not pass anyway.



In 3Com/H3C switches you have to apply the ACL per port. You can apply the ACL per VLAN also, but it will work to the entire switch, even in the trunking ports, so the better option is to apply the ACL per port, in order to achieve more flexibility.



Regards.



Regards,
Fred Mancen
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.