- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: 5406zl ACL Not Working When Applied to VLAN
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2013 02:10 PM
01-08-2013 02:10 PM
5406zl ACL Not Working When Applied to VLAN
I have created a VLAN that I only want certain subnets or ranges of address to access:
ip access-list standard "CAMSEC"
10 permit 10.10.10.0 0.0.0.255
15 permit 10.82.20.0 0.0.0.255
20 permit 10.90.0.0 0.0.255.255
25 permit 10.86.0.0 0.0.255.255
40 deny 0.0.0.0 255.255.255.255
exit
I then applien this to the particular VLAN with the "ip access-group CAMSEC in" command, however traffic from any subnet within my network is still allowed. Do I need an extended access list, and if so how would I create and apply this to the VLAN?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2013 05:01 AM
01-09-2013 05:01 AM
Re: 5406zl ACL Not Working When Applied to VLAN
Looks like you have the ACL in the wrong direction. In this current application you would be affecting traffic originating from the VLAN you are trying to protect or going "IN" to the VLAN interface from the VLAN itself. If you remove it and apply it to the VLAN in an outbound direction you should most likely see your traffic start hitting the ACL. With that said, it would be best to apply an ACL closer to the source if at at possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2013 10:41 AM
01-10-2013 10:41 AM
Re: 5406zl ACL Not Working When Applied to VLAN
So by the looks of it the ACL would then not allow traffic out to any subnet other then those I specified?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2013 04:27 PM - edited 01-10-2013 04:28 PM
01-10-2013 04:27 PM - edited 01-10-2013 04:28 PM
Re: 5406zl ACL Not Working When Applied to VLAN
Hi Ill3st0n3,
The trick with VLAN ACLs is that you need to view them from the perspective of the routing engine of the switch, not from the perspective of the VLAN, so incoming is traffic FROM that VLAN to other VLANs and outgoing is traffic TO that VLAN from other VLANs.
If you apply the ACL that you've specified in the outbound direction as Lorenzo suggested, the effect should be that only addresses permitted in your ACL will be allowed access to that VLAN. Traffic from that VLAN to other VLANs will be unaffected. (However replies from addresses outside the range you indicated would not be permitted due to the ACL, which may appear to the unknowing observer as a problem with traffic from that VLAN.)
Hope that helps.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2013 07:29 AM
04-29-2013 07:29 AM
Re: 5406zl ACL Not Working When Applied to VLAN
I have apllied an access list to a student vlan 4 which permits essential services but has the implicit deny at the end to deny anything esle.
I apply it be going inot vlan 4 and using access-group 1-1 ext in
when its applied traffic from my vlan 50 which is phones VLAN is blocked?
my understading was that because my access list was applied to the vlan 4 none of the other vlans would be affected?