HPE Community
HPE Aruba Networking & ProVision-based
1829744 Members
1227 Online
109992 Solutions
New Discussion

2915 ACL

 
Eric LeMaster
Occasional Contributor

‎08-09-2012 12:25 PM - edited ‎08-09-2012 01:24 PM

‎08-09-2012 12:25 PM - edited ‎08-09-2012 01:24 PM

2915 ACL

I am preparing to implement a new network service in which the WAN and Internet traffic will be coming in on a single drop.  This connection is connected to a Procurve 2915-8-PoE switch. 

 

This switch is configured so that the Internet traffic goes to the firewall on one port and the WAN traffic on another.  However, it appears that I can only apply the ACL to an interface port and not a VLAN.  Because of the switch is still vulnerable to the outside.  I disabled telnet and the web interface, but SSH access isn't enough protection.  I thought about the management vlan, but I will need to be able to access the swtich from other locatoins.

 

If there any way I can block external users from being able to log into the switch while still allowing internal access?

0 Kudos
1 REPLY 1
paulgear
Esteemed Contributor

‎08-12-2012 09:48 PM

‎08-12-2012 09:48 PM

Re: 2915 ACL

Hi Eric,

Exact configuration information about your switch would help, but as a general rule, VLAN ACLs are only available on switches which provide routing. The access security guide for the 2915 is pretty clear that ACLs are only allowed on inbound ports or trunks. http://cdn.procurve.com/training/Manuals/2615-2915G-ASG-May10-A_14_03.pdf

The authorized managers feature is probably what you want: http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=4219915&prodTypeId=12883&objectID=c02939620

More information can be found in the same manual linked above.
Regards,
Paul
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.