- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- HPE Aruba Networking & ProVision-based
- >
- Accessing Servers via ACL(?)
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2014 06:51 PM
08-20-2014 06:51 PM
Accessing Servers via ACL(?)
Okay, below is my config as it stands now and here is what I'm looking for: VLAN50 (10.5.0.0/23) is working great, no issues. VLAN60 (10.6.0.0/23) gets DHCP, DNS, etc. but CANNOT join the domain controller (10.5.0.3/wsd.local, which is plugged into port A1 if that matters). What I want is VLAN60 clients to be able to join to the domain like VLAN50 clients. Do I need an ACL? Could I just do a static route?
; Ver #05:08.41.ff.3f.ef:63
hostname "HP-5412zl"
module 1 type j8702a
module 2 type j9536a
module 3 type j8702a
timesync sntp
sntp unicast
sntp server priority 1 10.1.2.10
time daylight-time-rule continental-us-and-canada
time timezone -300
ip route 0.0.0.0 0.0.0.0 10.9.1.1
ip routing
snmp-server community "public" unrestricted
snmp-server contact "Larry Dougher" location "WS Main Closet"
vlan 1
name "DEFAULT_VLAN"
no untagged A1-A24,B1-B22,C1-C24
no ip address
exit
vlan 9
name "Inter-School"
untagged C24
ip address 10.9.1.2 255.255.255.0
exit
vlan 13
name "WS Student WLAN"
tagged B1-B12,B21-B22
ip address 10.13.0.1 255.255.254.0
ip helper-address 10.1.2.10
exit
vlan 17
name "WS Public WLAN"
tagged B1-B12,B21-B22
ip address 10.17.0.1 255.255.254.0
ip helper-address 10.1.2.10
exit
vlan 50
name "WS LAN"
untagged A1-A24,B13-B20,C1-C23
tagged B21-B22
ip address 10.5.0.11 255.255.254.0
ip helper-address 10.1.2.10
exit
vlan 60
name "WS Staff WLAN"
untagged B1-B12
tagged A1,B21-B22
ip address 10.6.0.1 255.255.254.0
ip helper-address 10.1.2.10
exit
primary-vlan 50
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2014 09:48 PM
08-20-2014 09:48 PM
Re: Accessing Servers via ACL(?)
Can they ping any IP address in the 10.5.0.0 subnet?
Is their DHCP-assigned default GW 10.6.0.1?
The switch does Layer2 & Layer3.
If your devices are getting a DHCP-assigned address from your 10.1.2.0 subnet (which I can't see on the switch, presumably it's in VLAN1, but where's the router for that subnet?) then you would seem to have both layer2 & layer3 working fine.
I'm not sure what "can't join the domain" exactly means, but it doesn't appear to be a description of any Layer2 or Layer3 problem.
Perhaps you haven't added the new subnet to AD "Sites & Services"? Or perhaps there is some other kind of AD security/functionality that needs to be made aware of the new subnet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2014 03:22 AM
08-21-2014 03:22 AM
Re: Accessing Servers via ACL(?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2014 05:42 PM
08-21-2014 05:42 PM
Re: Accessing Servers via ACL(?)
So, more a question for an AD forum, I suppose? Does joining a PC to the domain cause the server to do any checking about the IP address/MAC address? What MAC address is it expecting to see?
Have you tried it with the local Windows FW disabled? (By default, it drops pings between subnets).