Hi! Is the edge switch in Edu building performing any IP routing? if the answer is "No" (as it is supposed it should generally be) why there is an ACL?
I'm not an HPE Employee
Hi DoJu! I believe you didn't understood my question...or I didn't understood the config snip about the Edge switch you initially provided...whatever is the case...what I wanted to say is that that ACL "Deny Crosstalk" should be configured and used only on the routing switch...if the Edge switch is not doing routing (as usually happens) I don't understand why the ACL "Deny Crosstalk" is also mentioned/defined on the Edge switch running conifiguration:
Edge_Switch1 in Edu building
vlan 1
untagged 28 (uplink port)
vlan 60
name "Edu building"
ip address vlan_IP_2 255.255.255.0
ip access-group "Deny Crosstalk" in
tagged 28
exit
My question was aimed to understand where the ACL is configured (and applied), not why it is present (it's quite obvious why).
I'm not an HPE Employee
Do not remove/alter nothing. Without a full picture it's hard telling you where is the issue and how to eventually fix it.
Supposing the Core b3 port and the Edge 28 port are used to interconnect (single link) the Core and the Edge switches...could you post here the output of these two commands:
show vlan port b3 details (executed on the Core switch)
show vlan port 28 details (executed on the Edge switch)
So we can easily understand what VLANs id tags are admitted through the uplink between the Core and the Edge switches.
Also having the sanitized (sanitized = private details and sensitive information obfuscated accordingly) outputs of show ip and show vlan executed on both switches would be of help.
As said, if Edge switches act as Layer 2 (no ip routing enabled) they just need an IP Address (and a Default Gateway) configured on the VLAN id selected for management purposes. Other VLANs would be tranported between the Core and those Edge switches (the show vlan port x details is useful to understand which VLANs are permitted along each uplink)...given that the Core should be the only Layer 3 device (so VLANs to be routable by the Core need to have, each one, an IP Address assigned...forming a SVI...that's essentially on the Core since on the Edge those VLANs are just transported...see them as "extended" to the Edge switches up to required access ports to connect edge devices).
With this logical topology the ACLs need to be deployed only on the Core because it's the Core that is performing the IP Routing features.
Edit: I'm sorry...I should have answered you in time on this other thread (October 2019)...maybe there is a relationship between discussed scenarios. I did it few moments ago.
I'm not an HPE Employee