HP Procurve 2920 - ip access-list extended "100" - Not working?

NicholasSullo · ‎08-11-2017

Hi All,

I'm having some issues getting an extended access list working for our GUEST WIFI. I'm trying to block that VLAN from connecting anywhere but the internet so those devices cannot communicate with eachother or anyone within our LAN. The configuration on my CORE COMWARE switch works fine but I'm unable to apply the same type of configuration onto my procurves.

This is my configuration:

CORE SWITCH:

acl number 3000
description Inbound PUBWIFI Restrictions
rule 3 permit ip destination 192.168.253.4 0
rule 4 deny ip destination 192.168.0.0 0.0.255.255
rule 5 deny ip destination 10.0.0.0 0.255.255.255
rule 10 deny ip destination 172.16.0.0 0.15.255.255
rule 15 permit ip
#
vlan 15
name 172.31.255.0/24 - PubWiFi
#
interface Vlan-interface15
ip address 172.31.255.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
packet-filter 3000 inbound
#
ip route-static 0.0.0.0 0.0.0.0 192.168.253.1

PROCURVE 2920:

ip access-list extended "100"
20 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
30 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255
40 deny ip 0.0.0.0 255.255.255.255 172.16.0.0 0.15.255.255
50 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
#
vlan 15
name "PubWiFi"
tagged 1-46,Trk1
ip access-group 100 vlan
no ip address
exit

The above ends up blocking all traffic including internet. Was thinking maybe my access list is backwards since I'm not controlling the direction like I am on my CORE switch so I tried the opposite:

ip access-list extended "101"
10 deny ip 192.168.0.0 0.0.255.255 0.0.0.0 255.255.255.255
20 deny ip 10.0.0.0 0.255.255.255 0.0.0.0 255.255.255.255
30 deny ip 172.16.0.0 0.15.255.255 0.0.0.0 255.255.255.255
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

Any help would be appreciated.

NicholasSullo · ‎08-24-2017

Anyone? Am I missing information?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP Procurve 2920 - ip access-list extended "100" - Not working?

HP Procurve 2920 - ip access-list extended "100" - Not working?

Re: HP Procurve 2920 - ip access-list extended "100" - Not working?