- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: 3500 yl basic access list
Switches, Hubs, and Modems
1754016
Members
7826
Online
108811
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2007 04:22 AM
05-29-2007 04:22 AM
3500 yl basic access list
I need help configuring my 3500 yl switch to use access list so that I minimize traffic in each VLANs. I have my swith configured as follows.
Default gateway is 172.16.0.254 (Router IP addres)
VLAN 1(Default VLAN) 172.16.0.0/255.255.255.0
VLAN 1 IP ADDRESS IS 172.16.0.250
VLAN 2 172.16.1.0/255.255.255.0
VLAN 2 IP ADDRESS IS 172.16.1.250
VLAN 3 172.16.2.0/255.255.255.0
I have rip enabled on the switch and VLAN 2 has an uplink to VLAN 1.
I need VLAN 2 to be able to access internet only and nothing more. VLAN 3 has no IP address and is to be isolated and has an uplink to a different gateway.
Default gateway is 172.16.0.254 (Router IP addres)
VLAN 1(Default VLAN) 172.16.0.0/255.255.255.0
VLAN 1 IP ADDRESS IS 172.16.0.250
VLAN 2 172.16.1.0/255.255.255.0
VLAN 2 IP ADDRESS IS 172.16.1.250
VLAN 3 172.16.2.0/255.255.255.0
I have rip enabled on the switch and VLAN 2 has an uplink to VLAN 1.
I need VLAN 2 to be able to access internet only and nothing more. VLAN 3 has no IP address and is to be isolated and has an uplink to a different gateway.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2007 05:05 PM
05-29-2007 05:05 PM
Re: 3500 yl basic access list
Hi
First of all, make sure you have RIP enabled on your router 172.16.0.254 so it learns all the networks you have on this switch.
Second thing, i assume that you need probably one ACL to deny Vlan2 accessing Vlan1 that can access everything else,
If this is the case they you can try this:
SW(config)#ip access-list extended VLAN1
SW(config-ext-nacl)#deny ip 172.16.1.0 0.0.0.255 any
SW(config-ext-nacl)#permit ip any any
SW(config)#vlan 1 ip access-group VLAN1 out
In case you need more restrictions on Vlan3 or Vlan2, you need then to edit that ACL or add a new one for the other Vlans.
Check this link for more information:
ftp://ftp.hp.com/pub/networking/software/3500-5400-6200-ASG-0207-K.12.XX-10-ACLs.pdf
Good Luck !!!
First of all, make sure you have RIP enabled on your router 172.16.0.254 so it learns all the networks you have on this switch.
Second thing, i assume that you need probably one ACL to deny Vlan2 accessing Vlan1 that can access everything else,
If this is the case they you can try this:
SW(config)#ip access-list extended VLAN1
SW(config-ext-nacl)#deny ip 172.16.1.0 0.0.0.255 any
SW(config-ext-nacl)#permit ip any any
SW(config)#vlan 1 ip access-group VLAN1 out
In case you need more restrictions on Vlan3 or Vlan2, you need then to edit that ACL or add a new one for the other Vlans.
Check this link for more information:
ftp://ftp.hp.com/pub/networking/software/3500-5400-6200-ASG-0207-K.12.XX-10-ACLs.pdf
Good Luck !!!
Science for Everyone
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP