HPE Community
Switches, Hubs, and Modems
1754016 Members
7826 Online
108811 Solutions
New Discussion

Re: 3500 yl basic access list

 
Romer
Occasional Contributor

‎05-29-2007 04:22 AM

‎05-29-2007 04:22 AM

3500 yl basic access list

I need help configuring my 3500 yl switch to use access list so that I minimize traffic in each VLANs. I have my swith configured as follows.
Default gateway is 172.16.0.254 (Router IP addres)
VLAN 1(Default VLAN) 172.16.0.0/255.255.255.0
VLAN 1 IP ADDRESS IS 172.16.0.250
VLAN 2 172.16.1.0/255.255.255.0
VLAN 2 IP ADDRESS IS 172.16.1.250
VLAN 3 172.16.2.0/255.255.255.0
I have rip enabled on the switch and VLAN 2 has an uplink to VLAN 1.
I need VLAN 2 to be able to access internet only and nothing more. VLAN 3 has no IP address and is to be isolated and has an uplink to a different gateway.
0 Kudos
1 REPLY 1
Mohieddin Kharnoub
Honored Contributor

‎05-29-2007 05:05 PM

‎05-29-2007 05:05 PM

Re: 3500 yl basic access list

Hi

First of all, make sure you have RIP enabled on your router 172.16.0.254 so it learns all the networks you have on this switch.

Second thing, i assume that you need probably one ACL to deny Vlan2 accessing Vlan1 that can access everything else,
If this is the case they you can try this:

SW(config)#ip access-list extended VLAN1
SW(config-ext-nacl)#deny ip 172.16.1.0 0.0.0.255 any
SW(config-ext-nacl)#permit ip any any
SW(config)#vlan 1 ip access-group VLAN1 out

In case you need more restrictions on Vlan3 or Vlan2, you need then to edit that ACL or add a new one for the other Vlans.

Check this link for more information:
ftp://ftp.hp.com/pub/networking/software/3500-5400-6200-ASG-0207-K.12.XX-10-ACLs.pdf


Good Luck !!!
Science for Everyone
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.