Tom's Hardware > Forum > Systems > HP > Need help with ProCurve 5308XL ACL

Need help with ProCurve 5308XL ACL

Forum Systems : HP - Need help with ProCurve 5308XL ACL

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   11-04-2004 at 02:31:56 PM

Archived from groups: comp.sys.hp.hardware (More info?)

 

Hi,

we´ve got a ProCurve5308xl switch in our network and we are not really
experienced in configuring VLANs and ACLs. Unfortunally this switch is
already working in productive environment so that we can´t play with its
configuration too much.
Now we´ve got a lack of understanding in association with the configuration
of the ACLs in our 2 VLANs.

We´ve just configured 2 VLANs (VLAN1 and VLAN2). In this initial
configuration, wether hosts from VLAN1 nor from VLAN2 should get access to
hosts from the other VLAN at this time. But this is going to change in the
future, so that various clients should get access to some ressources of the
other VLAN. ip route is already enabled and every client with an valid
gateway entry has access to any other client which gateway entry is valid
to. Our internet gateway is connected to VLAN1.

Now a few questions:

From which point of view is the inbound/ outbound filter to be seen?
E.g. if i plan to supress traffic between VLAN1 and VLAN2 (VLAN1
192.168.10.0/24 and VLAN2 192.168.20.0/24) what filter is to be set?
Is it outbound on VLAN1 or inbound on VLAN2? (The manual has a very
controversial explanation for inbound/ outbound filters which is confusing
us.)

Quote :

[1]
You would assign either an inbound ACL on VLAN"A" or an outbound ACL on
VLAN"B" to filter a packet routed between subnets; that is, from
workstation 18.28.20.99 on VLAN"A" to the server 18.28.10.5 on VLAN"B".(An
outbound ACL on VLAN"A" or an inbound ACL on VLAN"B" would not filter the
packet.)



How should we understand that: Are the ACLs described first working or not
and why doesn´t the second one do?


The next question we´ve got is:
What do we have to do if we got to allow one client from VLAN1 the access to
a host at VLAN2. Isn´t it right that, when i add a filter rule, it´s
automatically put on the end of my ACL. So it won´t come to effect when the
first rule denys any traffic.

The last thing we need to know is:
The packets of which destination addresses become filtered if i create an
ACE like this: "deny ip 192.168.10.1 255.255.255.255 192.168.20.1 0.0.0.31"
Meets this ACE all hosts beginning from 1 to 31 or the hosts with IP 32+, or
how should i understand the functioning of the ACE mask entry.


Thank you in advance for any help offered

Oskar



[1] Refered to HP Manual Chapter 9 from URL:
ftp://ftp.hp.com/pub/networking/software/59906051.pdf

Add a reply
Sponsored Links
Register or log in to remove.
Ask the community Add a reply
Tom's Hardware > Forum > Systems > HP > Need help with ProCurve 5308XL ACL
Go to:

There are 977 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.429 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
  • 14:45 trinix won the Sophmore badge
  • 01:00 citywill won the Uniformed badge
  • 01:00 Tameas won the Uniformed badge
  • 01:00 themeanmachine won the Uniformed badge
  • 01:00 taavi won the Uniformed badge
  • 01:00 mikrouwel won the Uniformed badge
  • 01:00 noiz won the Uniformed badge
  • 01:00 herojig won the Uniformed badge
  • 01:00 mrcmark won the Freshman badge
  • 14:09 pauldh won the Sophmore badge