Hello,
Switch: HPE 5900AF
Firmware: r2432p06
I am trying to set up an ACL for an IOT vlan, the scope is all devices blocked from private subnets, and internet except for devices explicitly allowed
I have the ACL to a point where I have blocked inter vlan routing and can get DHCP address but cannot seem to get the allow rule for internet access working
My VLAN is configured:interface Vlan-interface120
description IOT VLAN
ip address 10.100.120.1 255.255.255.0
packet-filter name IOT_LAN inbound
packet-filter name IOT_LAN outbound
dhcp select relay
dhcp relay server-address 10.10.10.15
dhcp relay server-address 10.10.30.15
My ACL Is configured as follows:
acl number 3002 name IOT_LAN
rule 0 permit udp destination 10.10.10.15 0 destination-port eq bootpc
rule 1 permit udp destination 10.10.30.15 0 destination-port eq bootpc
rule 2 permit udp destination 10.10.10.15 0 destination-port eq dns
rule 3 permit udp destination 10.10.30.15 0 destination-port eq dns
rule 4 permit ip source 10.100.120.0 0.0.0.255 destination 10.100.120.0 0.0.0.255
rule 5 permit tcp source 10.100.120.20 0 destination-port eq www (allow HTTP)
rule 6 permit tcp source 10.100.120.20 0 destination-port eq 443 allow
rule 50 deny ip source 172.16.0.0 0.15.255.255 destination 10.100.120.0 0.0.0.255
rule 51 deny ip source 10.0.0.0 0.0.0.255 destination 10.100.120.0 0.0.0.255
rule 52 deny ip source 192.168.0.0 0.0.255.255 destination 10.100.120.0 0.0.0.255
Device that requires WAN access: 10.100.120.20
Firewall Address: 172.25.0.1
This switch is operating as the main router with a static route -> 0.0.0.0 0.0.0.0 172.25.0.1 pointing to the firewall
I can successfully get a dhcp address, ping the gateway IP and also talk to other devices on the subnet but I cannot get out to the internet from the device 10.100.120.20 as defined in rules 5&6
Any insight would be gratefully appreciated
Thanks!
------------------------------
JP
JP
------------------------------