Comware

 View Only

  • 1.  ACL Inter VLAN

    Posted Aug 11, 2016 03:34 PM

    Hi guys.

    I'm trying to create an ACL to block the http access (the default gw of all vlans). So VLAN 1 cannot access the webpage of the VLAN 100 default GW for an example.

    What I'm trying to do is to block the traffic that ingress the VLAN 1.

    rule 0 deny tcp souce 192.168.11.0 0.0.0.255 destination 10.8.100.254 0 destination-port eq 80

    interface vlan-interface 1 >> packet-filter <number> inbound

    I'm a little bit confused with the traffic orientation when a SVI in involved.

    Thanks in advance.


    #ACLs


  • 2.  RE: ACL Inter VLAN

    Posted Aug 14, 2016 11:09 PM

    Yes, the "direction" had me confused the first time, too.

    If you want to filter traffic from VLAN1 (subnet1) to VLAN10 (subhnet10), then your rule should filter:
    subnet1-->subnet10=deny
    and then you apply it on the VLAN1 SVI "INbound".



  • 3.  RE: ACL Inter VLAN

    Posted Aug 15, 2016 03:43 PM

    Hi.

    I did the procedure as below:

    Advanced ACL 3002, named BLOCK_HTTP_GW, 1 rule,
    ACL's step is 5
    rule 0 deny tcp source 192.168.11.0 0.0.0.255 destination 10.8.100.254 0 destination-port eq www

    And applied on SVI VLAN1 interface, inbound.

    Did not work. Do I need to block the IP protocol instead only tcp?

    Thanks in advance.


    #aclvlan


  • 4.  RE: ACL Inter VLAN

    Posted Aug 15, 2016 08:38 PM

    Do a simple access list that blocks everything first, so that you know that you are doing it right.

    Then change it to something more specific.



Related Content