Hello,
I'm bit new to HP switching and because I have acute problem I have to ask quick and some what easy question:
I have two 5406 stacked together acting also dhcp-service, default gateways and IGMP Querier for 9 vlan's.
There is "ip routing" enabled in stack with "ip route 0.0.0.0 0.0.0.0 10.170.92.1" command wich seems to define gateway to wan...
Also there is extended acl's for every vlan (assigned in int vlan xx configuration with command "ip access-group ACLxx in") where I try to isolate couple vlan's totally from network that they cannot be seen outside their own vlan. Stack should only act as an igmp querier and dhcp-server for those "isolated vlans".
Thoug I have denied icmp (eg. ping) between 10.10.10.0/24 network (wich lives in vlan 10 with stack configured ip 10.10.10.1) and 10.10.20.0/20 (wich lives vlan 20 with stack configured ip 10.10.20.1)
There is proper IGMP denial ACL rule is in both vlans (1 deny icmp 10.10.x.0 0.0.255.255 0.0.0.0 255.255.255.255) but still I can ping client 10.10.10.130 from client 10.10.20.250(?!?!?!?)
Questions are:
By default, does "ip routing" feature create routers between all connected networks in stack or do I have some kind of misconfiguration? (where do i find documentation about this? Is there command reference for cli of this switching os?)
What is default behavior of extended ACL? If there is no matching configuration line in acl, does acl drop packet or pass it forward by default?
I will be really appreciated if somebody can answers these qustions!
#ACL#ip#5406#routing