View Only
last person joined: 2 days ago 

Expand all | Collapse all

ip routing and acl default behavior

This thread has been viewed 0 times
  • 1.  ip routing and acl default behavior

    Posted Feb 28, 2018 07:10 AM


    I'm bit new to HP switching and because I have acute problem I have to ask quick and some what easy question:

    I have two 5406 stacked together acting also dhcp-service, default gateways and IGMP Querier for 9 vlan's.

    There is "ip routing" enabled in stack with "ip route" command wich seems to define gateway to wan...

    Also there is extended acl's for every vlan (assigned in int vlan xx configuration with command "ip access-group ACLxx in") where I try to isolate couple vlan's totally from network that they cannot be seen outside their own vlan. Stack should only act as an igmp querier and dhcp-server for those "isolated vlans".

    Thoug I have denied icmp (eg. ping) between network (wich lives in vlan 10 with stack configured ip and (wich lives vlan 20 with stack configured ip 

    There is proper IGMP denial ACL rule is in both vlans (1 deny icmp 10.10.x.0 but still I can ping client from client!?!?!?)

    Questions are:

    By default, does "ip routing" feature create routers between all connected networks in stack or do I have some kind of misconfiguration? (where do i find documentation about this? Is there command reference for cli of this switching os?)

    What is default behavior of extended ACL? If there is no matching configuration line in acl, does acl drop packet or pass it forward by default?

    I will be really appreciated if somebody can answers these qustions!



  • 2.  RE: ip routing and acl default behavior

    Posted Mar 04, 2018 05:07 AM

    Have to answer to myself...

    Yes, by default ip routing feature creates routes between every connect ip networks and floods traffic between vlans

    ACL, when applied to port/vlan/etc, will drop packet if no matching permit ace are found.