OK, but...
Assume client is on Vlan 10, with ACL applied to Vlan10 inbound, I can stop access to webserver of HPE5900 on IP (192.168.21.254) for VLAN 21
rule 3 deny tcp source any destination-port eq 443 destination 192.168.21.254 0.0.0.0
rule 4 for another vlan
rule 5 for yet another vlan
etc
etc
It is an UGLY solution, requring so many "unnecessary" entries in a very long ACL that must be applied to each VLAN that clients might exists (Staff/Students etc)
Had to make ACL with 21 lines for https port 443 & 21 lines for ssh port 22 lines (one per IP of routed existing VLAN) and apply it to 4 separate VLAN interfaces that clients can be in
If there wass no ACL applied (because I do not need any restrictions on them), it worked fine, on one that already had ACL applied it gave me an error of sorts
interface Vlan-interface88
ip address 192.168.88.254 255.255.255.0
packet-filter filter route
packet-filter 3088 inbound
#
return
[HPE5900-SR1-Vlan-interface88] packet-filter 3333 inbound
Failed to apply ACL 3333 to the inbound direction of interface Vlan-interface88 on slot 1, 2, 3, 4.
[HPE5900-SR1-Vlan-interface88]dis thi
#
interface Vlan-interface88
ip address 192.168.88.254 255.255.255.0
packet-filter filter route
packet-filter 3088 inbound
packet-filter 3333 inbound
#
return
But it still shows as inserted into config.
Can multiple ACLs be applied?