Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

SNTP and ACL HP J9584A 3800

This thread has been viewed 0 times

  • 1.  SNTP and ACL HP J9584A 3800

    Posted Jun 08, 2019 04:15 PM

    I have Vlan 2 "Management" 172.16.10.0/26 and Vlan 100 "Admins" 172.16.1.0/24.

    Vlan 2 - for management switch.

    Vlan 100 - for SNTP and SNMP server. 

    ACL was configured on the switch, after which there is no connection to the SNTP and SNMP server.

    Only the UDP port is not working

    Config:
    ...

    timesync sntp
    sntp unicast
    sntp server priority 1 172.16.1.10
    no telnet-server
    time timezone 180
    no web-management
    ...

    ip directed-broadcast
    ip route 0.0.0.0 0.0.0.0 192.168.44.254
    ip routing
    ip udp-bcast-forward
    ...

    vlan 2
    name "Management"
    tagged 1-12,24-25
    ip address 172.16.10.2 255.255.255.192
    ip forward-protocol udp 172.16.1.10 snmp
    ip forward-protocol udp 172.16.1.10 ntp
    ip forward-protocol udp 172.16.1.255 ntp
    exit
    ...

    vlan 100
    name "Admins"
    tagged 6,24-25
    ip access-group "Admins-IN" in
    ip address 172.16.1.254 255.255.255.0
    exit
    ...

    Access list:

    ip access-list extended "Admins-IN"
    5 remark "Established_und_ICMP"
    7 permit tcp 172.16.1.0 0.0.0.255 0.0.0.0 255.255.255.255 established
    10 permit icmp 172.16.1.0 0.0.0.255 0.0.0.0 255.255.255.255 0
    20 permit icmp 172.16.1.0 0.0.0.255 172.16.1.254 0.0.0.0 8
    30 permit icmp 172.16.1.0 0.0.0.255 172.16.21.0 0.0.0.255 8
    35 permit icmp 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.63 8
    50 remark "PERMIT_SNTP"
    55 permit udp 172.16.1.10 0.0.0.0 0.0.0.0 255.255.255.255 eq 123
    60 remark "PERMIT_SRV-KSB"
    65 permit ip 172.16.1.0 0.0.0.255 172.16.30.2 0.0.0.0
    80 remark "PERMIT_Vlans"
    81 permit udp 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.255 eq 161
    82 permit udp 172.16.1.0 0.0.0.255 172.16.21.0 0.0.0.255 range 161 162
    83 permit tcp 172.16.1.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 10050
    210 remark "DENY_Vlans"
    220 deny ip 172.16.1.0 0.0.0.255 192.168.0.0 0.0.255.255
    230 deny ip 172.16.1.0 0.0.0.255 10.0.0.0 0.255.255.255
    240 deny ip 172.16.1.0 0.0.0.255 172.16.0.0 0.15.255.255
    245 remark "Internet-Ohne_Proxy"
    246 permit ip 172.16.1.0 0.0.0.255 0.0.0.0 255.255.255.255
    250 remark "DENY_Alles"
    270 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
    exit

    Please tell me what I have not configured.

    Thanks!


    #UDP
    #sntp
    #NTP
    #ACL


  • 2.  RE: SNTP and ACL HP J9584A 3800

    EMPLOYEE
    Posted Jun 20, 2019 02:27 AM

    Hi ,

    Do you have any logs or screenshot that explain your issue ?