Hi guys,
I would like to know if the V1910 is capable of denying access from a given vlan and into other vlans on the switch?
I need vlan40 to be for guest only and they should only be allowed to travel through the network and go on the internet.
Can some show me the commands to accomplish this?
I've tried the following commands with no luck at all:
acl number 3001
rule 0 deny ip source 10.203.40.0 0 destination 10.203.10.0 0
traffic classifier vlan40_2_vlan10
if-match acl 3001
traffic behavior deny_stats_2
filter deny
qos policy vlan40_acl_vlan10
classifier vlan40_2_vlan10 behavior deny_stats_2
qos vlan-policy vlan40_acl_vlan10 vlan 10 inbound
See my configuration on my switch:
#
version 5.20, Release 1513P85
#
sysname HP
#
dhcp relay server-group 1 ip 10.203.10.11
#
domain default enable system
#
undo ipv6
#
telnet server enable
#
ip ttl-expires enable
#
password-recovery enable
#
acl number 3001
rule 0 deny ip source 10.203.40.0 0 destination 10.203.10.0 0
#
vlan 1
#
vlan 10
description Server
name VLAN_10
#
vlan 20
description Clients
name VLAN_20
#
vlan 30
description Clients_Wifi
name VLAN_30
#
vlan 40
description Clients_Wifi
name VLAN_40
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier vlan40_2_vlan10 operator and
if-match acl 3001
#
traffic behavior deny_stats_2
filter deny
#
qos policy vlan40_acl_vlan10
classifier vlan40_2_vlan10 behavior deny_stats_2
#
user-group system
#
local-user admin
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
stp mode rstp
stp enable
#
interface Bridge-Aggregation1
description LACP_link_to_SYNOLOGY
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface1
ip address 10.203.5.2 255.255.255.0
#
interface Vlan-interface10
ip address 10.203.10.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface20
ip address 10.203.20.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface30
ip address 10.203.30.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface40
ip address 10.203.40.1 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface GigabitEthernet1/0/1
stp edged-port enable
#
interface GigabitEthernet1/0/2
stp edged-port enable
#
interface GigabitEthernet1/0/3
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/4
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/5
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/6
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/7
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/8
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/9
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/10
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/11
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/12
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/13
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/14
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/15
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/16
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/17
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/18
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/19
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/20
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/21
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/22
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/23
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/24
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/25
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/26
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/27
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/28
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/29
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/30
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/31
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/32
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/33
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/34
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/35
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/36
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/37
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/38
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/39
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/40
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/41
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/42
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/43
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/44
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/45
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
stp edged-port enable
link-aggregation port-priority 100
port link-aggregation group 1
#
interface GigabitEthernet1/0/46
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
port trunk pvid vlan 10
stp edged-port enable
link-aggregation port-priority 100
port link-aggregation group 1
#
interface GigabitEthernet1/0/47
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/48
port access vlan 10
stp edged-port enable
#
interface GigabitEthernet1/0/49
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/50
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/51
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
interface GigabitEthernet1/0/52
port link-type hybrid
port hybrid vlan 10 20 30 40 tagged
port hybrid vlan 1 untagged
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 Vlan-interface1 10.203.5.1
#
snmp-agent
snmp-agent local-engineid 8000000B03CC3E5FE426FA
snmp-agent sys-info contact motz
snmp-agent sys-info location serverroom
snmp-agent sys-info version v3
#
dhcp enable
#
ssh server enable
#
qos vlan-policy vlan40_acl_vlan10 vlan 10 inbound
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme
#
return
P.S. This thread has been moved from Comware-Based to Web & Unmanaged. - Hp forum moderator
#VLAN#v1910#ACL#routing