Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

Vlan acl issue

This thread has been viewed 12 times
  • 1.  Vlan acl issue

    Posted Jan 28, 2024 01:47 AM

    I'm trying to create an acl and I can't get it working right. I am trying to block vlan 7 from vlan 18, but not Vlan 18 from vlan 7. I created the acl below and applied it to vlan 7 with IP access-group vlan7acl in. Problem is it is blocking vlan 7 from 18 and vlan 18 from vlan 7. I feel like it should work the way I want it to, but isn't. Thank you.

    10 deny ip 10.0.10.0/23 10.0.18.0/23

    Permit ip any any



  • 2.  RE: Vlan acl issue

    Posted Jan 28, 2024 12:32 PM

    Hi,

    I assume you have tested connectivity to work without acl(?) Also assuming that vlan7 = 10.0.10.0/23 and vlan18 = 10.0.18.0/23. Which switch model we are talk about? (I assume L3 version >=6200)

    If you put such ACL to vlan7's outbound traffic, you cannot get answer back from vlan7 to vlan18. I think you need stateful system to control traffic such way?



    ------------------------------
    Jori Luoto
    AV-IT Specialist
    ------------------------------



  • 3.  RE: Vlan acl issue

    Posted Jan 28, 2024 03:09 PM
    Sorry about that. I thought I added it. We use 2930m switches. They have been in place for a couple of years with vlans, etc.. Connections between the vlans work. I'm just looking to start segmenting things. 

    --
    Thank you,

    Matt Gross
    Technology Coordinator
    Egg Harbor City Public School District
    730 Havana Avenue
    Egg Harbor City, NJ 08215
    Phone: 609-965-1034 ext. 106
    Email: mgross@eggharborcityschools.com
    Website: www.eggharborcityschools.com

    CONFIDENTIALITY NOTICE: The information contained in this e-mail message is privileged and confidential, and intended only for the use of the individual(s) and/or entity(ies) named above. If you are not the intended recipient, you are hereby notified that any unauthorized disclosure, copying, distribution or taking of any action in reliance of the contents of the e-mail materials is strictly prohibited. If you have received this transmission in error, please immediately notify the Sender.