Wired Intelligent Edge

 View Only

  • 1.  vlan acls

    Posted Apr 07, 2016 02:51 PM

    Hi, I'm trying to prevent vlan 4 (172.26.96.0/22 from accessing all other vlans.

    but

    I would like vlan 4 to be able to access 172.24.1.4 on udp 67

    and

    I would like vlan 4 to be able to access the internet default gateway

     

    Procurve 5400

     

    Thanks,

    Brian


    #ACLs


  • 2.  RE: vlan acls

    Posted Apr 11, 2016 04:13 AM

    Dear

     

    Plz try the below..

     

    1. for preventing vlan 4 from all other vlans

    20 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

    2. for allowing vlan 4 to communictae 172.24.1.4 on UDP 67

    11 permit udp 0.0.0.0 255.255.255.255 172.24.1.4 0.0.0.0 eq 67

    3. For allowing vlan 4 to communicate default gateway

    10 permit ip 0.0.0.0 255.255.255.255 X.X.X.X 255.255.255.255

    Where X.X.X.X is your Default Gateway.



  • 3.  RE: vlan acls

    Posted Apr 11, 2016 01:16 PM

    Try below. Maybe syntax isn;t 100% , but I'm doing too much vendors at the moment
    #first, pass dhcp requests:
    permit udp any any eq 67
    #allow pinging the GW: (assuming .1 is GW)
    permit icmp any host 172.26.96.1
    #Block other VLANs, assuming they are RFC1918 networks
    deny ip any 10.0.0.0  0.255.255.255
    deny ip any 192.168.0.0  0.0.255.255
    deny ip any 172.16.0.0  0.15.255.255
    #Permit internet access
    permit ip any any

     



Related Content