Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 660
  • Last Modified:

Configuring Inter VLAN ACL on HP Switch

Hi,

I have an HP E5412zl in routed mode with various VLANs.

I have a scenario where I have VLAN 1, 2 and 3.

I'm trying to restrict VLAN 1 so that it can't communicate with the subnets on VLAN2 and VLAN3. However, I still want VLAN 2 and 3 to be able to communicate with VLAN1 when needed.

With the above configuration VLAN 1 should only be able to access the internet, not VLAN 2 and 3.

I know the basic syntax for creating named extended ACLs but I can't seem to get it right in applying it to the VLANs and making it work like the above.

Thanks.
0
RFVDB
Asked:
RFVDB
  • 3
  • 3
1 Solution
 
Don JohnstonCommented:
Here's the problem:

In order for VLAN 2 and 3 to be able to talk to VLAN 1, then the traffic from VLAN 1 must be able to get to VLAN 2 and 3.  Therefor VLAN 1 must be able to talk to VLANs 2 & 3.

Now there's a work-around to this, but it's not perfect.  You can allow TCP traffic from 1 to 2 & 3 only if it's a response.  And you can do the same with ICMP echo replies.  But there's not much you can do about UDP traffic.

So if you don't have any UDP traffic, you're all set.
0
 
RFVDBAuthor Commented:
Hi donjohnston,

Yeah, I don't think UDP traffic is really a concern security wise. I don't think hackers can really do anything with just UDP.

I'm trying to create a DMZ on this VLAN on the switch.

So the Layer 3 HP switch can't do what a router/firewall can do with stateful inspection between subnets? I guess I'll take whatever it can do.

Thanks!
0
 
RFVDBAuthor Commented:
Is it using the "Established" ACL parameter, similar to the old Cisco ACLs? I've used that in the past years ago on Cisco routers, just not sure if that's an option on the HP switch or if there's something better.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
Don JohnstonCommented:
Yes, that's how it's done.

And that's your only option (for this type of task) on an HP switch.
0
 
RFVDBAuthor Commented:
OK, do you know where I can find some good documentation on doing it on an HP switch?
0
 
Don JohnstonCommented:
It's the exact format and syntax as Cisco ACL's.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now