Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Configuring Inter VLAN ACL on HP Switch

Posted on 2013-10-23
6
Medium Priority
?
659 Views
Last Modified: 2013-11-13
Hi,

I have an HP E5412zl in routed mode with various VLANs.

I have a scenario where I have VLAN 1, 2 and 3.

I'm trying to restrict VLAN 1 so that it can't communicate with the subnets on VLAN2 and VLAN3. However, I still want VLAN 2 and 3 to be able to communicate with VLAN1 when needed.

With the above configuration VLAN 1 should only be able to access the internet, not VLAN 2 and 3.

I know the basic syntax for creating named extended ACLs but I can't seem to get it right in applying it to the VLANs and making it work like the above.

Thanks.
0
Comment
Question by:RFVDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39596651
Here's the problem:

In order for VLAN 2 and 3 to be able to talk to VLAN 1, then the traffic from VLAN 1 must be able to get to VLAN 2 and 3.  Therefor VLAN 1 must be able to talk to VLANs 2 & 3.

Now there's a work-around to this, but it's not perfect.  You can allow TCP traffic from 1 to 2 & 3 only if it's a response.  And you can do the same with ICMP echo replies.  But there's not much you can do about UDP traffic.

So if you don't have any UDP traffic, you're all set.
0
 

Author Comment

by:RFVDB
ID: 39598047
Hi donjohnston,

Yeah, I don't think UDP traffic is really a concern security wise. I don't think hackers can really do anything with just UDP.

I'm trying to create a DMZ on this VLAN on the switch.

So the Layer 3 HP switch can't do what a router/firewall can do with stateful inspection between subnets? I guess I'll take whatever it can do.

Thanks!
0
 

Author Comment

by:RFVDB
ID: 39602061
Is it using the "Established" ACL parameter, similar to the old Cisco ACLs? I've used that in the past years ago on Cisco routers, just not sure if that's an option on the HP switch or if there's something better.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 50

Expert Comment

by:Don Johnston
ID: 39602574
Yes, that's how it's done.

And that's your only option (for this type of task) on an HP switch.
0
 

Author Comment

by:RFVDB
ID: 39603231
OK, do you know where I can find some good documentation on doing it on an HP switch?
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 39603277
It's the exact format and syntax as Cisco ACL's.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question