Traffic Filtering HP-MSR920 Router

Need some assistance setting up firewall rules on an HP MSR920 Router.

I've enabled firewall, but I need to know how to use commands to:

1. allow SMTP traffic from a single device on network
2. block all other SMTP traffic from devices on network
D HService Desk ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
may i clarify the requirement further?

1. allow SMTP traffic from a single device on

2. block all other SMTP traffic from devices on network TO THE INTERNET
btanExec ConsultantCommented:
You can catch this HP ACL document, it is very handy for crafting access-list for your use cases.

Remember to enable the  ACL Mode first e.g.

To enable the ACL mode, enter the following commands:
HP9300(config-if-e1000-1/1)# exit
HP9300(config)# no ip dont-use-acl
HP9300(config)# write memory
HP9300(config)# end
HP9300# reload

To configure an extended access list that blocks all SMTP traffic received on port 1/1 from IP host,
enter the following commands.

HP9300(config)# access-list 101 deny tcp host any eq smtp log
HP9300(config)# access-list 101 permit ip any any
HP9300(config)# int eth 1/1
HP9300(config-if-1/1)# ip access-group 101 in
HP9300(config)# write memory

Note the use of tcp eq smtp which smtp is recognised or you can use port no too... also the in | out parameter specifies whether the ACL applies to incoming traffic or outgoing traffic on the interface to which you apply the ACL. You can apply the ACL to an Ethernet port or virtual interface.

Here are further examples for your references e.g.

HP9300(config)# access-list 102 deny igmp host rkwong log
 denies IGMP traffic from the host device named “rkwong” to the 209.157.21.x network.

HP9300(config)# access-list 102 deny igrp host rkwong log
 denies IGRP traffic from the 209.157.21.x network to the host device named “rkwong”.

HP9300(config)# access-list 102 deny ip host host log
 denies all IP traffic from host to host and generates Syslog entries for packets that are denied by this entry.

HP9300(config)# access-list 102 permit ip any any
 permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.

Hope the above should be sufficient for you to craft to your use case...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D HService Desk ManagerAuthor Commented:
Thanks btan, sorry for the delay.
btanExec ConsultantCommented:
no worries, hope it helps. thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.