Traffic Filtering HP-MSR920 Router

Need some assistance setting up firewall rules on an HP MSR920 Router.

I've enabled firewall, but I need to know how to use commands to:

1. allow SMTP traffic from a single device on network
2. block all other SMTP traffic from devices on network
D HService Desk ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
may i clarify the requirement further?

1. allow SMTP traffic from a single device on
network TO THE INTERNET

2. block all other SMTP traffic from devices on network TO THE INTERNET
0
btanExec ConsultantCommented:
You can catch this HP ACL document, it is very handy for crafting access-list for your use cases.
http://www.hp.com/rnd/support/manuals/pdf/release_06628_07110/Bk2_Ch3_ACL.pdf

Remember to enable the  ACL Mode first e.g.

To enable the ACL mode, enter the following commands:
HP9300(config-if-e1000-1/1)# exit
HP9300(config)# no ip dont-use-acl
HP9300(config)# write memory
HP9300(config)# end
HP9300# reload

To configure an extended access list that blocks all SMTP traffic received on port 1/1 from IP host 209.157.22.26,
enter the following commands.

HP9300(config)# access-list 101 deny tcp host 209.157.22.26 any eq smtp log
HP9300(config)# access-list 101 permit ip any any
HP9300(config)# int eth 1/1
HP9300(config-if-1/1)# ip access-group 101 in
HP9300(config)# write memory

Note the use of tcp eq smtp which smtp is recognised or you can use port no too... also the in | out parameter specifies whether the ACL applies to incoming traffic or outgoing traffic on the interface to which you apply the ACL. You can apply the ACL to an Ethernet port or virtual interface.

Here are further examples for your references e.g.

HP9300(config)# access-list 102 deny igmp host rkwong 209.157.21.0/24 log
 denies IGMP traffic from the host device named “rkwong” to the 209.157.21.x network.

HP9300(config)# access-list 102 deny igrp 209.157.21.0/24 host rkwong log
 denies IGRP traffic from the 209.157.21.x network to the host device named “rkwong”.

HP9300(config)# access-list 102 deny ip host 209.157.21.100 host 209.157.22.1 log
 denies all IP traffic from host 209.157.21.100 to host 209.157.22.1 and generates Syslog entries for packets that are denied by this entry.

HP9300(config)# access-list 102 permit ip any any
 permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.

Hope the above should be sufficient for you to craft to your use case...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D HService Desk ManagerAuthor Commented:
Thanks btan, sorry for the delay.
0
btanExec ConsultantCommented:
no worries, hope it helps. thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.