cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
matge
New Contributor II

1638 ACL how it work ?

Jump to solution

Hello,

I have 1638 with several vlan setup . By default all the subnet can reach all each other. I want to restrict some vlan/subnet to reach others.

example : the vlan 3 have to reach vlan 10,15,55,200 but not 20,210 & 250. Each vlan have his own dhcp server on 1638.

vlan 250 have to reach 15,16,&17   etc..

How could I programm this ?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: 1638 ACL how it work ?

Jump to solution

:

Thank you for asking this question in the support community.  The NetVanta 1638 is a Layer 3 switch, without a stateful firewall; therefore, to permit/deny access you must configure hardware access-lists (ACLs).  The guide Configuring Hardware ACLs in AOS will provide detailed information on how to design, configure and implement hardware ACLs.  Below is a very brief sample configuration:

ip hw-access-list extended HW-BLOCK-VLANS

  deny ip 2.2.2.0 0.0.0.255 4.4.4.0 0.0.0.255

  deny ip 3.3.3.0 0.0.0.255 4.4.4.0 0.0.0.255

  permit ip any any

!

hw-access-map MY-HW-MAP

  forward ip HW-BLOCK-VLANS

  vlans 3-5,10,12

In this basic example, traffic arriving on VLANs 3-5,10,12, with a source IP address, of 2.2.2.0/24 or 3.3.3.0/24 with a destination of 4.4.4.0/24 would be blocked, and everything else would be allowed/forwarded.

I hope that concept makes sense, but after you review the guide, please let me know if you have any additional questions.  I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: 1638 ACL how it work ?

Jump to solution

:

Thank you for asking this question in the support community.  The NetVanta 1638 is a Layer 3 switch, without a stateful firewall; therefore, to permit/deny access you must configure hardware access-lists (ACLs).  The guide Configuring Hardware ACLs in AOS will provide detailed information on how to design, configure and implement hardware ACLs.  Below is a very brief sample configuration:

ip hw-access-list extended HW-BLOCK-VLANS

  deny ip 2.2.2.0 0.0.0.255 4.4.4.0 0.0.0.255

  deny ip 3.3.3.0 0.0.0.255 4.4.4.0 0.0.0.255

  permit ip any any

!

hw-access-map MY-HW-MAP

  forward ip HW-BLOCK-VLANS

  vlans 3-5,10,12

In this basic example, traffic arriving on VLANs 3-5,10,12, with a source IP address, of 2.2.2.0/24 or 3.3.3.0/24 with a destination of 4.4.4.0/24 would be blocked, and everything else would be allowed/forwarded.

I hope that concept makes sense, but after you review the guide, please let me know if you have any additional questions.  I will be happy to help in any way I can.

Levi

0 Kudos
Anonymous
Not applicable

Re: 1638 ACL how it work ?

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor