I am new to creating ACLs, but here is what I am wanting to do. I have a Procurve 3500 split into two VLANs. The first VLAN is a private, internal VLAN with an IP scheme of 10.0.0.1/24. The second VLAN is designed to run a public WiFi system and has the IP scheme of 10.1.1.1/24. What I am wanting is to create an ACL that allows both VLANs to talk both ways to the internet source which is 10.0.0.2. Then I need to be able to talk from two servers (10.0.0.1, 10.0.0.3) to the wireless VLAN so I can manage the APs remotely, but not have the wireless VLAN be able to initiate communication so the internal network stays secure. Anyone able to assist?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ACLs on Procurve 3500
- Thread starter spqr2001
- Start date
Consult this doc first and see if you can make sense of it. if you still have questions, post back and we'll help you out:
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
VinceWhirlwind
Technical User
What about:
ip access-list extended "Wireless"
deny ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 0.0.0.0 255.255.255.255
vlan 1
ip address 10.0.0.1 255.255.255.0
ip access-group "Wireless" out
ip access-list extended "Wireless"
deny ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 0.0.0.0 255.255.255.255
vlan 1
ip address 10.0.0.1 255.255.255.0
ip access-group "Wireless" out
- Status
Similar threads
- Locked
- Question