04-22-2013 02:03 AM
I have a Student VLAN and an IT Services VLAN
I wish to be able to TCP from IT to student, but do not wish to be able to TCP from Student to IT Services
I have tried using
access-list 101 permit source destination established
but this allows tcp in both directions, unless I have the syntax wrong or have missed something.
do I need to add things like gt 1023 or ACK,RST
09-06-2013 06:32 AM
You'll have to apply the ACL as "in" or "out" on a VLAN. I'd recommend checking out the ACL part of the Configuration & Management Guide for the K-series (HP 5400/8200/3500). I always refer to it when making ACLs. You can specify standard or extended ACLs, then apply them in different ways.