I am using a HP Procurve 3800 as my core L3 switch. I need to setup some ACLs, so my customer network cant talk to my local network.
Here's what I got:
Vlan1 = 172.26.0.0/22 (local subnet)
Vlan2 = 10.10.10.0/29 - Router Network (to other routers at other sites)
Vlan3= 192.168.4.1/22 - Customer Network (192.168.4.1 is the GW)
So, what I am trying to accomplish is to allow vlans 1 and 2 to play nicely, no blocking for them.
I dont want Vlan3 to be able to talk to Vlan1 or 2.
I called HP to ask them about it, but they weren't a whole lot of help (cuz they didn't want to be liable if my network took a dump). This is what I got out of our conversation and my research:
Create an ACL that only allows the customer network traffic to forward to the gateway. Deny everything else:
(config) # ip access-list standard "Customer-ACL"
HP Switch(config-Customer-ACL)# permit 192.168.4.0/22 192.168.4.1
HP Switch(config-Customer-ACL)# deny any
Then apply to the Customer VLAN:
(vlan-3) # ip access-group "Customer-ACL" out
Does this look right? Am I missing anything? Is there a better way to go about it?