Comware

Hi,

I would like to clarify few points concerning ACLs on OfficeConnect 1920S.

About ACL capabilities, an extract from the documentation :

HPE OfficeConnect 1920S switches support IPv4 and MAC ACLs. The maximum number of ACLs
(IPv4 and MAC) is 50. ACLs are applied per interface, and each interface supports a maximum of 10
rules (https://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00003478en_us-6.pdf)

Can you confirm that this means that an acl can only contain 10 active rules ?  implicit deny all rule included ?

ACL on VLAN

I would like to apply ACLs per VLAN.

is it possible to apply more than one ACL per vlan ?

• 1 in Inbound direction + 1 in Outbound ?
• 2 in inboud direction + 1 in Outbound ?

Which configuration do you recommand ?

Outbound VLAN ACL

In this example : https://image.noelshack.com/fichiers/2020/14/7/1586076215-hpe-1920s-oc.png

Can an outbound VLAN ACL apply before arrival on the router?

Thanks for your help !

Hello!

Each ACL can have up to 10 rules.
You can apply only one ACL per Vlan-Interface in inbound direction (2 in inboud direction + 1 in Outbound  = false)
You cannot apply ACL on Vlan-interface in outbound direction. (1 in Inbound direction + 1 in Outbound  = false)
"Can an outbound VLAN ACL apply before arrival on the router?" - no, there is no such possibility.

Please, be aware that 1920s has very basic routing capabilities and its routing and security features are not as advanced as of routers or firewalls.

Hope it helps!

Hi, 

Thanks a lot.

Can you confirm that the implicit deny rule is not included in the 10 rules ?

Hello!

I confirm, the 10 rules allowed per ACL do not include the implicit deny rule that stands at the end of each ACL, but does not occupy dedicated resources, so you have all 10 rules to configure with your custom rules.

Hello @Ivan_B . But i can assign single rule for a vlan, not an acl. Please suggest me advanced HPE office connect series switch in advance