NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ACL rules M4300
I would like to create extended ACL's to allow only DHCP and DNS from a subnet to a server.
On Web GUI, when you create new rule for the IP ACL, only need input 4 fields as below, all other parameter just keep default config:
Sequence Number: input any value is ok;
Action: Permit
Protocol Type: UDP
Dst L4: input 53/67/68
The ending deny everything rule is default behavior, no need config by manual.
Then go to 'IP Binding Configuration' page, select the correct port that you want to apply this IP ACL rule.
11 Replies
Hi spopuri ,
Welcomet to Community!
Suggest you config IP ACL to meet your requirement.
As both DHCP and DNS is based on UDP protocol, so you can create one IP ACL with 3 rules(permit udp destination port 53/67/68). Then binding the IP ACL to the pyhsical port or VLAN.
For detailed ACL configuration, please refer to link (Software Administration Manual: Page 171)
Below is the example config:
ip access-list test
permit udp any any eq domain
permit udp any any eq 67
permit udp any any eq 68
exit
interface 1/0/1
ip access-group test in 1
exitHope it helps!
Regards,
Eric
Thanks, Eric, I would like to do this in the web interface. Is it possible to give me an example?
Should I mention the port number in the source and destination
- Hi,
The examples for both CLI and Web GUI are in the Software Administration Manual starting page 172 (ACL chapter). That's Eric indicated the link to it.
https://www.netgear.com/support/product/m4300.aspx#docs
Specifically, http://www.downloads.netgear.com/files/GDC/M4300/M4300_SWA_EN.pdf
Unlike other manuals presenting all commands, the Software Administration Manual is a collection of real word examples with explained config.
I hope it will help you, please let us know how it goes
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
