NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IP ACL Vlans MG5300
Hello,
I would like to implement IPv4 ACL policies in a Vlan segmentated network. My core switch is an M5300-28G ProSafe 24-port Gigabit L2+ with 10 Gigabit Stacking, 10.0.0.44, B1.0.0.5.
I have the following vlan on the MG5300:
Vlan1 192.168.0.0/24 - Servers + Internet Gateway
Vlan10 192.168.10.0/24
Vlan20 192.168.20.0/24
Vlan30 192.168.30.0/24
Vlan40 192.168.40.0/24
Vlan50 192.168.50.0/24
Vlan60 192.168.60.0/24
Vlan70 192.168.70.0/24 - Printers
I need to implement:
Vlan10
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan20, vlan30, vlan40, vlan50, vlan60
Vlan20
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan10, vlan30, vlan40, vlan50, vlan60
Vlan30
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan20, vlan10, vlan40, vlan50, vlan60
Vlan40
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan20, vlan30, vlan10, vlan50, vlan60
Vlan50
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan20, vlan30, vlan40, vlan10, vlan60
Vlan60
Acces to vlan1 (to permit access to Servers and Internet)
Access to Vlan70 (to permit access to printers)
No Access to Vlan20, vlan30, vlan40, vlan50, vlan10
Which is the best way to implement this requirements ?
Thanks so much !
3 Replies
Hi fjsanchez,
Welcome to the community!
Yes, just as you said, IPv4 ACL function can meet your requirement.
And we need binding ACL rule to VLAN10~60, below is detailed configuraiton:"IP ACL config for VLAN10"
ip access-list vlan10
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan10 vlan 10 in 1"IP ACL config for VLAN20"
ip access-list vlan20
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan20 vlan 20 in 1"IP ACL config for VLAN30"
ip access-list vlan30
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan30 vlan 30 in 1"IP ACL config for VLAN40"
ip access-list vlan40
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan40 vlan 40 in 1"IP ACL config for VLAN50"
ip access-list vlan50
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan50 vlan 50 in 1"IP ACL config for VLAN60"
ip access-list vlan60
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
permit ip any any
exit
ip access-group vlan60 vlan 60 in 1Hope it helps!
Regards,
EricZ
NETGEAR employee
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
