NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IP ACL Vlans MG5300
Hello, I would like to implement IPv4 ACL policies in a Vlan segmentated network. My core switch is an M5300-28G ProSafe 24-port Gigabit L2+ with 10 Gigabit Stacking, 10.0.0.44, B1.0.0.5. I have...
Hi fjsanchez,
Welcome to the community!
Yes, just as you said, IPv4 ACL function can meet your requirement.
And we need binding ACL rule to VLAN10~60, below is detailed configuraiton:
"IP ACL config for VLAN10"
ip access-list vlan10
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan10 vlan 10 in 1
"IP ACL config for VLAN20"
ip access-list vlan20
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan20 vlan 20 in 1
"IP ACL config for VLAN30"
ip access-list vlan30
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan30 vlan 30 in 1
"IP ACL config for VLAN40"
ip access-list vlan40
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan40 vlan 40 in 1
"IP ACL config for VLAN50"
ip access-list vlan50
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.60.0 0.0.0.255
permit ip any any
exit
ip access-group vlan50 vlan 50 in 1
"IP ACL config for VLAN60"
ip access-list vlan60
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.30.0 0.0.0.255
deny ip any 192.168.40.0 0.0.0.255
deny ip any 192.168.50.0 0.0.0.255
permit ip any any
exit
ip access-group vlan60 vlan 60 in 1
Hope it helps!
Regards,
EricZ
NETGEAR employee
Thanks Eric,
Can we copy paste diretly to the switch via CLI or I need extra comands ?
I was using web configurator ;(
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
