NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

akira168's avatar
akira168
Aspirant
Mar 20, 2017

IP based ACL using GUI

Hi Netgear Community,

 

Can someone give me an example to set up IP based ACL with GUI?

What we want to do is just to permit all the services only from the network address, 192.168.55.0/24 on the port 17. All the other network addresses should be blocked.

The port has already been configured VLAN550 which is 192.168.55.0.

I am not quite sure the way to describe, the order to apply the ACL so on.

 

The firmware version is 11.0.0.18.

 

Thank you.

Best regards,

 

2017032001.png

Installation
Security
Solutions
Troubleshooting

7 Replies

    • akira168's avatar
      akira168
      Aspirant
      Mar 22, 2017

      Hi DaneA,

       

      Thank you for your reply.

      Please take a look at the attached screen shot.

      I have tried to allow passing only 192.168.55.0/24.

      However once the setting of ACL Based on Destination IPv4, all the IP addresses are blocked.

      Can you correct my settings? Before adding the ACL, the network is pigable.

       

      Best regards,

       

      2017032201.png

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Mar 29, 2017

    akira168,

     

    I apologize for the late response. :( 

     

    Kindly try the steps below:

     

    1. On the rule you have created, under Match Every, change "False into "True."

    2. Create another rule: set the Action to Deny, set the Match Every to False and set both Destination IP Address and IP Mask to "Any."

     

    Let me know if it helps.

     

    Kindly read pages 748-749 of the M7100-24x user manual here and refer to the example Standard IP ACL configuration given as this might help.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Apr 02, 2017

      @akira168,

       

      I just want to follow-up on this.  Were you able to try my suggestion?  If yes, let us know the results.

       

       

      Regards,

       

      DaneA

      NETGEAR Community Team

    • akira168's avatar
      akira168
      Aspirant
      Apr 03, 2017

      Hi DaneA,

       

      Thank you for your remind.

      I will test it and let you know.

       

      Best regards,

    • akira168's avatar
      akira168
      Aspirant
      Apr 04, 2017

      Hi DaneA,

       

      Your suggestion is to block certain IP address and to pass the others, isn't it?

       

      I am looking for the way to pass certain network address and to block all the others.

       

      Besides I cannot block any IP address by using your instruction.

       

      Thank you.

      Best regards,

       

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Apr 26, 2017

        akira168,

         

        My bad.  The Destination IP Mask should be a Wildcard Mask.  Kindly try the steps below:

         

        1. On the rule you have created, under Match Every, change "False into "True."

        2. Then change the Destination IP Mask from 255.255.255.0 to 0.0.0.255.

        3. Create another rule: set the Action to Deny, set the Match Every to False and set both Destination IP Address and IP Mask to "Any."

         

        Let me know if it helps.

         

        As reference guide, kindly read pages 748-749 of the M7100-24x user manual here and refer to the example Standard IP ACL configuration given.



        Regards,

         

        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More