NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Retired_Member's avatar
Retired_Member
May 10, 2017

Hi XanderVR,

 

Welcome to the community! Smiley Happy

 

First, the Switch M4300 support binding ACL rule to VLAN port, please refer to below configure:

By CLI command:

IP ACL binding to VLAN.jpg

By web GUI:

IP ACL binding to VLAN_by GUI.jpg

 

Second, I notice that only permit tcp protocol in your ACL rule. Do you only allow tcp packet between VLAN10 and VLAN20?

 

 

Hope it helps!

 

Regards,

 

EricZ

NETGEAR employee

 




XanderVR's avatar
XanderVR
Aspirant
May 10, 2017

Hello Eric,

 

thank you for the information, I will put this to test later today.

I knew that it was possible in the web interface, but I prefer CLI for configuring, and use the web interface for a visual view of settings.

 

I think TCP is sufficient, as the servers are all webservers which are connected to using HTTP, HTTPS or SSL, so all TCP.

Each VLAN has its own DHCP server so there won't be any UDP passthrough needed.

The rules I created are sufficient for blocking all VLAN taffice to VLAN1, which is not VLAN1 subnet? (Except for the small VLAN20 portion ofcourse)

  • Retired_Member's avatar
    Retired_Member
    May 11, 2017

    Hi XanderVR,

     

    Yes, agree with you. The rules should meet your requirement, and the policy should binding to VLAN1 for outbound direction. You can try it on your network. And looking forward to your good news.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More