NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M5300 oneway VLAN Routing
I have two VLANs, VLAN 1 and VLAN 2
I want to allow computers in VLAN 1 to access the computers in VLAN 2
I DO NOT want computers in VLAN 2 to be able to access computers in VLAN 1
How would I go about this?
26 Replies
Hi autoitaus,
Welcome to the community! :)
Let me share the article below and use it as a guide to implement the network setup you want:
VLAN Routing on a NETGEAR Smart Switch
Regards,
DaneA
NETGEAR Community TeamThanks for the reply Dane, but I've already tried this previously and it hasn't worked. I've just tried again and confirmed that to be the case. When I add these rules in, traffic will not flow in either direction.
Refer screenshots.
ThanksThe article provided blocks ALL communication between VLAN 10 and VLAN 20.
As mentioned in my original post, I need VLAN 10 to be able to access VLAN 20 but I do not want VLAN 20 to access VLAN 10.
Thanks
Kindly delete the previous ACL command then try this:
(M5300) #config
(M5300) (Config)#access-list 1 deny 192.168.19.0 0.0.0.255
(M5300) (Config)#access-list 1 permit any any(M5300)#interface [VLAN 1 port members]
(M5300) (Interface [VLAN 1 port members])#ip access-group 1 in
(M5300) (Interface [VLAN 1 port members])#exit
(M5300) (Config)#exitLet us know how it goes.
Regards,
DaneA
NETGEAR Community Team
Error as per attached
The article provided blocks ALL communication between VLAN 10 and VLAN 20.
As I have mentioned from my previous response, use the article as a guide only. After VLAN Routing has been configured, you will have to create an ACL to allow computers in VLAN 1 to access the computers in VLAN 2 and another ACL to prevent computers in VLAN 2 to be able to access computers in VLAN 1.
For further assistance, you may open a chat or online support ticket with NETGEAR Support at anytime.
Regards,
DaneANETGEAR Community Team
In my screenshot I have two rules
1. Deny Source 192.168.19.0/24 to Dest 172.29.240.0/24
2. Allow everything
Traffice from 172.29.240.0/24 to 192.168.19.0/24 does not match rule 1, therefore it will fall to rule 2 - allow all.
- The rule attached also allows two way traffic as well, even though there is specifically a deny in there for one direction. I've tried logging a call with Netgear, but their online chat is down and so is their my.netgear.com portal - I've confirmed this with Netgear directly. I don't have time to spend hours on the phone, so the only other option on their support page is to post in the community forums (which is here)
It would be best that you open a chat or online support ticket with NETGEAR Support at anytime and discuss your current network setup and your concern.
Regards,
DaneA
NETGEAR Community Team
I don't have a support contract, that's why I'm asking the community.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
