NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

autoitaus's avatar
autoitaus
Tutor
Dec 07, 2018

M5300 oneway VLAN Routing

I have two VLANs, VLAN 1 and VLAN 2   I want to allow computers in VLAN 1 to access the computers in VLAN 2 I DO NOT want computers in VLAN 2 to be able to access computers in VLAN 1   How ...
Solutions
DaneA's avatar
DaneA
NETGEAR Employee Retired
Dec 09, 2018

Hi autoitaus,

 

Welcome to the community! :) 

 

Let me share the article below and use it as a guide to implement the network setup you want:

 

VLAN Routing on a NETGEAR Smart Switch

 

 

Regards,


DaneA
NETGEAR Community Team

  • autoitaus's avatar
    autoitaus
    Tutor
    Dec 18, 2018

    Thanks for the reply Dane, but I've already tried this previously and it hasn't worked. I've just tried again and confirmed that to be the case. When I add these rules in, traffic will not flow in either direction.

     

    Refer screenshots.


    Thanks

     

     

    • autoitaus's avatar
      autoitaus
      Tutor
      Dec 18, 2018

      The article provided blocks ALL communication between VLAN 10 and VLAN 20.

       

      As mentioned in my original post, I need VLAN 10 to be able to access VLAN 20 but I do not want VLAN 20 to access VLAN 10.

       

      Thanks

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jan 02, 2019

    autoitaus,

     

    Kindly delete the previous ACL command then try this:

     

    (M5300) #config
    (M5300) (Config)#access-list 1 deny 192.168.19.0 0.0.0.255 
    (M5300) (Config)#access-list 1 permit any any

     

    (M5300)#interface [VLAN 1 port members]
    (M5300) (Interface [VLAN 1 port members])#ip access-group 1 in
    (M5300) (Interface [VLAN 1 port members])#exit
    (M5300) (Config)#exit

     

    Let us know how it goes. 

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • autoitaus's avatar
      autoitaus
      Tutor
      Jan 02, 2019

      Error as per attached

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Jan 03, 2019

      autoitaus,

       

      Kindly delete the previous ACL commands then try this below:

       

      (M5300) #config
      (M5300) (Config)#access-list 1 deny 192.168.19.0 0.0.0.255 
      (M5300) (Config)#access-list 1 permit 0.0.0.0 255.255.255.255

       

      (M5300)#interface [VLAN 1 port members]
      (M5300) (Interface [VLAN 1 port members])#ip access-group 1 in
      (M5300) (Interface [VLAN 1 port members])#exit
      (M5300) (Config)#exit

       

      Let us know how it goes. 

       

       

      Regards,

       

      DaneA

      NETGEAR Community Team

      • autoitaus's avatar
        autoitaus
        Tutor
        Jan 03, 2019

        Hi Dane,

         

        I need to attach the ACL to a VLAN, not individual ports. What is the syntax for this?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More