NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

autoitaus's avatar
autoitaus
Tutor
Dec 07, 2018

M5300 oneway VLAN Routing

I have two VLANs, VLAN 1 and VLAN 2   I want to allow computers in VLAN 1 to access the computers in VLAN 2 I DO NOT want computers in VLAN 2 to be able to access computers in VLAN 1   How ...
Solutions
DaneA's avatar
DaneA
NETGEAR Employee Retired
Dec 18, 2018

autoitaus,

 

The article provided blocks ALL communication between VLAN 10 and VLAN 20.

As I have mentioned from my previous response, use the article as a guide only.  After VLAN Routing has been configured, you will have to create an ACL to allow computers in VLAN 1 to access the computers in VLAN 2 and another ACL to prevent computers in VLAN 2 to be able to access computers in VLAN 1.  

 

For further assistance, you may open a chat or online support ticket with NETGEAR Support at anytime.

 

 

Regards,


DaneA

NETGEAR Community Team

  • autoitaus's avatar
    autoitaus
    Tutor
    Dec 18, 2018

    In my screenshot I have two rules

     

    1. Deny Source 192.168.19.0/24 to Dest 172.29.240.0/24

    2. Allow everything

     

    Traffice from 172.29.240.0/24 to 192.168.19.0/24 does not match rule 1, therefore it will fall to rule 2 - allow all.

    • autoitaus's avatar
      autoitaus
      Tutor
      Dec 19, 2018
      The rule attached also allows two way traffic as well, even though there is specifically a deny in there for one direction. I've tried logging a call with Netgear, but their online chat is down and so is their my.netgear.com portal - I've confirmed this with Netgear directly. I don't have time to spend hours on the phone, so the only other option on their support page is to post in the community forums (which is here)
    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Dec 30, 2018

      autoitaus,

       

      I apologize for the late response. Let's try this via console connection:


      (M5300) #config
      (M5300) (Config)#access-list 1 deny 192.168.19.0 0.0.0.255 
      (M5300) (Config)#access-list 1 permit ip any any

       

      (M5300)#interface [VLAN 1 port members]
      (M5300) (Interface [VLAN 1 port members])#ip access-group 1 in
      (M5300) (Interface [VLAN 1 port members])#exit
      (M5300) (Config)#exit

       

      Let us know how it goes. 

       

       

      Regards,


      DaneA

      NETGEAR Community Team

      • autoitaus's avatar
        autoitaus
        Tutor
        Jan 01, 2019

        Error as per attached

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jan 07, 2019

    autoitaus,

     

    It would be best that you open a chat or online support ticket with NETGEAR Support at anytime and discuss your current network setup and your concern.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • autoitaus's avatar
      autoitaus
      Tutor
      Jan 07, 2019

      I don't have a support contract, that's why I'm asking the community.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More