NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
TCP Port ACL rules M4300 Help
Hi all, I am looking for some assistance. I have a m4300 52-port managed switch, which I have configured to utilise multiple VLANs. In addition, I have set up an ACL to prevent undesired communicati...
Hi Mikeemikew,
I am not sure how the ACL is bound, but there are several ways of doing it. I think, the easiest is to bind it against a VLAN, so that it applies to all devices.
I have tested this here in my lab for you, and can confirm, that the following table works:
access-list 101 permit tcp host 192.168.50.203 192.168.200.0 0.0.0.255 eq 8843 access-list 101 permit tcp host 192.168.50.203 192.168.200.0 0.0.0.255 eq 8880 access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255 access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.200.0 0.0.0.255 access-list 101 permit ip any any ip access-group 101 vlan 50 in 1In the GUI, this would be as followed:
Then, you have to bind it against the vlan, as followed:
As example, my testing:
Give that a try, and it should work just fine đ.
Once it works, if you can accept this as a solution.
If it doesn't work, can you share your Tech Support file, happy to have a look at it.
You can retrieve your TS as followed:
Mike
Hello schumaku, I appreciate your time and input. I want to make it clear that I am a beginner when it comes to managing switches. Just to clarify, the rules I mentioned earlier refer to inbound traffic rules within the ACLs.
I followed a specific guide to set up the VLANs and ACLs. https://kb.netgear.com/30818/How-to-configure-routing-VLANs-on-a-NETGEAR-managed-switch-with-shared-internet-access
The overall goal I'm trying to achieve is to have multiple VLANs without any inter-VLAN communication, except for certain exceptions such as the internet gateway, access points, and specific TCP ports for various services.
So far, I believe I have completed all the necessary tasks except for allowing exceptions for TCP ports through the ACLs.
If my approach is incorrect, I would greatly appreciate any advice you can provide.
Thanks in advance.
I followed a specific guide to set up the VLANs and ACLs. https://kb.netgear.com/30818/How-to-configure-routing-VLANs-on-a-NETGEAR-managed-switch-with-shared-internet-access
The overall goal I'm trying to achieve is to have multiple VLANs without any inter-VLAN communication, except for certain exceptions such as the internet gateway, access points, and specific TCP ports for various services.
So far, I believe I have completed all the necessary tasks except for allowing exceptions for TCP ports through the ACLs.
If my approach is incorrect, I would greatly appreciate any advice you can provide.
Thanks in advance.
Hi Mikeemikew,
I am not sure how the ACL is bound, but there are several ways of doing it. I think, the easiest is to bind it against a VLAN, so that it applies to all devices.
I have tested this here in my lab for you, and can confirm, that the following table works:
access-list 101 permit tcp host 192.168.50.203 192.168.200.0 0.0.0.255 eq 8843
access-list 101 permit tcp host 192.168.50.203 192.168.200.0 0.0.0.255 eq 8880
access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny ip 192.168.50.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip any any
ip access-group 101 vlan 50 in 1
In the GUI, this would be as followed:
Then, you have to bind it against the vlan, as followed:
As example, my testing:
Give that a try, and it should work just fine đ.
Once it works, if you can accept this as a solution.
If it doesn't work, can you share your Tech Support file, happy to have a look at it.
You can retrieve your TS as followed:
Mike
MikeD1234, that worked perfectly! I want to express my gratitude for the time you dedicated to investigating and assisting me. I truly appreciate it!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
