NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

namajim's avatar
namajim
Aspirant
Apr 10, 2018
Solved

ACl Not Blocking VLAN Access

Hi

 

I was wondering if somebody could help me with an ACL configuration issue.

 

We have recently implemented a separate VLAN (VLAN30) for our guest Wi-Fi.  The wireless access point is connected to port number 22 on a GS728TPP Smart Switch.  The smart switch is then connected to an M4100-12GF (Backbone2).  This then runs across the building to another M4100-12GF (Backbone1), which then connects to our firewall.

 

DHCP for VLAN30 is controlled by the second M4100-12GF (Backbone1). VLAN1 is on x.x.0.0 and VLAN30 is on x.x.30.0.  Default route is x.x.0.6.  I can connect to the wireless access point without issue, get the relavant DHCP details and surf the internet without any problems.

 

The issue I have is when I try to block access the rest of the x.x.0.0 subnet.  I have setup the ACL on the GS728TPP as follows, and then bound it to Port 22:

 

 

 

From everything I have read on various Netgear threads over the last 2 days this should be ok.  However if I connect using a laptop I still can access or at the very least see (ping) devices on the x.x.0.0 subnet.

 

Any help you can give would be appreciated.

 

Cheers

Jim

 

Installation
  • Dan_Z's avatar
    Dan_Z
    Apr 11, 2018

    Welcome to the community!

    According to your description, suggest you try to binding following ACL configuration to GS728TPP port22.
    1.Deny:source x.x.30.0 (0.0.0.255) and des x.x.0.0(0.0.0.255)
    2.Permit all

    If have any other questions,please let us know.

    Thanks.

4 Replies

  • Dan_Z's avatar
    Dan_Z
    NETGEAR Expert
    Apr 11, 2018

    Welcome to the community!

    According to your description, suggest you try to binding following ACL configuration to GS728TPP port22.
    1.Deny:source x.x.30.0 (0.0.0.255) and des x.x.0.0(0.0.0.255)
    2.Permit all

    If have any other questions,please let us know.

    Thanks.

    • namajim's avatar
      namajim
      Aspirant
      Apr 11, 2018

      Hi Dan_Z

       

      Thank you for the response.  Have I not already got both of those rules in there already unnder 2 and 3?

       

      Cheers

      Jim

      • Dan_Z's avatar
        Dan_Z
        NETGEAR Expert
        Apr 11, 2018

        Hi Jim,

        The ACL rule match according to the sequence (Rule ID),so suggest add deny policy firstly.
        If the traffic matched the first rule,the following rules will not take effect.

         

        Thanks.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More