NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

hacesoft's avatar
hacesoft
Tutor
Dec 08, 2019
Solved

ACL rules

Good evening,   i have 4 VLANs for the switches. I played with ACL rules and I was not successful. I always blocked my entire switch perfectly with the first rule. Information I draw from : - u...
  • kevin_hong's avatar
    kevin_hong
    Dec 12, 2019

    Hi hacesoft,

     

    Please following the configuration below:

     

    2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

     

    Configuration ip acl "VLAN11"

    permit destination address 192.168.20.20  ---  permit specail address can access form vlan 11

    deny destination subnet 192.168.20.0 0.0.0.255  --- deny 192.168.20.0/24 subnet

    deny destination subnet 192.168.30.0 0.0.0.255  --- deny 192.168.30.0/24 subnet

    permit any any  ---- permit access internet and other ip address

     

    bind your vlan11 port inbound

     

    3.VLAN 20 permit access all vlans and no permit access internet,

     

    you just can delete 192.168.20.0(vlan 20) static-route on your Route

     

    4.VLAN 30 only permit access internet 

    deny destination subnet 192.168.20.0 0.0.0.255

    deny destination subnet 192.168.30.0 0.0.0.255 

    permit any any

    bind your vlan30 port inbound

     

    Notes:

    Please see attachment examples about ip acl 

kevin_hong's avatar
kevin_hong
Apprentice
Dec 09, 2019

Hi hacesoft,

 

Welcome to community,

 

Let's clarify your request one by one.

 

1. Management switch:  Only special ip address can login and management switch

--- you can set access control, then no other address is accessible

 

 2.Disable access to special address from VLAN 11 to VLAN 20, Right ?

--- i need more detail information about it. such as  deny vlan 11 ipadd 192.168.11.10 access vlan 20 192.168.20.20.

    Please provide more detailed requirements for acl

 

Thank you

  • hacesoft's avatar
    hacesoft
    Tutor
    Dec 09, 2019

    Good evening,

     

    in the attachment I send a picture describing how I want to configure my home network.

    Perhaps it is more visual than a verbal description ...

    • kevin_hong's avatar
      kevin_hong
      Apprentice
      Dec 10, 2019

      Hi hacesoft,

       

      Thank you for your feedback.

       

      First,  Let's clarify your needs.

       

      1.Only one pc can access and management your switch(You don't need a configured vlan 40)

      --- you can set access-control on your switch

       

      2.VLAN 11 perimt access internet and special address cancea_1 / cancea_2 , Right ?

       

      3.VLAN 20 permit access all vlans and no permit access internet,

       

      4.VLAN 30 only permit access internet 

       

      Are these correct ? Did i miss anything?

      • hacesoft's avatar
        hacesoft
        Tutor
        Dec 10, 2019

        Good evening,

        almost everything is right, but the stimulus difference is that I want the VLAN20 too.

        Otherwise you understand it well from the drawing.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More