NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

hacesoft's avatar
hacesoft
Tutor
Dec 08, 2019
Solved

ACL rules

Good evening,   i have 4 VLANs for the switches. I played with ACL rules and I was not successful. I always blocked my entire switch perfectly with the first rule. Information I draw from : - u...
  • kevin_hong's avatar
    kevin_hong
    Dec 12, 2019

    Hi hacesoft,

     

    Please following the configuration below:

     

    2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

     

    Configuration ip acl "VLAN11"

    permit destination address 192.168.20.20  ---  permit specail address can access form vlan 11

    deny destination subnet 192.168.20.0 0.0.0.255  --- deny 192.168.20.0/24 subnet

    deny destination subnet 192.168.30.0 0.0.0.255  --- deny 192.168.30.0/24 subnet

    permit any any  ---- permit access internet and other ip address

     

    bind your vlan11 port inbound

     

    3.VLAN 20 permit access all vlans and no permit access internet,

     

    you just can delete 192.168.20.0(vlan 20) static-route on your Route

     

    4.VLAN 30 only permit access internet 

    deny destination subnet 192.168.20.0 0.0.0.255

    deny destination subnet 192.168.30.0 0.0.0.255 

    permit any any

    bind your vlan30 port inbound

     

    Notes:

    Please see attachment examples about ip acl 

kevin_hong's avatar
kevin_hong
Apprentice
Dec 09, 2019

Hi hacesoft,

 

Welcome to community,

 

Let's clarify your request one by one.

 

1. Management switch:  Only special ip address can login and management switch

--- you can set access control, then no other address is accessible

 

 2.Disable access to special address from VLAN 11 to VLAN 20, Right ?

--- i need more detail information about it. such as  deny vlan 11 ipadd 192.168.11.10 access vlan 20 192.168.20.20.

    Please provide more detailed requirements for acl

 

Thank you

hacesoft's avatar
hacesoft
Tutor
Dec 09, 2019

Good evening,

 

in the attachment I send a picture describing how I want to configure my home network.

Perhaps it is more visual than a verbal description ...

  • kevin_hong's avatar
    kevin_hong
    Apprentice
    Dec 10, 2019

    Hi hacesoft,

     

    Thank you for your feedback.

     

    First,  Let's clarify your needs.

     

    1.Only one pc can access and management your switch(You don't need a configured vlan 40)

    --- you can set access-control on your switch

     

    2.VLAN 11 perimt access internet and special address cancea_1 / cancea_2 , Right ?

     

    3.VLAN 20 permit access all vlans and no permit access internet,

     

    4.VLAN 30 only permit access internet 

     

    Are these correct ? Did i miss anything?

    • hacesoft's avatar
      hacesoft
      Tutor
      Dec 10, 2019

      Good evening,

      almost everything is right, but the stimulus difference is that I want the VLAN20 too.

      Otherwise you understand it well from the drawing.

      • hacesoft's avatar
        hacesoft
        Tutor
        Dec 11, 2019

        1.Only one pc can access and management your switch(You don't need a configured vlan 40)

        --- you can set access-control on your switch

         

        OK

         

        2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

         

        YES

         

        3.VLAN 20 permit access all vlans and no permit access internet,

         

        YES + permit access internet

         

        4.VLAN 30 only permit access internet 

         

        YES

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More