NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

hacesoft's avatar
hacesoft
Tutor
Dec 08, 2019
Solved

ACL rules

Good evening,   i have 4 VLANs for the switches. I played with ACL rules and I was not successful. I always blocked my entire switch perfectly with the first rule. Information I draw from : - u...
  • kevin_hong's avatar
    kevin_hong
    Dec 12, 2019

    Hi hacesoft,

     

    Please following the configuration below:

     

    2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

     

    Configuration ip acl "VLAN11"

    permit destination address 192.168.20.20  ---  permit specail address can access form vlan 11

    deny destination subnet 192.168.20.0 0.0.0.255  --- deny 192.168.20.0/24 subnet

    deny destination subnet 192.168.30.0 0.0.0.255  --- deny 192.168.30.0/24 subnet

    permit any any  ---- permit access internet and other ip address

     

    bind your vlan11 port inbound

     

    3.VLAN 20 permit access all vlans and no permit access internet,

     

    you just can delete 192.168.20.0(vlan 20) static-route on your Route

     

    4.VLAN 30 only permit access internet 

    deny destination subnet 192.168.20.0 0.0.0.255

    deny destination subnet 192.168.30.0 0.0.0.255 

    permit any any

    bind your vlan30 port inbound

     

    Notes:

    Please see attachment examples about ip acl 

hacesoft's avatar
hacesoft
Tutor
Dec 11, 2019

1.Only one pc can access and management your switch(You don't need a configured vlan 40)

--- you can set access-control on your switch

 

OK

 

2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

 

YES

 

3.VLAN 20 permit access all vlans and no permit access internet,

 

YES + permit access internet

 

4.VLAN 30 only permit access internet 

 

YES

kevin_hong's avatar
kevin_hong
Apprentice
Dec 12, 2019

Hi hacesoft,

 

Please following the configuration below:

 

2.VLAN 11 perimt access internet and special address camera _1 / camera_2 , Right ?

 

Configuration ip acl "VLAN11"

permit destination address 192.168.20.20  ---  permit specail address can access form vlan 11

deny destination subnet 192.168.20.0 0.0.0.255  --- deny 192.168.20.0/24 subnet

deny destination subnet 192.168.30.0 0.0.0.255  --- deny 192.168.30.0/24 subnet

permit any any  ---- permit access internet and other ip address

 

bind your vlan11 port inbound

 

3.VLAN 20 permit access all vlans and no permit access internet,

 

you just can delete 192.168.20.0(vlan 20) static-route on your Route

 

4.VLAN 30 only permit access internet 

deny destination subnet 192.168.20.0 0.0.0.255

deny destination subnet 192.168.30.0 0.0.0.255 

permit any any

bind your vlan30 port inbound

 

Notes:

Please see attachment examples about ip acl 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More