Cannot apply IP filtering with subnet mask on VLAN

Question

Dear all,&nbsp;When I want to configure my Insight managed switch such that devices on certain VLAN's cannot reach certain IP's, a direct declaration of an IP address in the IP filtering section works:If the image above doesn't work:&nbsp;Imgur versionIn the situation above a device connected to the VLAN cannot access 192.168.1.1, but can access the other devices on the subnet.However when I want to block the device in question along with all devices on the subnet, using the subnet mask 255.255.255.0, it doesn't work:If the image above doesn't work:&nbsp;Imgur versionIn the situation above a device connected to the VLAN can still access any device on the 192.168.1.x subnet.Is this a bug or am I doing something wrong? Thanks in advance.&nbsp;Footnote: I don't know if the problem regarding the images being yellow triangles is unique to me, or another bug. I've linked to Imgur below the images, I was prohibited from inserting the images in the HTML for some reason.

DaneA · Answer

Retired_Member,
&nbsp;
Welcome to the community! :)&nbsp;
&nbsp;
The Policy you have specified is "Allow" which is why the devices on the 192.168.1.0 range are allowed.&nbsp; Kindly try to change the Policy to "Deny."
&nbsp;
As reference guide, kindly access and read the article below:&nbsp;
&nbsp;
How do I set up IP address filtering for an existing VLAN in Insight?
&nbsp;
&nbsp;
Regards,
&nbsp;
DaneA
NETGEAR Community Team

Retired_Member · Answer

DaneA,&nbsp;Thanks for the reply, I don't know why it says 'Allow' in the UI but it is in fact in the policy 'Deny', when I edit an entry in the 'Deny' policy it always shows 'Allow' for unknown reasons. Denying access without defining a subnet mask works, only when defining a subnet mask I encounter this problem.

MrJoshW · Answer

Hello,
&nbsp;
See screenshots:
&nbsp;
Logging into my Insight account and going to the VLAN &gt; IP Filtering. I do see the deny policy as it is a drop down. After delecting deny, and selecting manual. I can add a deny policy.&nbsp;
&nbsp;
Even when you select the deny policy, and select manual, do you see the policy screen for deny or allow?

Retired_Member · Answer

Yes, 'Deny' is selected. I think the 'Allow' part is just a UI bug that shows after I edit the policy, so please don't pay attention to that. I know in fact that the 'Deny' policy is working because when I block a singular IP address, that IP address is correctly blocked but when I apply a subnet mask it doesn't work anymore.

Retired_Member · Answer

MrJoshW&nbsp;I've attached a screenshot showing I'm editing the 'Deny' option in the background, with the UI bug on the foreground. So this is not what causes the IP filtering rules to not work specifically when applying a mask.&nbsp;Just to be clear, the above works, but when applying an IP mask (using the range of devices option), it does&nbsp;not work.

Forum Discussion

Cannot apply IP filtering with subnet mask on VLAN

6 Replies

Related Content

/31 Subnets

RBR40 and RBS40 generate different subnets for attached devices

R9000 - VPN e subnet

Disabling automatic subnet reconfig

BR200 /23 subnet issue

NETGEAR Academy

ProSupport for Business