NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
VLAN Security
Hi. I have 8 GS728TP ProSafe switches (and a couple of GS752TP's) in the company network which I have setup using VLAN 1 for the data network, PC's, Laptops etc and VLAN 2 for the telephone system pl...
Hi again,
The ACLs you are looking for are called extended ACLs. They are numbered 100-199 and can be created by going to: "Security" --> "ACL" --> "Advanced" --> "IP ACL" --> In the "IP ACL ID" type 100 and click "Add".
This will create rule table 100. Now, you can add rules to the table as you wish. Go to "IP Extended Rules" and you can see your table here. You can start adding rules.
Once you have the rules you need, then you can bind the rules to ports via the menu "IP Binding Table".
A few notes about ACLs.
1. They use wildcard masks instead of subnet masks.
2. ACLs are read from top --> bottom. This means specific rules on top, general rules at the bottom.
3. Remember that the default (hidden) rule on an ACL is "Deny All". What you want is block some stuff and allow the rest. This means that your last rule should be Permit All.
4. The ACL direction is Inbound on these switches. That matters for how you create the ACL :)
5. Only bind the ACL on the relevant ports. If you bind it to all ports and you make a mistake, you might block access to the switch itself, which you in turn can't recover from (as the ACL is applied on all ports and there is no console port on these models).
Here is a Netgear KB about it: https://kb.netgear.com/21714/How-do-I-set-up-an-IP-Access-Control-List-ACL-with-two-rules-using-the-web-interface-on-my-managed-switch
Cheers!
Hi Hopchen,
That sounds like what I need and was what I thought I'd need to do in order to implement this sort of security. Is there a breakdown anywhere of how to do this that you know of? I've looked at the settings on the switches and it's not very clear or obvious what I'd need to do to make this work?
Regards
Hi again,
The ACLs you are looking for are called extended ACLs. They are numbered 100-199 and can be created by going to: "Security" --> "ACL" --> "Advanced" --> "IP ACL" --> In the "IP ACL ID" type 100 and click "Add".
This will create rule table 100. Now, you can add rules to the table as you wish. Go to "IP Extended Rules" and you can see your table here. You can start adding rules.
Once you have the rules you need, then you can bind the rules to ports via the menu "IP Binding Table".
A few notes about ACLs.
1. They use wildcard masks instead of subnet masks.
2. ACLs are read from top --> bottom. This means specific rules on top, general rules at the bottom.
3. Remember that the default (hidden) rule on an ACL is "Deny All". What you want is block some stuff and allow the rest. This means that your last rule should be Permit All.
4. The ACL direction is Inbound on these switches. That matters for how you create the ACL :)
5. Only bind the ACL on the relevant ports. If you bind it to all ports and you make a mistake, you might block access to the switch itself, which you in turn can't recover from (as the ACL is applied on all ports and there is no console port on these models).
Here is a Netgear KB about it: https://kb.netgear.com/21714/How-do-I-set-up-an-IP-Access-Control-List-ACL-with-two-rules-using-the-web-interface-on-my-managed-switch
Cheers!
Hi Hopchen,
Thanks for the resonse and the links. I'll go away and study those and decide on the rules I need but this looks to do what I'm trying to set-up so thank you again.
Regards
No worries. Give a shout if you need assistance with the ACLs.
Cheers
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
