For the life of me, can't get the printer to be alive on its own VLAN.. The SRX5308 is the fw-router (no VPNs just VLANs) Identified 12 VLANs and treating these as port based VLANs and there's a M...
Moderator pls mark this thread as solved without changing the thread contents, TY
So this shld be my last post in this thread directed to future seekers of same "VLAN separation/segregation but with shared resources" solution and this particular post is how i watched the same resourcefull and "proficient with his Netgear Eqpt" engr mentioned above, script and then manipulate the application of the ACLs (apply or unapply the ACLs to certain ports is what i mean by manipulate)
So the following is instruction received by same individual: ------------------------------------------------------------------------------------------------------------- Syntax when scripting ACL in CLI is: access-list
So after scripting the ACLs how to manipulate the ACLs
commands for implementing access-list, we designated as 100 selectively on say only port #7 and then unapplying the same ACL off of same port, and BTW only picked port 7 as a tutorial for any port.
command sequence as follows:
(M4100-D12G) #configure
(M4100-D12G) (Config)#interface 0/7
(M4100-D12G) (Interface 0/7)#ip access-group 100 in
(M4100-D12G) (Interface 0/7)#exit
(M4100-D12G) (Config)#interface 0/7
(M4100-D12G) (Interface 0/7)#no ip access-group 100 in -- to take it off
end of selective application onto only a specific interface !!
OH and BE ONSITE next to your eqpt in case you LOCK it up and havfta reboot it to get back to old saved running config. DO NOT save any config till U got it working. ALSO another sav your butt technique, enable external access from the internet and port fwd teh management interface out.. U may loose internal access becs U have disallowed any packets getting routed BUT U may still be able to access device from its port fwd'ed "external2yourLAN" i/fc...
AND here's a command sequence as to scripting an ACL, altho most of the time, scripting was done in Notepad app and then cut-pasted into Putty CLI windo enmasse, (try it and see it work)
Log in via Telnet (hopefully SSH even better, after enabling the SSH interface of the device, device being switch or router)
User:whoUB2day (say you be admin) Password:******************* (M4100-D12G) >enable
(M4100-D12G) #configure
(M4100-D12G) (Config)#access-list 100 permit ip any 10.100.4.0 0.0.0.255
(M4100-D12G) (Config)#access-list 100 deny ip 10.100.0.0 0.0.15.255 10.100.0.0 0 .0.15.255
(M4100-D12G) (Config)#access-list 100 permit ip any any
(M4100-D12G) (Config)#interface 0/3
(M4100-D12G) (Interface 0/3)#ip access-group 100 in
(M4100-D12G) (Interface 0/3)#exit
(M4100-D12G) (Config)#interface 0/5-12 ^ An invalid interface range has been used for this function. An interface range must be 1000 characters or less.
(M4100-D12G) (Config)#interface 0/5-0/12
(M4100-D12G) (Interface 0/5-0/12)#ip access-group 100 in
(M4100-D12G) (Interface 0/5-0/12)#exit
(M4100-D12G) (Config)#
So there you have it, them interface designations mean 0/5 is unit 0 in the stack and on port 5, if U got a stack with a bunch of same switch devices in it, next device is 1/5 being second device and its port 5 on device 1, If just a solitary device it is designated as first device being managed, device zero, thus device zero and the port number you are manipulating.
