Re: IP based ACL using GUI

akira168 · ‎2017-03-20

Hi Netgear Community,

Can someone give me an example to set up IP based ACL with GUI?

What we want to do is just to permit all the services only from the network address, 192.168.55.0/24 on the port 17. All the other network addresses should be blocked.

The port has already been configured VLAN550 which is 192.168.55.0.

I am not quite sure the way to describe, the order to apply the ACL so on.

The firmware version is 11.0.0.18.

Thank you.

Best regards,

DaneA · ‎2017-03-20

Hi akira168,

Let me share the article below and it might help as reference guide:

Setting up VLANs & VLAN Routing with ACLs

Regards,

DaneA

NETGEAR Community Team

akira168 · ‎2017-03-21

Hi DaneA,

Thank you for your reply.

Please take a look at the attached screen shot.

I have tried to allow passing only 192.168.55.0/24.

However once the setting of ACL Based on Destination IPv4, all the IP addresses are blocked.

Can you correct my settings? Before adding the ACL, the network is pigable.

Best regards,

DaneA · ‎2017-03-29

@akira168,

I apologize for the late response. 😞

Kindly try the steps below:

1. On the rule you have created, under Match Every, change "False into "True."

2. Create another rule: set the Action to Deny, set the Match Every to False and set both Destination IP Address and IP Mask to "Any."

Let me know if it helps.

Kindly read pages 748-749 of the M7100-24x user manual here and refer to the example Standard IP ACL configuration given as this might help.

Regards,

DaneA

NETGEAR Community Team

DaneA · ‎2017-04-02

@akira168,

I just want to follow-up on this. Were you able to try my suggestion? If yes, let us know the results.

Regards,

DaneA

NETGEAR Community Team

akira168 · ‎2017-04-03

Hi DaneA,

Thank you for your remind.

I will test it and let you know.

Best regards,

akira168 · ‎2017-04-04

Hi DaneA,

Your suggestion is to block certain IP address and to pass the others, isn't it?

I am looking for the way to pass certain network address and to block all the others.

Besides I cannot block any IP address by using your instruction.

Thank you.

Best regards,

DaneA · ‎2017-04-26

@akira168,

My bad. The Destination IP Mask should be a Wildcard Mask. Kindly try the steps below:

1. On the rule you have created, under Match Every, change "False into "True."

2. Then change the Destination IP Mask from 255.255.255.0 to 0.0.0.255.

3. Create another rule: set the Action to Deny, set the Match Every to False and set both Destination IP Address and IP Mask to "Any."

Let me know if it helps.

As reference guide, kindly read pages 748-749 of the M7100-24x user manual here and refer to the example Standard IP ACL configuration given.

Regards,

DaneA

NETGEAR Community Team