M4300 ACL Help - Multicast traffic ignoring ACL

VistaICT · ‎2024-07-04

Hey Team,

I want to make a VLAN where clients can only communicate with the gateway and not each other. This is often called 'private VLAN' or 'client isolation'.

I'm attempting to do this with MAC ACL's.

I have two ACLs, each ACL has one rule:

GUEST-IN (assigned to inbound)
- DST MAC = AA:BB:CC:DD:EE:FF/00:00:00:00:00:00
GUEST-OUT (assigned to outbound)
- SRC MAC = AA:BB:CC:DD:EE:FF/00:00:00:00:00:00

The ACLs are bound to a client interface and appear to be working for unicast traffic, but not multicast traffic... have I missed something?

schumaku · ‎2024-07-05

@VistaICT wrote:

I want to make a VLAN where clients can only communicate with the gateway and not each other. This is often called 'private VLAN' or 'client isolation'.

The Netgear Managed Switches offer full support for Private VLAN, including the three industry common Private-VLAN Types (Primary, Isolated, Community). Consult eg. the M4300 Intelligent Edge Series Fully Managed Stackable Switches Software Version 12.0.8 Software Administration Manual, Private VLANs, p.61 ff.

View solution in original post

schumaku · ‎2024-07-05

@VistaICT wrote:

I want to make a VLAN where clients can only communicate with the gateway and not each other. This is often called 'private VLAN' or 'client isolation'.

The Netgear Managed Switches offer full support for Private VLAN, including the three industry common Private-VLAN Types (Primary, Isolated, Community). Consult eg. the M4300 Intelligent Edge Series Fully Managed Stackable Switches Software Version 12.0.8 Software Administration Manual, Private VLANs, p.61 ff.

VistaICT · ‎2024-07-07

*facepalm* I completely missed this. Thank you

M4300 ACL Help - Multicast traffic ignoring ACL

M4300 ACL Help - Multicast traffic ignoring ACL

Re: M4300 ACL Help - Multicast traffic ignoring ACL

Re: M4300 ACL Help - Multicast traffic ignoring ACL

Re: M4300 ACL Help - Multicast traffic ignoring ACL