× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973

Re: M4300 ACL's

spopuri
Aspirant
Aspirant
‎2020-05-13 11:47 AM
‎2020-05-13 11:47 AM

M4300 ACL's

Hello,

 

I would like to create an ACL on the web interface to allow traffic from client to licensing server on a particular port.

 

Please see the attached screenshot and let me know if it is right?

 

Thanks,

Sravan

 

Model: GSM4328PA|M4300-28G-PoE+ - 24x1G PoE+ Stackable Managed Switch with 2x10GBASE-T and 2xSFP+ (550W PSU)
Message 1 of 5
0 Kudos

Accepted Solutions
Retired_Member
Not applicable
‎2020-05-20 08:18 PM
‎2020-05-20 08:18 PM

Re: M4300 ACL's

Hi @spopuri 

 

Welcome to Community!

 

Do you want to only allow DIP=10.3.200.40 and UDP D-Port from 27000~27009 packet fowarding on the binding port? But this is only for Client->Server direction, so what about Server->Client direction? Allow or dely? Currently your config ACL will deny all packet that from Server->Client direction, is it your expected behavior?

If you want to allow both two direction traffic, you can add one more rule that permit with SIP=10.3.200.40 and UDP S-Port from 27000~27009(need you confirm if it's match your traffic that from Server->Client), then bind this ACL to the port.

 

Regards,

Eric

View solution in original post

Message 2 of 5

All Replies
Retired_Member
Not applicable
‎2020-05-20 08:18 PM
‎2020-05-20 08:18 PM

Re: M4300 ACL's

Hi @spopuri 

 

Welcome to Community!

 

Do you want to only allow DIP=10.3.200.40 and UDP D-Port from 27000~27009 packet fowarding on the binding port? But this is only for Client->Server direction, so what about Server->Client direction? Allow or dely? Currently your config ACL will deny all packet that from Server->Client direction, is it your expected behavior?

If you want to allow both two direction traffic, you can add one more rule that permit with SIP=10.3.200.40 and UDP S-Port from 27000~27009(need you confirm if it's match your traffic that from Server->Client), then bind this ACL to the port.

 

Regards,

Eric

Message 2 of 5
spopuri
Aspirant
Aspirant
‎2020-05-22 06:53 AM
‎2020-05-22 06:53 AM

Re: M4300 ACL's

Thank you very much @Retired_Member 

Message 3 of 5
0 Kudos
spopuri
Aspirant
Aspirant
‎2020-05-25 09:19 AM
‎2020-05-25 09:19 AM

Re: M4300 ACL's

Hello @Retired_Member 

 

I have another question, If I write ACL rules to allow only port specific traffic. Will it block all other traffic by default?

 

Thanks,

Sravan

Model: GSM4328PA|M4300-28G-PoE+ - 24x1G PoE+ Stackable Managed Switch with 2x10GBASE-T and 2xSFP+ (550W PSU)
Message 4 of 5
0 Kudos
Retired_Member
Not applicable
‎2020-05-25 06:38 PM
‎2020-05-25 06:38 PM

Re: M4300 ACL's

@spopuri 

 

Yes, sure. There is one default rule that will deny all traffic at the last.

So it mean, if you want to add one rule to deny the specific traffic, you must add last rule with permit all.

Message 5 of 5
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2020-05-13 11:47 AM
  • 1943 views
  • 2 kudos
  • 2 in conversation
Announcements