NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M5300 oneway VLAN Routing
I have two VLANs, VLAN 1 and VLAN 2
I want to allow computers in VLAN 1 to access the computers in VLAN 2
I DO NOT want computers in VLAN 2 to be able to access computers in VLAN 1
How ...
Kindly delete the previous ACL commands then try this below:
(M5300) #config
(M5300) (Config)#access-list 1 deny 192.168.19.0 0.0.0.255
(M5300) (Config)#access-list 1 permit 0.0.0.0 255.255.255.255
(M5300)#interface [VLAN 1 port members]
(M5300) (Interface [VLAN 1 port members])#ip access-group 1 in
(M5300) (Interface [VLAN 1 port members])#exit
(M5300) (Config)#exit
Let us know how it goes.
Regards,
DaneA
NETGEAR Community Team
Hi Dane,
I need to attach the ACL to a VLAN, not individual ports. What is the syntax for this?
The only way is to attach the ACL to the port members of the VLAN.
Regards,
DaneA
NETGEAR Community Team
I find it extremely unlikely that a Layer 3 switch can't support multiple VLANs running on a single port. There is no way Netgear requires you to have a dedicated Port for each and every VLAN when the switch supports thousands of VLANs, otherwise I'd need a switch with thousands of Ports.
You can attach an ACL to a VLAN via the GUI, so there must be a way to do it via the console
Refer attached
Sorry Dane, I understand what you're saying now. Attached the Rule to Deny traffic to all the Ports that have that VLAN connected.
I did this, and it successfully blocked traffic coming from 192.168.19.0/24
However, it also blocked all traffic coming from other subnets as well.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
