× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Cannot apply IP filtering with subnet mask on VLAN

aantonowycz
Aspirant

Cannot apply IP filtering with subnet mask on VLAN

Dear all,

 

When I want to configure my Insight managed switch such that devices on certain VLAN's cannot reach certain IP's, a direct declaration of an IP address in the IP filtering section works:

Screenshot 2021-09-02 4.17.57 PM.png

If the image above doesn't work: Imgur version

In the situation above a device connected to the VLAN cannot access 192.168.1.1, but can access the other devices on the subnet.

However when I want to block the device in question along with all devices on the subnet, using the subnet mask 255.255.255.0, it doesn't work:

Screenshot 2021-09-02 4.18.34 PM.png

If the image above doesn't work: Imgur version

In the situation above a device connected to the VLAN can still access any device on the 192.168.1.x subnet.

Is this a bug or am I doing something wrong? Thanks in advance.

 

Footnote: I don't know if the problem regarding the images being yellow triangles is unique to me, or another bug. I've linked to Imgur below the images, I was prohibited from inserting the images in the HTML for some reason.

Model: GC110P|8-Port Gigabit Ethernet PoE App Managed Smart Cloud Switch w/2 SFP Fiber Ports
Message 1 of 7
DaneA
NETGEAR Employee Retired

Re: Cannot apply IP filtering with subnet mask on VLAN

@aantonowycz,

 

Welcome to the community! 🙂 

 

The Policy you have specified is "Allow" which is why the devices on the 192.168.1.0 range are allowed.  Kindly try to change the Policy to "Deny."

 

As reference guide, kindly access and read the article below: 

 

How do I set up IP address filtering for an existing VLAN in Insight?

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 7
aantonowycz
Aspirant

Re: Cannot apply IP filtering with subnet mask on VLAN

@DaneA,

 

Thanks for the reply, I don't know why it says 'Allow' in the UI but it is in fact in the policy 'Deny', when I edit an entry in the 'Deny' policy it always shows 'Allow' for unknown reasons. Denying access without defining a subnet mask works, only when defining a subnet mask I encounter this problem.

Message 3 of 7
MrJoshW
NETGEAR Expert

Re: Cannot apply IP filtering with subnet mask on VLAN

Hello,

 

See screenshots:

 

Logging into my Insight account and going to the VLAN > IP Filtering. I do see the deny policy as it is a drop down. After delecting deny, and selecting manual. I can add a deny policy. 

 

Even when you select the deny policy, and select manual, do you see the policy screen for deny or allow?mstsc_daZH5munRn.pngmstsc_jaQabEkp3w.png

Message 4 of 7
aantonowycz
Aspirant

Re: Cannot apply IP filtering with subnet mask on VLAN

Yes, 'Deny' is selected. I think the 'Allow' part is just a UI bug that shows after I edit the policy, so please don't pay attention to that. I know in fact that the 'Deny' policy is working because when I block a singular IP address, that IP address is correctly blocked but when I apply a subnet mask it doesn't work anymore.

Message 5 of 7
aantonowycz
Aspirant

Re: Cannot apply IP filtering with subnet mask on VLAN

@MrJoshW 

I've attached a screenshot showing I'm editing the 'Deny' option in the background, with the UI bug on the foreground. So this is not what causes the IP filtering rules to not work specifically when applying a mask.

 

Just to be clear, the above works, but when applying an IP mask (using the range of devices option), it does not work.

Message 6 of 7
MrJoshW
NETGEAR Expert

Re: Cannot apply IP filtering with subnet mask on VLAN

Hello,

 

Discussing with engineering, try using a reverse IP mask. In the IP mask field try 0.0.0.255 and let me know if that helps.

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 1177 views
  • 0 kudos
  • 3 in conversation
Announcements