How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)
How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)
2019-04-04 17:43:49 - last edited 2022-09-01 02:53:25
Hardware Version: V4
Firmware Version: 4.0.0 Build 20181010 Rel.45384(s)

I have set up multi-nets network via Multi-Nets NAT feature based on the KB: https://www.tp-link.com/en/support/faq/887/

 

It works but we do not allow inter-department network communication.  For instance, using the same example at the KB, equipments in Marketing, Finance, Personnel dept can access Internet, but a PC in Marketing dept cannot access Finance dept's subnet and vice versa.  May I know how to achieve this in T2600G?  Thanks.

 

Update (solved): My bad, I spent time on google instead of reading through the manual.  The function I required is covered in the "Security" -->  "ACL" section.  It provides pretty nice GUI and CLI for me to set required firewall rules.  So problem solved.

  0      
  0      
#1
Options
1 Accepted Solution
Re:How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)-Solution
2019-04-06 17:46:07 - last edited 2022-09-01 02:53:25

My bad, I spent time on google instead of reading through the manual.  The function I required is covered in the "Security" -->  "ACL" section.  It provides pretty nice GUI and CLI for me to set required firewall rules.  So problem solved.

Recommended Solution
  1  
  1  
#3
Options
3 Reply
Re:How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)
2019-04-05 18:12:24 - last edited 2019-04-06 17:46:51

I have done more seach in google and some tests, and I found that either T2600G or ER6120 can do what I want to achieve, if:

 

i) T2600G - a simple firewall rules or command / UI to stop the routing among vlan, or

 

ii) ER6120 - it can have multiple L3 interfaces, then I can stop the L3 routing features at T2600G at all and all subnet gateway pointing to the respective L3 interface at ER6120.  The built in ER6120 firewall interface can do the job easily.

 

However, it looks like ER6120 can only belongs to one subnet (and hense only having single IP) and need a L3 router (T2600G in my case) to help in order to do multi-net NAT.  Yet T2600G does not have firewall rules to prevent inter-vlan routing - which shoudl be a common requirement, no matter for set up a guest network or an organization with multiple department in multiple floors.

 

To recap, in the KB:

https://www.tp-link.com/us/support/faq/887/

I setup systems like file servers and intranet web servers at 192.168.0.x, so all three deparments can access the servers.  But inter deparment communication should not be allowed.  How to do this?  It is nothng about ER6120 as even without it, the three subnet can communicate among each other - they just can't access Internet if I turn off ER6120.

 

I seach on web and found that TL-1043ND can achieve what ER6120 cannot after fresh it with OpenWRT:

http://alduras.com/wp/guest-wifi-network-set-up-openwrt-vlans-tplink-tl-wr1043nd-router/

The key is that admin can create additional interface in the router and assign IP acting the default gateway for the corresponding VLAN (guest VLAN) and config firewall rules accrodingly.

 

  0  
  0  
#2
Options
Re:How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)-Solution
2019-04-06 17:46:07 - last edited 2022-09-01 02:53:25

My bad, I spent time on google instead of reading through the manual.  The function I required is covered in the "Security" -->  "ACL" section.  It provides pretty nice GUI and CLI for me to set required firewall rules.  So problem solved.

Recommended Solution
  1  
  1  
#3
Options
Re:Re:How to block inter-vlan routing on TL-ER6120 plus T2600G (solved)
2019-04-08 02:37:49

bertson85 wrote

My bad, I spent time on google instead of reading through the manual.  The function I required is covered in the "Security" -->  "ACL" section.  It provides pretty nice GUI and CLI for me to set required firewall rules.  So problem solved.

 

I think your switch supports inter-VLAN routing, so the deivecs in different departments can access each other. As you said, ACL can block the data between the different departments.

  0  
  0  
#4
Options