Business Community > Routers > VLAN/ACL setup
< Routers

VLAN/ACL setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VLAN/ACL setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VLAN/ACL setup
VLAN/ACL setup
2023-09-14 13:24:09
Tags: #VLAN & Multi-Networks #ACL
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.1.0

Hi,

 

I've setup a 'guest' VLAN (VLAN200) that has no access to VLAN1 but can access internet resources.

VLAN1 can access VLAN200 but not the other way around.

A webserver in VLAN1 is portmapped from internet. Actually there are more web servers but all all reverse proxied from internet.

VLAN1 uses split DNS so local clients access the webserver internally (not proxied).

VLAN200 clients use public DNS.

 

Unfortunately VLAN200 clients (B) cannot access the webservers in VLAN1 like external/internet clients can.

 

What rule/ACL do I need to define to make this possible.

 

Current rules are :

Gateway ACL: Deny LAN->LAN VLAN200 -> LAN

Switch ACL: Deny VLAN200 -> IPGroup (TCP/UDP switch and router IP)


 

network

  0      
 
  0      
 
#1
Options
4 Reply
Re:VLAN/ACL setup
2023-09-15 05:56:05

  @cdnhk 

what error do you have?

how does the vlan 200 resolve the domain name? ping the domain? 

use wireshark capture the packet and analyze it. 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#2
Options
Re:VLAN/ACL setup
2023-09-15 08:08:31 - last edited 2023-09-15 08:10:14

There is no error. Just cannot reach it.

 

An nslookup resolves to the WAN address (as it should).

 

But this rule blocks access

 

=> Gateway ACL: Deny LAN->LAN VLAN200 -> LAN

 

and I should probably need to add

 

=> Gateway ACL: Permit LAN->LAN VLAN200 -> IP-Port Group

 

But thats not possible (yet).

 

Or is there another way?

  0  
  0  
#3
Options
Re:VLAN/ACL setup
2023-09-15 08:14:41

  @cdnhk 

if you unblock it, does it work properly?

switch acl if you have switch. 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#4
Options
Re:VLAN/ACL setup
2023-09-15 08:23:59

Tedd404 wrote

  @cdnhk 

if you unblock it, does it work properly?

switch acl if you have switch. 

  @Tedd404 

 

if you unblock it, does it work properly?

 

Yes it does

 

switch acl if you have switch. 

 

Yes I have a switch but switch acl does not 'solve' it.

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 603

Replies: 4

Tags

VLAN & Multi-Networks
ACL
Related Articles
 Help with VLAN and ACL
262 0
 Omada router on stick WAN VLAN setup help needed
429 0
 Wifi guest network on a different vlan for network isolation, ACL problem
778 0
Internet VLAN on WAN not present or not selectable
2389 0
T2600G-28TS: How to setup DMZ with VLAN and ACL
7595 0
 No Internet on VLAN
2088 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.