Unable to access Vlan network with Switch ACL
I am just trying to set up a simple ACL for Lan to access all Vlans and have vlans block access to LAN but it is not working. Once I enable the ACL block servers I loose connection from my lan to the Vlan I want to access. Here are some screen shots of my settings and hardware. What am I doing wrong?
Am i correct to think I cant block all because what im trying to do from the LAN example RDP to a computer on the Vlan?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@pwnjuice I guess it may be caused by improper VLAN configuration, you can provide a screenshot of the VLAN configuration in the post.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
instead of trying the switch acl, have you tried the gateway acl?
direction of two entries are unidirectional, right? not bi-directional?
think you should not use switch acl since it is not capable of being stateful.
- Copy Link
- Report Inappropriate Content
This is how I have it setup and working with RDP but I have to uncheck TCP for it to work. idealy i dont want server vlan to have any access to Lan but I want Lan to have full access to server vlan. So you saying set this up on Gateway ACL and not switch?
Not sure if Omada does the same as PFsense but I moved the Admin to the top because PFsense runs rules from top to bottom but that did not work until i unblocked tcp.
This is the Admin Rule
Index
- Copy Link
- Report Inappropriate Content
use switch acl as it is a stateful acl.
- Copy Link
- Report Inappropriate Content
But you just told me above
"
instead of trying the switch acl, have you tried the gateway acl?
direction of two entries are unidirectional, right? not bi-directional?
think you should not use switch acl since it is not capable of being stateful.
"
- Copy Link
- Report Inappropriate Content
pwnjuice wrote
But you just told me above
"
instead of trying the switch acl, have you tried the gateway acl?
direction of two entries are unidirectional, right? not bi-directional?
think you should not use switch acl since it is not capable of being stateful.
"
i made a typo. i was gonna say router acl. my stupid hands don't follow my mind. you need stateful acl, which is the router acl.
my stupid hands.. GW ACL!! not the switch!!
GW ACL should fix it instantly.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 589
Replies: 9
Voters 0
No one has voted for it yet.