Home

Forums

Stories

Knowledge Base

Business Community > Controllers > Blocking Router Access for all VLANs

< Controllers

Blocking Router Access for all VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Blocking Router Access for all VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

SebastianH

2023-11-06 15:03:49 - last edited 2023-11-07 07:44:46

Posts: 48

Helpful: 5

Solutions: 5

Stories: 0

Registered: 2023-10-26

Blocking Router Access for all VLANs

2023-11-06 15:03:49 - last edited 2023-11-07 07:44:46

Model: OC200

Hardware Version: V1

Firmware Version:

Hello,

Due to the fact, that it is not possible to change the management VLAN for the gateway (ER7206) I want to block the access to the Gateway via ACL.

I created a IP-Port-Group where I added all Gateway IPs (I have 7 VLANs, so I have to add 6 IPs (one is management)) and the Ports 80, 443 and 22.

Now I try to create an ACL where I select all VLANs (networks) on the left side and deny them to communicate to my IP-Port-Group on the right side.

But I got an "ACL limit" error.

I could I archieve the blocking without reaching a config limitation?

It would be great if the router management VLAN could be selected and changed to a specific one.

BR
Sebastian

1 Accepted Solution

Virgo

LV5

2023-11-07 07:14:46 - last edited 2023-11-07 07:44:46

Posts: 2588

Helpful: 346

Solutions: 191

Stories: 0

Registered: 2021-05-10

Re:Blocking Router Access for all VLANs-Solution

2023-11-07 07:14:46 - last edited 2023-11-07 07:44:46

@SebastianH

Hey, it's not difficult, just choose the Me/Gateway Management page, check this out.

Just striving to develop myself while helping others.

Recommended Solution

7 Reply

muzicman0

LV2

2023-11-06 18:23:34

Posts: 88

Helpful: 16

Solutions: 6

Stories: 0

Registered: 2021-02-27

Re:Blocking Router Access for all VLANs

2023-11-06 18:23:34

@SebastianH I'm not sure what other equipment you have. I am also using a 7206 (but i also have a TL-SG2428P) and I used a switch ACL to block other VLANs from accessing the management VLAN.

I have it disabled right now though since I am still setting everything up (and migrating to a new controller). I am not sure if I enable it if it will break my VPN access.

Either way though, you should be able to use the switch ACL if your topology supports it.

SebastianH

LV2

2023-11-06 18:39:51

Posts: 48

Helpful: 5

Solutions: 5

Stories: 0

Registered: 2023-10-26

Re:Blocking Router Access for all VLANs

2023-11-06 18:39:51

Hi @muzicman0

Thank you for your advice. I also have ACLs configured to block inter VLAN traffic. This is working fine.

But it's still possible to access the Router Login Page, due to the fact that its not possible to limit the management to one specific VLAN on the Router.

It's still possible to access the page from every VLAN by using the internal gateway IP of the interface VLAN.

muzicman0

LV2

2023-11-06 19:54:26

Posts: 88

Helpful: 16

Solutions: 6

Stories: 0

Registered: 2021-02-27

Re:Blocking Router Access for all VLANs

2023-11-06 19:54:26

@SebastianH I see. I can hit the login page, but if I log in, access is denied (since I am using a Controller). This is adequate for my needs, but i understand why it may not be in other cases.

Virgo

LV5

2023-11-07 07:14:46 - last edited 2023-11-07 07:44:46

Posts: 2588

Helpful: 346

Solutions: 191

Stories: 0

Registered: 2021-05-10

Re:Blocking Router Access for all VLANs-Solution

2023-11-07 07:14:46 - last edited 2023-11-07 07:44:46

@SebastianH

Hey, it's not difficult, just choose the Me/Gateway Management page, check this out.

Just striving to develop myself while helping others.

Blocking Router Access for all VLANs

Blocking Router Access for all VLANs

Information

Voters 0

Tags