ER605 and ACL/segmentation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 and ACL/segmentation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 and ACL/segmentation
ER605 and ACL/segmentation
2024-03-26 13:49:38
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: latest

Hi all. 

I've been runing an ER605 for a while.
Now want to segment a bit on the LAN side and the primary reason is security. 

Now I seem not to be able to limit traffic between segments regardless of the vlan or rules.

Is this due to tagging on the ports?

 

This guide is not working (effectless) with the current setup.

Why is this?

 

Thanks for any tip!

 

BR.

Greg

  0      
  0      
#1
Options
5 Reply
Re:ER605 and ACL/segmentation
2024-03-27 01:40:21

Hi @GregZaaa 

Thanks for posting in our business forum.

You can try out this FAQ. ACL is needed to stop inter-VLAN traffic. VLAN interface, by default, allows traffic between the interfaces.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 and ACL/segmentation
2024-03-27 06:51:38
Hi, well the whole idea is to stop traffic between segments. I'd say that a simple "deny src dest port" would do the trick, but it really doesn't to a thing.....
  0  
  0  
#3
Options
Re:ER605 and ACL/segmentation
2024-03-27 08:27:03 - last edited 2024-03-27 08:27:13

Hi @GregZaaa 

Thanks for posting in our business forum.

GregZaaa wrote

Hi, well the whole idea is to stop traffic between segments. I'd say that a simple "deny src dest port" would do the trick, but it really doesn't to a thing.....

Currently, GW ACL does not support IP-Port in controller mode.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:ER605 and ACL/segmentation
2024-03-27 08:38:03
I am running stand-alone. And what does mean really? What does it support?
  0  
  0  
#5
Options
Re:ER605 and ACL/segmentation
2024-03-27 08:55:05

Hi @GregZaaa 

Thanks for posting in our business forum.

GregZaaa wrote

I am running stand-alone. And what does mean really? What does it support?

1. I would recommend you take a look at the User Guide. Play around with it. ACL is very straightforward. Protocol, port, SRC, and DST.

There is no specific guide on how you configure it but ideas on how to achieve different goals. Take a second and browse through the KB on the forum. 

2. If you need a step-by-step guide or walkthrough, please call the support number. A rep can walk you through it.

I don't intend to answer the low-effort questions. which were not explicitly described initially and are not the goal of the forum to discuss and improve the skills.

Standalone have the ability to choose the "service" which is the difference in controller mode. Which is the direction I pointed out for you.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options