ACL Rules not working properly
Hi,
I have several VLans and when I created the ACL Rule of permit all connections between two of those VLANs is when the problem begins. They can see each other and I cant access the computer fom one VLAN to the other one. I tried ACL Rule Mac Group with just two computers and is not working either. Is there a problem with the omada controller ?
I have
ER605
TL-SG3428MP Switch
Omada Controller
I have several LAN but the ones that I want to communicate between them are my main LAN to another one that I named Server
My main one is Tattoine and I want one computer from that lan to have bidirectional communication with Server Lan, but since I couldn't doit I decided to use the Mac Group. But is not communicating each other.
Can somebody help me with this issue?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Switch ACLs are not bi directional - so you either have to make 2 rules allowing traffic in both directions, or make an IP group with the source and destination IPs and allow it to itself, eg...
IP Group "Test"
PC1 192.168.1.100 /32
Network Allowed 192.168.10.0 /24
ACL Rule - Permit - All - IP Group "Test" to IP group "Test"
Also, the ACL rules work top - down, so put Allow rules above Deny Rules in the list
- Copy Link
- Report Inappropriate Content
Hi,
I tried that too, two rules. But nothing happened. I even tried the mac group and nothing. Let me try the IP Group, but let me first learn how to do that.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Using Omada, everything is allowed by default so it looks to me like rule 1, 3 and 4 are useless.
The only thing that's blocked are packets flowing from IOT to 3 VLANs.
You wouldn't happen to have gateway rules too?
Because if you're blocking default -> server at the gateway, there's nothing you can do at the switch layer to override that.
- Copy Link
- Report Inappropriate Content
No, no gatewary rules, just in the switch.
- Copy Link
- Report Inappropriate Content
Hmm, I'm not sure what's getting in the way.
> I have several VLans and when I created the ACL Rule of permit all connections between two of those VLANs is when the problem begins. They can see each other and I cant access the computer fom one VLAN to the other one.
How exactly did you establish "can see" and "can't access"?
Again, I believe only rule 2 in your original post is effective and it does not affect any packets going between default and server...
And if you have some connectivity (see), there's no reason the ACL is getting of access.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 380
Replies: 7
Voters 0
No one has voted for it yet.