Business Community > Switches > ACL question
< Switches

ACL question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACL question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ACL question
ACL question
2017-02-16 15:46:32
Model :

Hardware Version :

Firmware Version :

ISP :

hi all, i got a 3210 switch, working as a VLAN on several ports and the trunk is SFP port 10.
I need to add an access list for an ftp server on port Eth-7, for the address for example 192.168.1.10 the ftp server address, so that any request comes from the trunk port SFP 10 to this address 192.168.1.10 will be directed automatically to port 7 and therefore to the ftp server.
any help how to do this and is it doable on this switch ?
  0      
 
  0      
 
#1
Options
8 Reply
Re:ACL question
2017-02-17 23:01:26

johnnybravo135 wrote


I need to add an access list for an ftp server on port Eth-7, for the address for example 192.168.1.10 the ftp server address, so that any request comes from the trunk port SFP 10 to this address 192.168.1.10 will be directed automatically to port 7 and therefore to the ftp server.


Do you want to provide FTP access to several subnets using the VLAN trunk or what do you exactly mean with "requests from the trunk port"?

To share a FTP server between logically separated networks there are two possible solutions:

- use a router to route requests from different subnets to the FTP sever or

- set up VLAN tagging at the FTP server, give it as many IPs as you have subnets and add it to the corresponding VLANs (e.g. expanding trunk on to eth7 to avoid having to use an external router (actually, the server with FTP service does the routing between the VLANs in this solution).
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:ACL question
2017-02-18 01:54:29
Dear, I have a ccr that I don't have access to its management, and it's providing internet to the users via pppoe server built in with a shaper for the speed and a quota for each pppoe client, I have created the ftp server, want to add it to the network therefore those clients will benefit from this server without passing through the shaper and without counting the daily limits of their quota.I have two switches 3210, one is after the CCR directly and the other is on the roof that is distributing to the wireless accesspoints, on the other end, the user receive the wireless signal via a roof antenna access point, connects it to his router, configure the router wan pppoe and get connected to the internet.The CCR is providing pppoe dhcp range of 10.10.20.xxx 255.255.255.255If you want me to draw a diagram for this I will.
  0  
  0  
#3
Options
Re:ACL question
2017-02-18 02:52:45

johnnybravo135 wrote

I have created the ftp server, want to add it to the network therefore those clients will benefit from this server without passing through the shaper and without counting the daily limits of their quota.


So all clients are in the same subnet? Then probably you could use an extended ACL with source port to IP/dest port redirection to catch every FTP request and send them to port eth7, but I didn't yet set up such a scheme with redirection ACL on a L2 switch (I only use multi-homed FTP servers for my clients, which are in separate VLANs/subnets).
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:ACL question
2017-02-18 15:30:16
Yes that's the idea, all client are in the same subnet, Any kind of help on how to do the ACL as you said, coz I couldn't do it.My name is John from Beirut, +96170921935 if you would like to talk on WhatsApp.Again thank you
  0  
  0  
#5
Options
Re:ACL question
2017-02-18 19:35:02
As it is explained in the manual I would try following steps:

- Create an extended ACL, specify source address range for all devices on the subnet (source IP, network mask, destination port - see page 167 in the UG).
- Create a policy config, specify "redirect" as action and port of your FTP server (page 169).
- Optionally bind a port to the policy to your trunk port or VLAN (page 170 and following).
- Add the policy to the ACL.

Unfortunately, I have no L2+ switch to try it, but since the switch can classify packets on matching their L2-L4 protocol key fields, it should be possible to achieve it as described in the manual. See also the application example at the end of the ACL chapter in the manual.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#6
Options
Re:ACL question
2017-02-21 00:04:02
it didn't work sir.
  0  
  0  
#7
Options
Re:ACL question
2017-02-21 02:41:35
Did you define a redirect for the destination IP and both FTP ports 20/21 and also change the IP of the FTP server to be in the 10.10.20.0 subnet? If it still does not work, I have no idea, maybe it helps to call TP-Link support.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#8
Options
Re:ACL question
2017-02-21 17:13:12
Yes I did, I've defined all ports, and changed the server ip address to 10.10.20.10, and targeted the source destination to port eth7 as the server is connected to it. But still the same, on other hand on the clients routers wan ports, I've tried another idea, which is to add a manual IP, from the range of the server's let's say 192.168.10.0, additional IP address for each client with the pppoe is still working, and it worked perfectly, but the idea isn't to make it work like that only, coz some clients routers doesn't support two wan protocols.
  0  
  0  
#9
Options

Information

Helpful: 0

Views: 1128

Replies: 8

Related Articles
EAP ACL vs. Switch ACL
1406 0
Two ACL (Firewall) Questions
369 0
ACL Gruppe
115 0
question
213 0
Omada ACL configuration
533 0
Lighting question
98 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.