How to configure ACL to prevent inter VLAN communication

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to configure ACL to prevent inter VLAN communication

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to configure ACL to prevent inter VLAN communication
How to configure ACL to prevent inter VLAN communication
2021-06-03 14:29:01 - last edited 2022-09-01 02:47:25
Model: TL-SG3428X  
Hardware Version: V1
Firmware Version: 1.0.3 Build 20210409 Rel.52950

We're trying to block inter VLAN (across VLAN) communication.

We'd like to have VLAN 10 for one department and VLAN 20 for other department whereas they should not be able to communicate with each other.

 

We have the VLANs configured.

There's a DHCP server configured on the switch and a VLAN interface for each VLAN.

Users receive a proper IP.

 

ACL configuration does not seem to work across VLAN . In any configuration, the VLANs can talk to each other.

We have tried port binding, VLAN binding, IP ACL, VLAN ACL, etc.

We seem to be only able to block communication within each VLAN but not across VLANs.

 

Here's the config we'd like to get:

 

Requirements:

1. Department A and B can access internet

2. Department A can communicate within Department A

3. Department B can communicate within Department B

4. Departments A and B cannot communicate with each other

 

This seems to be a common use case - what's the proper way to configure blocking of communication across VLANs?

An interface per VLAN seems to be required - are we maybe missing anything?

  0      
  0      
#1
Options
1 Accepted Solution
Re:How to configure ACL to prevent inter VLAN communication-Solution
2022-09-01 02:47:11 - last edited 2022-09-01 02:47:14

Hi there,

 

The new firmware TL-SG3428X(UN)_V1_1.0.7 Build 20220606 released recently has fixed the ACL-related issue.

 

If you find that Combined ACL failed to block traffic between Layer 3 networks, please check for a firmware update first.

 

Thank you for your attention!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:How to configure ACL to prevent inter VLAN communication
2021-06-11 14:06:10

@ceecko So devices across Vlan A and B can ping eachother? If so a deny rule on the switch ports should stop it under the security section in the controller software. 

ceecko wrote

We're trying to block inter VLAN (across VLAN) communication.

We'd like to have VLAN 10 for one department and VLAN 20 for other department whereas they should not be able to communicate with each other.

 

We have the VLANs configured.

There's a DHCP server configured on the switch and a VLAN interface for each VLAN.

Users receive a proper IP.

 

ACL configuration does not seem to work across VLAN . In any configuration, the VLANs can talk to each other.

We have tried port binding, VLAN binding, IP ACL, VLAN ACL, etc.

We seem to be only able to block communication within each VLAN but not across VLANs.

 

Here's the config we'd like to get:

 

Requirements:

1. Department A and B can access internet

2. Department A can communicate within Department A

3. Department B can communicate within Department B

4. Departments A and B cannot communicate with each other

 

This seems to be a common use case - what's the proper way to configure blocking of communication across VLANs?

An interface per VLAN seems to be required - are we maybe missing anything?

 

  0  
  0  
#2
Options
Re:How to configure ACL to prevent inter VLAN communication
2021-07-13 19:11:32
  0  
  0  
#3
Options
Re:How to configure ACL to prevent inter VLAN communication-Solution
2022-09-01 02:47:11 - last edited 2022-09-01 02:47:14

Hi there,

 

The new firmware TL-SG3428X(UN)_V1_1.0.7 Build 20220606 released recently has fixed the ACL-related issue.

 

If you find that Combined ACL failed to block traffic between Layer 3 networks, please check for a firmware update first.

 

Thank you for your attention!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#4
Options