Business Community > Controllers > Need help with ACLs
< Controllers

Need help with ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Need help with ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Need help with ACLs
Need help with ACLs
2022-04-10 21:26:39
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version:

I have an all Omada config.

3 x sg2008p

1 x er605

1 x eap610

 

I have 6 vlans

1 = admin

10 = office

20 = media

30 = servers

40 = IOT

50 = Wifi

 

 

I want to set up VLAN 40 as follows

VLAN 40 should not be able to reach VLANS 10,20,50

VLANS 10, 20, 50 should not be able to reach vlan 40

Unrestricted internet access

Should be able to reach VLAN 30 on specific ports (445, 137-139, Plex ports)

 

I assueme ACLs best for this?

 

Gateway or switch ACL?

Us IP Groups? IP-Port Groups? Network Groups?

 

Use Deny poicy to block?

 

Is there any good cookbook articles about this?

 

 

 

 

 

  0      
 
  0      
 
#1
Options
6 Reply
Re:Need help with ACLs
2022-04-11 03:43:12

Hi  @jwaltrip 

 

Have a look at this video series:

 

Youtube Video - Omada Setup

 

This should help understanding Omada Stuff.

  0  
  0  
#2
Options
Re:Need help with ACLs
2022-04-11 12:50:31

 Dear @jwaltrip ,

 

My suggestion is switch ACL.

 

You will need three rules:

1. Protocols: All; Deny; Source network VLAN 40network; Destination network VLANS 10,20,50. Enable Bi-Directional.

This rule will also block VLAN 10,20,50 from VLAN40. 

 

2. Permit; Source Network choose all; Destination choose IP Group_Any. 

This rule will allow all other network actions including internet access

 

"Should be able to reach VLAN 30 on specific ports (445, 137-139, Plex ports)" There is no limitation between VLAN40 and VLAN30 and they can communicate via any ports. 

If you want to Block other ports but only allow these ports, we CAN'T do it via Omada Controller. Because we cannot modify the Protocols on the ACL option, we can only choose the existing service type. 

 

Regards

 

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#3
Options
Re:Need help with ACLs
2022-04-11 20:14:37

Created 3 rules

 

With all enabled, a shortt ime later the Router disconencted....  what did I do wrong?

 

b8629412e7bf4fb18fd114570a5538c0

 

1ee67417e10d4b19ace6aa5ba3bd2902

 

  0  
  0  
#4
Options
Re:Need help with ACLs
2022-04-12 01:20:31

Should I be using Switch ACLs?

  0  
  0  
#5
Options
Re:Need help with ACLs
2022-04-12 04:50:30

OK... I see my mistake...

 

I will try switch ACLS.

 

Just read elsewhere that gateway ACLS only affect WAN (?).   

 

I am not a network expert, but not a newbi either...   this is still confusing :)

 

thanks for the help.  I will try this on the weekend (less likely to affect my wifes internet and TV)

 

  0  
  0  
#6
Options
Re:Need help with ACLs
2022-04-12 06:00:03

SO, should I choose VLAN or port for ACL binding?

 

If I choose VLAN, I need to specify a VLAN ID....  Should I choose ITO as the vlan there?

 

If I choose port, it wants me to select switch ports...

- Choose uplinks?   or should I choose only the ports I am going to set to IOT? 

  0  
  0  
#7
Options

Information

Helpful: 0

Views: 737

Replies: 6

Related Articles
OC300 cant display SpeedTest > 100 Mbps
1279 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.