Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with ACLs.

SOLVED
Go to solution
MrMacro
Occasional Visitor

Problems with ACLs.

Any help would be most appreciated. I have a 5406zl and 2600 switch configured with multiple VLANs. We have a perimeter firewall on the default vlan (id:1) and have recently introduced a Wireless/Guest VLAN (id:30).

What I would like to do, is to restrict all access from the Wireless/Guest VLAN to only the perimeter firewall and beyond.

So effectively, if the firewall is on 192.168.1.1 and the Guest VLAN is 192.168.10.0 I want all traffic coming from the 192.168.10.0 network to be restricted to the firewall on 192.168.1.1 and not be able to access anything else on the default vlan.

Any help would be most appreciated.

Thanks for looking.
3 REPLIES
Pieter 't Hart
Honored Contributor
Solution

Re: Problems with ACLs.

Simpelest way is NOT to configure routing between the gest VLAN and the default vlan.
Then you don't need to fiddle with ACL's.

- Only the firewall needs an ip-adress in this vlan.
- If the switch is configured for routing, don't give it an ip-adress in this guest vlan.
- Don't give any other switch an ip-adress in this guest vlan.

The switches will forward packets on layer-2 to other ports in the same vlan as if it was a physical separate network.

NB! you may want to add another vlan to make your access-point reachable for management.
Offcourse your AP's must support this.
MrMacro
Occasional Visitor

Re: Problems with ACLs.

I like your bit of lateral thinking... however, though I don't doubt that your method doesn't work, I managed to implement the appropriate ACLs, but thanks for your help.
Pieter 't Hart
Honored Contributor

Re: Problems with ACLs.

As it was not the solution to your question, 10 points is a bit high.
But thanks very much, you flipped me over the 2500 points and changed my hat from wizzard to royalty.