ACL rules

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACL rules

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ACL rules
ACL rules
2022-12-28 10:30:51
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version:

Hi Team,

 

See also attached image:

The idea behind this rule is that devices in the qaurantine vlan can only connect to other devices within the same vlan as well as the DMZ/Internet.

 

The goal of this rule is to prevent (i.e. block) connections to and from any of the other vlans.

 

Would this rule indeed work this way?

If not: what did I miss or overlook?

 

 

Cheers - Will

 

=====

 

*** making it run like clockwork ***
  0      
  0      
#1
Options
4 Reply
Re:ACL rules
2022-12-29 08:04:04

  @ITV 

 

You need to first set up an ACL for permit, like the one shown in your picture.
You will also need to set another entry for Deny all of Bi-Decrectional as a second ACL.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:ACL rules
2022-12-29 09:14:11

  @Virgo 

 

I don't understand => don't recognize settings for bi-directional - only for uni-directional?

Which means I need 2 rules? One going from left-to-right? And the second going from right-to-left?

 

 

An example would be helpful - anyone?

 

 

 

*** making it run like clockwork ***
  0  
  0  
#3
Options
Re:ACL rules
2022-12-30 05:42:27

  @ITV 

 

This is because if you do not set an ACL to prevent communication in both directions, VLAN Interfaces can communicate with each other by default.

Just striving to develop myself while helping others.
  0  
  0  
#4
Options
Re:ACL rules
2022-12-30 10:40:36 - last edited 2022-12-30 10:46:55

Thank you for the response. I'm aware that by default, all traffic between vlans is allowed.

 

But still... I don't understand how this Omada ACL should work. Hence the follow-up question for an example.

 

Meaning I'm trying to understand the concept of this Omada ACL approach for a few months now. But I'm still struggling... One reason could be that with other, similar type of ACL rules I have worked with, there is an implicit-deny after each allow.

 

Meaning network admins define only what is allowed - everything else is blocked "magically".

The way this tlooks to me is that this not the case with the Omada ACL approach.

 

 

*** making it run like clockwork ***
  0  
  0  
#5
Options