ACL exception rules doesn't work + creating administrator VLAN
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi, I have created two VLANs - VLAN10 and VLAN20. I want to use an ACL to disable their communication with each other and allow them to access the internet and create one exception. The first two rules succeeded, but the exception didn't. Should look like this:
IP from VLAN10 192.168.10.4 should be able to access IP from VLAN20 192.168.20.254.
First ACL Deny between VLANs looks like this:
Second ACL Permit Internet:
Last ACL Exception:
As for the last rule, even though it is binded as the only one, it blocks all communication between the two VLANs, even though there is a clear permit. It's driving me crazy, what am I doing wrong?
Thanks for help.
Thanks for the reply.
You're right the first one should have been permit - I put "deny" in the middle and that's how it works. The interesting thing is that I had to choose "subnetmask" .255 anything else allowed communication between VLANs throughout the range, can someone explain this to me?
The other thing I'm dealing with now is that I need one VLAN20 to have access everywhere, but no one can access it - you could say it's an admin VLAN. Logically I tried the simplest way and that is VLAN20 - "permit" any, see screen below and anything not permitted should be disabled correct? Of course it couldn't be that simple. I then tried X other rules, but always either the communication was allowed to pass without restriction, or it was cut off completely. Any sugestions?
PS: one bonus question. I didn't find out how many "trunks port" should be used. Our network is relatively small - max 60 connected devices at one time on 3 VLANs. One trunk for each VLAN/subnet, or just one in general, or the more the better - for each free port from the router??