Block access to one computer on my network-ER605
I have a ER605 and use the web interface. I setup with 2 vlans, one for IOT and one for my computers. On my computer lan I have one old machine that runs some old software with a static ip. The OS is not supported any more so I would like to block access to the internet but still be able to share files. I set up a IP group with the ip address of the computer and in the access control tab I set it to block. But that does not work. What am I doing wrong?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @cmartorelli
Thanks for posting in our business forum.
cmartorelli wrote
@cmartorelli I have the target computer setup as a ip group. In the access control setting the pllicy is set to block, sevice type is all, direction is all, source is ipgroup_any, desttination is target computer ( selected from the ip group that was set in the begining.
If your goal is to block Internet access but still maintain LAN access, you should think about what's important in Internet conversation. It is the gateway access. You should block this computer from accessing the gateway(LAN) IP address instead of doing something like the quote.
What you configured in the quote, did you take time to think about how should it work? It does not match what you expect at all. I think you did not try to think about the ACL. ACL config would take a lot of effort to scheme.
- Copy Link
- Report Inappropriate Content
Hi @cmartorelli
Thanks for posting in our business forum.
What about your config? How do you set the ACL?
- Copy Link
- Report Inappropriate Content
@cmartorelli I have the target computer setup as a ip group. In the access control setting the pllicy is set to block, sevice type is all, direction is all, source is ipgroup_any, desttination is target computer ( selected from the ip group that was set in the begining.
- Copy Link
- Report Inappropriate Content
Hi @cmartorelli
Thanks for posting in our business forum.
cmartorelli wrote
@cmartorelli I have the target computer setup as a ip group. In the access control setting the pllicy is set to block, sevice type is all, direction is all, source is ipgroup_any, desttination is target computer ( selected from the ip group that was set in the begining.
If your goal is to block Internet access but still maintain LAN access, you should think about what's important in Internet conversation. It is the gateway access. You should block this computer from accessing the gateway(LAN) IP address instead of doing something like the quote.
What you configured in the quote, did you take time to think about how should it work? It does not match what you expect at all. I think you did not try to think about the ACL. ACL config would take a lot of effort to scheme.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 490
Replies: 3
Voters 0
No one has voted for it yet.