T1600G-28PS Smart Switch ACL
T1600G-28PS Smart Switch ACL
HI guys.
Just started palying around with this nice smart switch, configured a few vlans, L3 features are used to route between LAN's, the switch is easy to configure and I like it, but one i cant get working: its ACL's
I want to stop traffic between two VLAN's 11 and 12. 192.168.x.x/24 and 192.168.y.y/24
Im creating a IP based ACL and rules under it. Two rules to drop packet from one to other and oposite on other rule.
So it should drob what comes from x.x to y.y and from y.y to x.x
But nothing gets droped packets are going through.
Could you bring in how ACL's works on TP link smart switches.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Firstly, give info about your FW. It doesn't seem to be a problem here, but just for you information, v1/v2 has while list ACL (permit all by default), while v3 has black list (deny all).
Isn't it easier just to delete L3 routing between these vlan-interfaces?
Regarding your question, provide config of your routing, vlan-interfaces and acl, acl bindings, to check it together.
- Copy Link
- Report Inappropriate Content
akarpas wrote
As I understand ACL's should be applied to Interface or VLAN interface on itself but i dont see any option to achieve this .
Oh, I see. Just use web-interface firstly, it would be easier to understand. You cannot miss it. It is an example from T2600G-28TS, but T1600G-28PS should pretty be the same.
- Copy Link
- Report Inappropriate Content
TP-Link has the configuring guide for ACL. Maybe some help.
https://www.tp-link.com/us/configuration-guides/configuring_acl/?configurationId=18222#_idTextAnchor001
- Copy Link
- Report Inappropriate Content
Mitya wrote
akarpas wrote
As I understand ACL's should be applied to Interface or VLAN interface on itself but i dont see any option to achieve this .Oh, I see. Just use web-interface firstly, it would be easier to understand. You cannot miss it. It is an example from T2600G-28TS, but T1600G-28PS should pretty be the same.
You are great, I found it myself but you are the one who gave me exact what i want :) Thanks
- Copy Link
- Report Inappropriate Content
I cant switch off L3 routing as this is what I need for Inter-Vlan routing for more than 2 VLAN
- Copy Link
- Report Inappropriate Content
Andone wrote
TP-Link has the configuring guide for ACL. Maybe some help.
https://www.tp-link.com/us/configuration-guides/configuring_acl/?configurationId=18222#_idTextAnchor001
Thank you for the link
- Copy Link
- Report Inappropriate Content
Mitya wrote
Firstly, give info about your FW. It doesn't seem to be a problem here, but just for you information, v1/v2 has while list ACL (permit all by default), while v3 has black list (deny all).
Isn't it easier just to delete L3 routing between these vlan-interfaces?
Regarding your question, provide config of your routing, vlan-interfaces and acl, acl bindings, to check it together.
I use mikrotik router as router facing ISP , so firewall is set up on the mikrotik router.
- Copy Link
- Report Inappropriate Content
As Mitya said, after configured the deny ACL rule, we still need to configure a ACL rule to allow all traffic. Because V3 has the black list. Otherwise, all traffic cannot pass.
- Copy Link
- Report Inappropriate Content
Darn it....I wasted a whole day yesterday trying to figure out whatever way I tried to create an ACL and/or apply an ACL, it would make the switch dead to the world requiring me to pull the plug and start the whole configuration process again from.... well, I did save a closer to end as things went along.
Wonder if and where it is in the manual, though this time around I didn't read the manual cover to cover, or any of it, before trying to replicate the configuration of my DGS-1210-20 on the T1600G-28TS that will be taking over for it. Incidentally, the DGS1210-20 had replaced what was originally a TL-SG1016DE v2, until I found that I couldn't remove vlan1 or change it from being untagged from all interfaces.
O didn't have such issues with the ACLs on my TL-SG3210's (2) which have LACPs of two strands of fiber off this 'core' switch.....which is kind of freaky, if you consider that I'm a single, recently retired, SA, living in a 600 sq ft senior living studio apartment. TL-SG1016DE v2 did briefly reappear when I set it up in port vlan mode, which is was a way to get around the vlan1 issue...though it was weird where one and only one port was in the first vlan, and all the other ports were in the other vlan...but I had run out of ports on the DGS1210-20....but with one exception all of my connected Home Theatre equipment (which is where these switches live (since cable TV and Google Fiber are in the same corner) aren't gigabit.
Doing fiber between switches had come from discussion on why I had been running CAT 7 everywhere, and someone suggested that a pair of fiber + SFPs would be cheaper than SFPs + CAT7 .... and a whole lot geekier. Except that I already had some long runs of CAT7, and a collection of copper SFPs...so not all such runs got done as fiber, especially for the two switches next to each other.
With this new switch, I probably don't need the other 24 port switch next to it, though will probably keep both going as it makes some sense that only this new switch will get the long run UPS treatment. Which held up doing a recent outage, which would've been good if I hadn't fogotteen to do something for the EAP245s (and perhaps the OC200 when I get around to setting that up....)
Still, I'd like to see a firmware update someday for the TL-SG1016DEv2....which was my first 'managed'-able switch. My v2 TL-SG108E did upgrade into a v3....both had been acquired before I had the free time to go crazy with my home network, and break the shrink wrap on them. Still can't quite just toss it, and its not making a good door stop.
Wonder if I'll make use of the L3 features at some point....had originally hopped the DGS1210-20 would do it, but turns out it was on sale because it was the older C hardware, rather than the also discontinued F hardware. Will probably need to find time to read the manual first though.
L
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3622
Replies: 11
Voters 0
No one has voted for it yet.