ACL rules
Hi Team,
See also attached image:
The idea behind this rule is that devices in the qaurantine vlan can only connect to other devices within the same vlan as well as the DMZ/Internet.
The goal of this rule is to prevent (i.e. block) connections to and from any of the other vlans.
Would this rule indeed work this way?
If not: what did I miss or overlook?
Cheers - Will
=====
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You need to first set up an ACL for permit, like the one shown in your picture.
You will also need to set another entry for Deny all of Bi-Decrectional as a second ACL.
- Copy Link
- Report Inappropriate Content
I don't understand => don't recognize settings for bi-directional - only for uni-directional?
Which means I need 2 rules? One going from left-to-right? And the second going from right-to-left?
An example would be helpful - anyone?
- Copy Link
- Report Inappropriate Content
This is because if you do not set an ACL to prevent communication in both directions, VLAN Interfaces can communicate with each other by default.
- Copy Link
- Report Inappropriate Content
Thank you for the response. I'm aware that by default, all traffic between vlans is allowed.
But still... I don't understand how this Omada ACL should work. Hence the follow-up question for an example.
Meaning I'm trying to understand the concept of this Omada ACL approach for a few months now. But I'm still struggling... One reason could be that with other, similar type of ACL rules I have worked with, there is an implicit-deny after each allow.
Meaning network admins define only what is allowed - everything else is blocked "magically".
The way this tlooks to me is that this not the case with the Omada ACL approach.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 742
Replies: 4
Voters 0
No one has voted for it yet.