No device reachabe after ACL

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

No device reachabe after ACL

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
No device reachabe after ACL
No device reachabe after ACL
2023-10-27 16:48:50

Hello and sorry for disturbing again.

I feel a bit stupid right know that I have that many problems. But it's the first time that I try to configure a network with omada.

 

I now have the following problem.

I created  a network with the components:

OC200

ER7206

SG2218P

SG3428

3x EAP615

 

After everything was working, I created a management VLAN like in the WIKI described and added every device to it. The IPs were correct (only the gateway was still showing the 192.168.0.* IP) and everything was manageable via the OC200.

I was not able to bring attach the gateway to the management VLAN.

 

After all those configuration I wanted to deny the inter VLAN communication (strange that its allowed by default) by adding an ACL.

 

Here I obviously did a mistake. I created one switch rule were I denied communication between any  network and vice versa.

Know nothing is visible anymore from the OC200.

Will this rule also block intra VLAN traffic?

 

How can I reverse this setting? Will a device reboot reset the last non saved settings? Like it is with Cisco for example (running and saved config)

 

Hope for your help.

 

BR

Sebastian 

 

  0      
  0      
#1
Options
7 Reply
Re:No device reachabe after ACL
2023-10-27 20:11:49

  @SebastianH 

 

Sadly not, what you may need to do is statically set the IP of a laptop / pc to the same range as your OC200, then plug it into the front port on your OC200 and connect to it that way

 

Once there you can log in and revert the ACL

 

If you created an ACL that blocked all traffic, then yes it will block ALL.. been there done that before!

 

  0  
  0  
#2
Options
Re:No device reachabe after ACL
2023-10-27 20:16:48

  @Philbert 

Thank you.

So I will reset everything and start over. That's how you learn ;)

But then I have two questions:

1. How do I get the gateway into to the management VLAN?

2. How do I block inter VLAN traffic in general?

 

BR

Sebastian 

  0  
  0  
#3
Options
Re:No device reachabe after ACL
2023-10-27 20:40:13

  @SebastianH 

 

I have my oC200 on a management VLAN

  1. config the standard 192.168.0.x range for you oc200 / switches etc.. (out of box)
  2. create your management vlan
  3. apply your management vlan to a port on the switch (say port 10)
  4. apply the management vlan to your Switch / APs etc.. they will go offline for a bit
  5. re-ip (if needed) then move your oc200 to Port10 where the management vlan is.. all should reconnect

 

Not saying that is the perfect way, but how i done it :)

 

Blocking intervlan can be done by just creating an ACL called BLOCK ALL and doing what you done before.    It will work, as long as your OC200 and other network hardware are on the same VLAN first..

 

  0  
  0  
#4
Options
Re:No device reachabe after ACL
2023-10-28 05:11:43

  @Philbert 

Thank you. 

This is exactly what I did. And sfter applying the acl everything was dead.

 

I will do it again and post my confirmation here and ask before applying the acl.

 

Don't sure if I find the time today, but I will reach out for you again.

 

 

Thanks for the help. 

 

Sebastian 

  0  
  0  
#5
Options
Re:No device reachabe after ACL
2023-10-28 10:40:08 - last edited 2023-10-28 10:42:01

@Philbert 

 

Hi, 

this is what I got so far:

 

 

 

 

All Devices are confugured to be in Management VLAN4090 and also OC200 is on a switchport assigned to VLAN4090. IPs are correct and everything is manageable.

Question: How do I bring the Gateway ER7206 into the management VLAN, so that it shows a IP from the correct range and the management is only possible via this IP?

 


After that I would like to forbid any inter VLAN routing at a first step.
Can I do this?

  0  
  0  
#6
Options
Re:No device reachabe after ACL
2023-10-28 12:48:22

  @SebastianH 

 

Ok so in the last picture i would advise against blocking LAN to LAN, IOT to IOT etc..  that will block internal traffic.    Take the IOT for example, you have blocked IOT to IOT so will stop that vlan traffic flowing through the switch or AP

 

Best to create a ACL for each.. say IOT Block ALL  >  then block All the other network (except the LAN if you are using it for trunking).   Remember not to block your trunks

 

 

 

  0  
  0  
#7
Options
Re:No device reachabe after ACL
2023-10-28 14:03:32

  @Philbert 

Sounds good even if its a bit of a pain that inter VLAN communication is open by default. Every newly created VLAN could be a possible security or IP conflict potential. 

 

Anyways. I will create two rules for each VLAN blocking all other. 

What do you mean with TRUNK (LAN). A trunk for me is a link with multiple VLANS on it. And not a network.

 

And how do I make the router only accessible from management VLAN?

  0  
  0  
#8
Options