Solved: Re: RVS4000 IP Access Lists

bmangan83 · ‎01-11-2010

Hello all,

I am trying to block access from 1 VLAN to another without disabling InterVLAN routing.

In my access list entry I have the following:

Deny ALL protocols, Source interface LAN; Source Address Network 192.168.8.0/24 (VLAN I wish to block); Destination Address Network 192.168.1.0.

It looks like this should work however hosts from the 192.168.8.0 network can access the 192.168.1.0 network. If I disable InterVLAN routing it blocks traffic between the VLANs as you would expect. In the future I plan to have another VLAN that I do wish to route between VLANs.

Any help would be appreciated,

Thanks!

Brian

Te-Kai Liu · ‎01-13-2010

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

View solution in original post

Te-Kai Liu · ‎01-13-2010

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

bmangan83 · ‎01-13-2010

Thanks for your help. It is too bad that feature is not supported in this router. Is this something that is being considered for the future?

Have a great day!

Brian

Te-Kai Liu · ‎01-13-2010

To support the scenario you described, you might want to take a look at the SA500 series such as SA520.

For RVS4000, I will pass your request onto the product team for consideration.

I was told that RVL200, which also supports inter-VLAN routing and IP-address based Access Rules, can support the scenario you described.