Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL config on SG 300 28P

Hello!

I am trying to set up an ACL on our Cisco SG 300 switch. I want to create an ACL that enables hosts on our guest network to obtain IP addresses from a server on our "internal" network but they should not be able to reach any other resorses on that network. I set it up as follow, but it does not work the way i want. I have also bind interfaces to the ACL. Any sugestions?

Ny bild.jpg

/Morgan

4 REPLIES
Bronze

ACL config on SG 300 28P

Hello Morgan,

How is your network currently setup? Are you using the SG300 as a layer3 switch? And if so, is it acting as your default gateway?

Most commonly when setting up a private/internal and public/guest network, I recommend using vlans and two subnets. I can not speak to the DHCP server but most should support multiple vlans and subnets. This allows you to seperate your traffic in a very simple way.

New Member

Re: ACL config on SG 300 28P

hello!

Tanks for your replay. The switch is configured to run in Layer 3 mode and one interface at each V-lan is default gateway. I want to configure an ACL that function so it only alow DHCP trafific from V-lan 4 Guest to V-lan 3 internal. It shuold also block trafic to V-lan 5. I hope that you understand what i mean, see the picture.

/Morgan

Bronze

Re: ACL config on SG 300 28P

Thanks for the diagram it is very helpful.

I would recommend the following rules

Permit 192.168.175.0/24 to *server IP*

Deny 192.168.175.0/24 to 10.1.10.0/24

Deny 192.168.175.0/24 to 192.168.200.0/24

Permit any to any

This will allow any computers on guest network to talk to the server on the main network. The deny rules will block any traffic from the guest network to the private network and to the other vlan5. The final rule clarifies that all other traffic is ok to go.

New Member

Re: ACL config on SG 300 28P

Thanks for your suggestion. I have used it with some small changes, and it works perfect. I uppload a picture on my config so you can see. The ACL is only permitting DHCP and DNS traffic between the guest network and the internal.

Tanks again.

/Morgan

Sweden

Message was edited by: Morgan Andersson

1537
Views
0
Helpful
4
Replies