Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1045
Views
0
Helpful
3
Replies

SFE2000 & ACL to stop VLAN traffic

james.spencer
Level 1
Level 1

‎09-25-2010 03:26 AM

Hi All,

I have setup a new SFE2000 switch to work in Layer 3 mode using the IP address 192.168.100.254 on VLAN 1

Additional VLAN's are:

VLAN2     192.168.102.x     To be used for guest wireless access

VLAN3     192.168.103.x

VLAN4     192.168.104.x

I would like VLAN1, 2, 3 and 4 to be able to communicate with each other while VLAN2 (Guest) needs to be restricted from everything except web access and dhcp assignment from our server.

I have been playing with various ACL's in an effort to accomplish this but so far I have drawn a blank in getting this working.

Can any one draw any light to a managed switch newbie

Thanks in advance

James

Labels:
0 Helpful
3 Replies 3

james.spencer
Level 1
Level 1

‎09-25-2010 12:21 PM

Ok so I have been playing around with this for most of the day and got no joy what so ever.

Until...

I investigated the possibility of CLI and founf lcli which allowed me to create the acl's and the rules and assign them to the interfaces.

Bing! Hey presto it worked.

Not sure why the web interface didn't but such is life.

0 Helpful

mike.reynolds
Level 1
Level 1
In response to james.spencer

‎03-07-2011 08:36 AM

I am having the same issue. Can you post your exact solution please?

Thanks.

0 Helpful

mike.reynolds
Level 1
Level 1
In response to mike.reynolds

‎07-07-2011 08:42 AM

I was able to get this working with ACLs and setting a static route from the router (in my case Sonicwall TZ 180) back to the SG300 network. I have enclosed screen shots of the config from the GUI. You need to bind the ACL to whatever

ports you want to filter the guest traffic either where they would connect a hard wired connection or where you would connect your Wireless AP. The ACL I have created allows VLAN 13 to get a DHCP address and communicate through DNS but nothing else. 192.168.9.254 is the Sonicwall router which I wanted on a different VLAN.

Hope this helps others with their setup.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents