How to configure VLAN Filter / VLAN Access – DGS-1510-Series

Topología:

PC1------------DGS-1510-----------PC2------------PC3
     (p1,v10)                                     (p9,v20)       (p10,v20)


PC1: 192.168.10.201
PC2: 192.168.20.200 
PC3: 192.168.20.100
VLAN 10: 192.168.10.1/24 
VLAN 20: 192.168.20.1/24

In this document we will create a filter ACL to network interfaces previously created and unable to see each other and cannot do pings through the different VLAN. We indicate the procedure through web interface and through commands (WebUI Setup and CLI)

Setup WebUI

Step 1 – Access the Web-UI of the switch and go to ACL / ACL Access List, here we allow access to 10.0 / 24 and 20.0 / 24 subnet.
Click “Add ACL”, select the "Standard IP ACL" the ID 10 and the name "net10" then repeat the procedure for the 20.0 / 24 subnet with “net20” name and ID 20.



Step 2 – Go to “ACL VLAN Access Map” to block traffic between VLANs. In Access Map Name enter the name "block10" in “Sub Map Number” type "10" and Action select "Drop"
Repeat the procedure with the name block20, Sub Map Number "10" and in Action select "Drop".

Once created, click the "Binding" button to select the “Match Access list”, click on "Please Select" and select the ID 20 for block20 rule, repeat the procedure for selecting the net10 block20.



Step 3 - Apply the VLAN Access Map on the specific VLANs

Enter ACL VLAN Filter, enter the Access Map Name "block10" created earlier to block the VID 20 and repeat the procedure for the Access Map Name "block20" and VID 10.




CLI:


Switch#show access-list ip
Standard IP access list net10(ID: 1998)
   10 permit any 192.168.20.0 0.0.0.255
Standard IP access list net20(ID: 1999)
   10 permit any 192.168.10.0 0.0.0.255
Switch#show vlan access-map
   VLAN access-map block10 10
    match ip access list: net20(ID: 1999)
    action: drop
    VLAN access-map block20 10
    match ip access list: net10(ID: 1998)
    action: drop


Switch#show vlan filter
   VLAN Map block10
   Configured on VLANs: 20
  VLAN Map block20
   Configured on VLANs: 10
[Expect results:
PCs in the same VLAN can ping each other, cannot ping across VLANs.

 

Rank: 1.5

These may also help: