How to allow the clients which are isolated by ACL to access the printer in same VLAN?

Zyxel_Melen

Scenario:

Since port isolation cannot isolate clients in different switches, users can use ACL to restrict the connection between each client. However, it causes clients not to access the server or printer in the same subnet. This FAQ will guide you on how to allow the clients to access the server or printer in the same subnet.

Topology:

Configuration:

Please navigate to Site-wide > Configure > Switches > ACL to set up the rules.

1. Setup the rule to allow your DHCP server can provide DHCP IP address. Rule 1 in below is the example. You can change the source IP address as your DHCP server’s and the other columns are the same.
2. Setup the rule to allow clients to access the Internet. Rule 2 & 3 in below are the examples. You can change the subnet if your subnet is not 192.168.1.x. And you must change the MAC address to your firewall’s with mask FF:FF:FF:FF:FF:00.
3. Set up the rule to allow clients to access the printer. Rule 4 & 5 below are the examples. In many cases, the printer is set with a static IP address. If your printer has a static IP address, you should also fix the MAC address instead of any to prevent IP spoofing.
4. Setup the deny rule to deny other traffics. Rule 6 in below is the example. You can change the subnet if your subnet is not 192.168.1.x.
   

Verification:

The results are below. The PC can ping to the Internet, the firewall, and the printer. But it cannot ping to other devices.