Access Control List not working on AX7501-B1
Freshman Member
Hello Community
I own a AX7501-B1 and have configured two VLANs:
VLAN ID 1 - Default - 192.168.178.0/24
VLAN ID 10 - Guests - 192.168.5.0/24
This works fine so far.
My Goal is to drop traffic between those VLANs. That's why I've created two ACLs:
Both are configured like this:
Problem: Traffic is still going from one to the other VLAN:
I've tried all the "Direction" possible in the ACL. No luck.
Am I missing something? Any help is highly appreciated!
All Replies
-
Hello @CloudByte
Welcome to the forum.
I wonder if the ACLs are not working because the 192.168.178.0/24 and 192.168.5.0/24 are subnets rather than specific IP addresses.
As a test, what happens if you put 192.168.178.155 and 192.168.5.135 in the Source IP address and Destination IP address fields?
If you get a deny, then is there a Specific Subnet setting available where you have Specific IP address selected?
- if there is, then you can trying putting the subnets into the IP address fields.
Merry Christmas and Kind regards,
Tony
0 -
Hi Tony
Thank you very much for your response!
I've already tried that. If I put IPs instead of Subnets in the Source & Destination address fields still nothing is denied/dropped between those two IPs… So that's why I'm out of ideas what to try next.
Also had a look via SSH but there doesn't seems to be any Firewall settings available via SSH…Happy holidays to you too!
Kind regards
Stefan1 -
Hi Stefan @CloudByte
Are you able to say what firmware version you are running?
It might have a bug in it...
Happy new year.
Kind regards Tony
0 -
Hi Tony @tonygibbs16
I'm running on the newest firmware available by my provider init7 which is V5.17(ABPC.5.3)C0.
Fells to me like a bug too…
Happy new year!
Best regards
Stefan1 -
Hi Stefan @CloudByte
That firmware is the latest version available, and the release note is at https://spdl.zyxel.com/AX7501-B0/firmware(public_version)/AX7501-B0_5.17(ABPC.5.3)C0.pdf and it does not mention access control lists at all.
It does feel like a bug…
Something that could help confirm if it is a bug is what does the rule look like on the Security-Firewall-Access Control page when it is not working?
from the user guide
Is a yellow bulb showing under Status when the access control list is not working?
Is the Policy in the ACL set to Drop or Reject, rather than Accept?
Happy New Year to you also. :-)
Kind regards,
Tony
0 -
1
-
Hi Stefan @CloudByte
Thanks very much for your reply.
I have 2 final thoughts for your consideration:
- Do any of the Direction Settings make a difference? Are you using LAN to WAN or LAN to Router for example?
2. If there is still no difference in behaviour, then maybe you could log a Consumer Idea at the following link
for Zyxel to introduce a LAN to LAN Direction for the Access Control Lists in a future firmware revision.
Happy New Year and Kind Regards,
Tony
0 -
Hello Tony @tonygibbs16
- I've tried all the "Direction" settings possible in the ACL. No luck.
- Thanks for sharing the link.
Best regards
Stefan1
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 274 USG FLEX H Series
- 275 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 394 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
