how to implemet acl on dlink 3627g switch

September 1, 2011 at 23:32:40
Specs: Windows 7
hi all,
I have got a dlink layer 3 switch - 3627g. The switch is interconnected with two other switches (L2).
I have created three vlans - v1 , v2 and v3 on the switches.
I wish to implement a policy based vlan routing - so that users in v2 and v3 can only communicate and v1 is restricted to own group.

how to implement the above.
thanks
Nishith


See More: how to implemet acl on dlink 3627g switch

Report •

#1
September 2, 2011 at 07:32:10
Well, I've never worked with any D-Link managed switch. I've also never played with policies. To accomplish what you're asking, I would instead use static routes in the routing table.

Maybe you have a specific reason for using policies but I've always found them bulky and well, rather much useless. To accomplish your goal requires you to only create a route between VLAN 2 and 3 (well ok, two routes, one from VLAN 2 to VLAN 3 and vice versa). Not creating any routes from VLAN 1 to the other VLAN's (and vice versa) means it can't communicate with them, or them with it.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
September 2, 2011 at 10:15:22
hi curt
actually I wish to take it beyond the simple routing issues.
I would like policies to be implemented - eg only v2-> v3 file sharing and not vice versa,
v3-> v2 ftp possible, etc.

Therefore the need for policy based vlan routing

any more ideas
Nishith


Report •

#3
September 2, 2011 at 10:35:18
Well, in that case all I can tell you is, if it were me in your shoes, I'd be figuring out how to do that with the user interface provided by your switch.

With a cisco, I'd to do this from the command line. With the Avaya switches we use here, it would be simpler to do it from the GUI and that's what I'd use on them.

If your D-Link is like most other managed switches I've worked with over the years, the CLI will be very similar to that of a Cisco.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
November 24, 2011 at 18:56:13
When you create vlans on the 3627 along with separate vlan interfaces, all vlans can then talk to each other by default. Tos stop this you need to create an access profile..
i.e

create access_profile profile_id 1 ip icmp type source_ip_mask 255.255.254.0 destination_ip_mask 255.255.255.0
config access_profile profile_id 1 add access_id 5 ip destination_ip 192.168.0.0 source_ip 192.168.2.0 icmp type 0 port all permit
config access_profile profile_id 1 add access_id 10 ip destination_ip 192.168.0.0 source_ip 192.168.2.0 icmp port all deny

for policy routing I used a rule like this:

create access_profile profile_id 3 ip source_ip_mask 255.255.255.0
config access_profile profile_id 3 add access_id 5 ip source_ip 192.168.10.0 port all permit

create policy_route name 4ward
config policy_route name 4ward acl profile_id 3 access_id 5 nexthop 192.168.10.254 state enable

Pete


Report •

Ask Question