Knowledge Base

How can I allow forwarding of a single host IP within an IP subnet by using policy rules on the XGS-4528F?

Scenario

Objective: 

- Hosts on network 192.168.1.0/24 cannot access server 192.168.2.201.

- Only host 192.168.1.101 can access server 192.168.2.201.

 

Step

1. Access the web GUI of the XGS-4528F.

2. Go to Advance Application > Classifiers

3. Create the following classifiers:

      Classifier "Deny_VLAN1-to-server"

      Source IP: 192.168.1.0 / 24

      Destination IP: 192.168.2.201 / 32

 

      Classifier "Allow_VLAN1-to-server"

      Source IP: 192.168.1.101 / 24

      Destination IP: 192.168.2.201 / 32

 

4.  Go to Advance Application > Policy Rule

5. Create the following policies:

 

      Policy Rule "Deny_VLAN1-to-server"

      Classifier "Deny_VLAN1-to-server"

      Forwarding: Discard the packet

 

      Policy Rule "Allow_VLAN1-to-server"

      Classifier "Allow_VLAN1-to-server"

      Forwarding: "Do not drop the matching frame previously marked for dropping"

 

Verification

1. Make sure all hosts' gateway and the server's gateway is the XGS-4528F.

2. Hosts with IP addresses 192.168.1.1~192.168.1.100 cannot ping the server 192.168.2.201.

3. Hosts with IP addresses 192.168.1.102~192.168.1.254 cannot ping the server 192.168.2.201.

4. Host 192.168.1.101 can ping the server 192.168.2.201. 



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:015295
TYPE:Application / Configuration Example
FIRMWARE:V4.00 (patch 1) and below
VIEWS:507
VOTES:1
TECHNOLOGY:ACL
MODEL:XGS-4526,XGS-4528F

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support