Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 9 of 9

Thread: ACL question

  1. #1

    ACL question

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    hi all, i got a 3210 switch, working as a VLAN on several ports and the trunk is SFP port 10.
    I need to add an access list for an ftp server on port Eth-7, for the address for example 192.168.1.10 the ftp server address, so that any request comes from the trunk port SFP 10 to this address 192.168.1.10 will be directed automatically to port 7 and therefore to the ftp server.
    any help how to do this and is it doable on this switch ?

  2. #2
    Quote Originally Posted by johnnybravo135 View Post
    I need to add an access list for an ftp server on port Eth-7, for the address for example 192.168.1.10 the ftp server address, so that any request comes from the trunk port SFP 10 to this address 192.168.1.10 will be directed automatically to port 7 and therefore to the ftp server.
    Do you want to provide FTP access to several subnets using the VLAN trunk or what do you exactly mean with "requests from the trunk port"?

    To share a FTP server between logically separated networks there are two possible solutions:

    - use a router to route requests from different subnets to the FTP sever or

    - set up VLAN tagging at the FTP server, give it as many IPs as you have subnets and add it to the corresponding VLANs (e.g. expanding trunk on to eth7 to avoid having to use an external router (actually, the server with FTP service does the routing between the VLANs in this solution).

  3. #3
    Dear, I have a ccr that I don't have access to its management, and it's providing internet to the users via pppoe server built in with a shaper for the speed and a quota for each pppoe client, I have created the ftp server, want to add it to the network therefore those clients will benefit from this server without passing through the shaper and without counting the daily limits of their quota.I have two switches 3210, one is after the CCR directly and the other is on the roof that is distributing to the wireless accesspoints, on the other end, the user receive the wireless signal via a roof antenna access point, connects it to his router, configure the router wan pppoe and get connected to the internet.The CCR is providing pppoe dhcp range of 10.10.20.xxx 255.255.255.255If you want me to draw a diagram for this I will.

  4. #4
    Quote Originally Posted by johnnybravo135 View Post
    I have created the ftp server, want to add it to the network therefore those clients will benefit from this server without passing through the shaper and without counting the daily limits of their quota.
    So all clients are in the same subnet? Then probably you could use an extended ACL with source port to IP/dest port redirection to catch every FTP request and send them to port eth7, but I didn't yet set up such a scheme with redirection ACL on a L2 switch (I only use multi-homed FTP servers for my clients, which are in separate VLANs/subnets).

  5. #5
    Yes that's the idea, all client are in the same subnet, Any kind of help on how to do the ACL as you said, coz I couldn't do it.My name is John from Beirut, +96170921935 if you would like to talk on WhatsApp.Again thank you

  6. #6
    As it is explained in the manual I would try following steps:

    - Create an extended ACL, specify source address range for all devices on the subnet (source IP, network mask, destination port - see page 167 in the UG).
    - Create a policy config, specify "redirect" as action and port of your FTP server (page 169).
    - Optionally bind a port to the policy to your trunk port or VLAN (page 170 and following).
    - Add the policy to the ACL.

    Unfortunately, I have no L2+ switch to try it, but since the switch can classify packets on matching their L2-L4 protocol key fields, it should be possible to achieve it as described in the manual. See also the application example at the end of the ACL chapter in the manual.

  7. #7
    it didn't work sir.

  8. #8
    Did you define a redirect for the destination IP and both FTP ports 20/21 and also change the IP of the FTP server to be in the 10.10.20.0 subnet? If it still does not work, I have no idea, maybe it helps to call TP-Link support.

  9. #9
    Yes I did, I've defined all ports, and changed the server ip address to 10.10.20.10, and targeted the source destination to port eth7 as the server is connected to it. But still the same, on other hand on the clients routers wan ports, I've tried another idea, which is to add a manual IP, from the range of the server's let's say 192.168.10.0, additional IP address for each client with the pppoe is still working, and it worked perfectly, but the idea isn't to make it work like that only, coz some clients routers doesn't support two wan protocols.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.