Description:

Switches of the GS-3xxx series support Static Routing. In some scenarios the communication between the networks has to be prevented.

This article describes how the communication between networks can be prevented by using the Access Control List (ACL).

Requirements:

• Switch of the GS-3xxx series
• On the switch several networks are configured which are separated via VLAN
• The switch has to be used as the router
• Any web browser for accessing the switch webinterface

Scenario:

• Communication between the two networks 10.10.10.0/24 and 20.20.20.0/24 is to be prohibited.

Procedure:

1) Open the webinterface of the device, go to the menu Access Control → Access Control List and click the "Plus icon"to create a new Access Control Entry (ACE).

2) Edit the following parameters and click Apply afterwards:

• Frame Type: In the dropdownmenu select IPv4, since in this example the communication between two IPv4 networks is to be prevented. 
• SIP Filter: In the dropdownmenu select Network.
• SIP Address: Enter the network address of the source network from which communication is to be prevented.
• SIP Mask: Enter the subnet mask of the source network.
• DIP Filter: In the dropdownmenu select Network.
• DIP Adress: Enter the network address of the destination network to which communication is to be prevented.
• DIP Mask: Enter the subnet mask of the destination network.
• Action: In the dropdownmenu select Deny to prevent communication.

3) Create a new entry and prohibit communication between the source network 20.20.20.0/24 (SIP Address and SIP Mask) to the destination network 10.10.10.0/24 (DIP Address and DIP Mask).

4) Go to the menu Maintenance → Configuration → Save Startup-config, check the radio button startup-config and click Save Configuration to save the configuration as Startup Configuration.