Re: isolating a raspberryPi from local network except wan

linuxUser · ‎01-11-2023

Hello as the title reveals i try to block all local traffic to a raspberryPi, make it only accessable from the internet.

I want do so because of security reasons if someone get access to the raspberry

i try to archiev this with ACL on my cisco CBS250-8T-D switch.

can someone lead me a bit into the right direction?

my local subnet is 192.168.0.0/24

router is 192.168.0.1

the raspberry pi 192.168.0.15

the webserver is reachable whatever i try to block

thanks for your time

linuxUser · ‎01-11-2023

for any reason the attached screenshot was removed

balaji.bandi · ‎01-11-2023

You can try ACL source 192.168.0.0/24 to 192.168.0.15 (mask 255.255.255.255) deny from LAN

If the device is in Layer 2 domain network time it does not even reach the gateway.

if the Pi need to be separated, use different VLAN and IP address and apply ACL.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

linuxUser · ‎01-11-2023

On my switch port 1 is a fritzbox, port 2,3 a nas, and port 8 is the raspberry pi
if i put port 1 and 8 in the same VLAN then my nas loose connection to the fritzbox
how can i add both VLAN to the router but seperate in same time localy?

linuxUser · ‎01-13-2023

how do i create such VLAN?

Rodrigo Diaz · ‎01-11-2023

hello @linuxUser how are you applying the ACL and how's look like ? if you are authenticating the device what you can enforce in the device' session a DACL

linuxUser · ‎01-11-2023

i apply through web interface not in terminal, wich device should i authenticate?

Dacl is not aviable.. see screenshot