Showing results for 
Search instead for 
Did you mean: 

ACL config on SG 300 28P



I am trying to set up an ACL on our Cisco SG 300 switch. I want to create an ACL that enables hosts on our guest network to obtain IP addresses from a server on our "internal" network but they should not be able to reach any other resorses on that network. I set it up as follow, but it does not work the way i want. I have also bind interfaces to the ACL. Any sugestions?

Ny bild.jpg


5 Replies 5


Hello Morgan,

How is your network currently setup? Are you using the SG300 as a layer3 switch? And if so, is it acting as your default gateway?

Most commonly when setting up a private/internal and public/guest network, I recommend using vlans and two subnets. I can not speak to the DHCP server but most should support multiple vlans and subnets. This allows you to seperate your traffic in a very simple way.


Tanks for your replay. The switch is configured to run in Layer 3 mode and one interface at each V-lan is default gateway. I want to configure an ACL that function so it only alow DHCP trafific from V-lan 4 Guest to V-lan 3 internal. It shuold also block trafic to V-lan 5. I hope that you understand what i mean, see the picture.


Thanks for the diagram it is very helpful.

I would recommend the following rules

Permit to *server IP*

Deny to

Deny to

Permit any to any

This will allow any computers on guest network to talk to the server on the main network. The deny rules will block any traffic from the guest network to the private network and to the other vlan5. The final rule clarifies that all other traffic is ok to go.

Thanks for your suggestion. I have used it with some small changes, and it works perfect. I uppload a picture on my config so you can see. The ACL is only permitting DHCP and DNS traffic between the guest network and the internal.

Tanks again.



Message was edited by: Morgan Andersson

Thank you! This helped me accomplish implementing an ACL to protect my internal networks from a hard wired guest.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X