I’m using Cisco SG500 in layer 3 mode and created different VLANs. Now I want to create IPv4 based ACLs and apply to those VLANs to restrict access.
The VLANs are as per below.
I’m using built-in DHCP server feature of SG500 so all DHCP Pools are configured on the switch itself.
Now I want all members within workstation VLANs to get IPs from the DHCP Pool and only access Internet & Servers and nothing else.Also, I want all members with in Guest VLAN to get IPs from their DHCP Pool and access only Internet and nothing else.
Is anybody show me how to configure IPv4 based ACLs with minimum ACEs for above scenario? but using only web GUI interface as I don’t have knowledge of CLI.
Thanks in anticipation.
Go to Solution.
Since the destination IP address to the internet sites is unknown and traffic to other VLANs can be summarize 10.0.0.0/8 I would do one ACL and use it to bind to all VLANs
10 deny src any dst 10.0.0.0/8
20 permit any any
Note: this ACL would also prevent workstations from communicate between each other inside the same VLAN.
If this is not desired scenario than there needs to be ACE added to allow traffic within VLAN just above deny.
Please find below document which can guide you through Web GUI configuration: