Contact Us
Pakistan / English
Search

How to block an illegal client with Certain IP address from getting access to the network using TP-Link Managed Switches

User Application Requirement
Updated 07-01-2024 03:39:32 AM Number of views for this article92488
This Article Applies to: 

Suitable for: TP-Link Smart Switch and L2/L2+/L3 managed switches

Network requirement:

In the network,we want to block the illegal Client whose IP address is 172.30.30.105/24 from getting access to the network,but we do not know which port this illegal client is connecting to the Switch.

Here is one way to configure an extend-ACL rule on TP-Link switch to block the illegal client from getting access to the Local Area Network and the Internet through Gateway Router.In this example,we use TL-SG3424 V1.0 to do Web configuration and CLI configuration.

Web configuration:

Step 1. ACL Config

Create Extend ACL ID ranging from 200 to 299.

In Extend-IP ACL,select the ACL ID created in Step 1,create a Rule with the following parameters:

“Operation”=Deny;

“S-IP”=172.30.30.105 “Mask”=255.255.255.255;

Step 2. Policy Config

In “Policy Config”-”Policy Create”,create an Policy Name,like “block”

Selecting the policy name and ACL ID and click on “Create” to create an Action.

Step3.Policy Binding

Selecting the Policy “block”,the rule will be effective on all of the 24 ports,so for the port range,you should fill in “1-24”.Then click on “Bind”

So far you have finished the Web configuration on TL-SG3424,if you think it is too low to use Web,here is the Command if you want to configure the switch by console or telnet or ssh.

CLI Configuration:

TL-SG3424>

TL-SG3424>en

TL-SG3424#con

TL-SG3424(config)#

TL-SG3424(config)#access-list create 200

TL-SG3424(config)#access-list extended 200 rule 1 deny sip 172.30.30.105 smask 255.255.255.255

TL-SG3424(config)#access-list policy name block

TL-SG3424(config)#access-list policy action block 200

TL-SG3424(config-action)#ex

TL-SG3424(config)#interface range gigabitEthernet 1/0/1-24

TL-SG3424(config-if-range)#access-list bind block

Verification for the experiment:

Here is the IP parameters of the illegal PC,we use ping command to test if this PC can successfully ping the Internet Gateway Router whose IP address is 172.30.30.1.

This “Request time out” proved that the ACL rule has taken effect on TL-SG3424 to block the illegal client whose IP address is 172.30.30.105 from getting access to the network.

Note:After the configuration above,Neither the Internet Nor the FTP Server can be visited by 172.30.30.105.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.

GO Other Option

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au