Commands:
set interfaces ethernet eth1 address ‘10.0.0.1/24’
set interfaces ethernet eth1 description ‘INTERNAL’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 speed ‘auto’
set interfaces ethernet eth1 vif 10 description ‘VLAN 10’
set interfaces ethernet eth1 vif 10 address ‘10.0.10.1/24’
set interfaces ethernet eth1 vif 20 description ‘VLAN 20’
set interfaces ethernet eth1 vif 20 address ‘10.0.20.1/24’
set interfaces ethernet eth1 vif 40 description ‘VLAN 40’
set interfaces ethernet eth1 vif 40 address ‘10.0.40.1/24’
Now my laptop would be in the users vlan, with a static IP of 10.0.10.100. I want to access the management network from my laptop. Can I simply create a route from 10.0.10.100 to 10.0.40.1/24 or do I need my laptop to join the VLAN40?
How can I prevent other subnets from communicating to 10.0.40.1/24 except 10.0.10.100?
set firewall group network-group MGMT-NET network 10.0.40.1/24
set interfaces ethernet eth1 firewall out name MGMT-NET
The management network just needs to talk to all devices on the same subnet. However, I want certain devices like my laptop to be able to communicate on this subnet.
[code]set firewall group network-group MGMT-STATIONS network ‘10.0.10.100/32’
set firewall name MGMT default-action ‘drop’
set firewall name MGMT rule 10 action ‘accept’
set firewall name MGMT rule 10 source group network-group ‘MGMT-STATIONS’
set interfaces ethernet eth1 vif 40 firewall out name MGMT[/code]
While I appreciate the answer, I would even more appreciate what each line means so that I can understand what its doing. Also, does the order of each line make a difference or not.
[quote=“unplugme71, post:5, topic:535”]
While I appreciate the answer, I would even more appreciate what each line means so that I can understand what its doing. Also, does the order of each line make a difference or not. [/quote]
The Vyatta documentation is a good reference. The order of lines is important in the context of firewall rule sets.