TP-Link Omada TP-Link Vigi
Contact Us
United States / English
Store
Get a Demo
Search

How to block an illegal client with Certain IP address from getting access to the network using TP-Link Managed Switches

User Application Requirement
Updated 07-01-2024 03:39:32 AM Number of views for this article97698
This Article Applies to: 

Suitable for: TP-Link Smart Switch and L2/L2+/L3 managed switches

Network requirement:

In the network,we want to block the illegal Client whose IP address is 172.30.30.105/24 from getting access to the network,but we do not know which port this illegal client is connecting to the Switch.

Here is one way to configure an extend-ACL rule on TP-Link switch to block the illegal client from getting access to the Local Area Network and the Internet through Gateway Router.In this example,we use TL-SG3424 V1.0 to do Web configuration and CLI configuration.

Web configuration:

Step 1. ACL Config

Create Extend ACL ID ranging from 200 to 299.

In Extend-IP ACL,select the ACL ID created in Step 1,create a Rule with the following parameters:

“Operation”=Deny;

“S-IP”=172.30.30.105 “Mask”=255.255.255.255;

Step 2. Policy Config

In “Policy Config”-”Policy Create”,create an Policy Name,like “block”

Selecting the policy name and ACL ID and click on “Create” to create an Action.

Step3.Policy Binding

Selecting the Policy “block”,the rule will be effective on all of the 24 ports,so for the port range,you should fill in “1-24”.Then click on “Bind”

So far you have finished the Web configuration on TL-SG3424,if you think it is too low to use Web,here is the Command if you want to configure the switch by console or telnet or ssh.

CLI Configuration:

TL-SG3424>

TL-SG3424>en

TL-SG3424#con

TL-SG3424(config)#

TL-SG3424(config)#access-list create 200

TL-SG3424(config)#access-list extended 200 rule 1 deny sip 172.30.30.105 smask 255.255.255.255

TL-SG3424(config)#access-list policy name block

TL-SG3424(config)#access-list policy action block 200

TL-SG3424(config-action)#ex

TL-SG3424(config)#interface range gigabitEthernet 1/0/1-24

TL-SG3424(config-if-range)#access-list bind block

Verification for the experiment:

Here is the IP parameters of the illegal PC,we use ping command to test if this PC can successfully ping the Internet Gateway Router whose IP address is 172.30.30.1.

This “Request time out” proved that the ACL rule has taken effect on TL-SG3424 to block the illegal client whose IP address is 172.30.30.105 from getting access to the network.

Note:After the configuration above,Neither the Internet Nor the FTP Server can be visited by 172.30.30.105.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From Latvia?

Get products, events and services for your region.

GO Other Option

As explained further in our website Privacy Policy, we allow certain advertising partners to collect information from our website through cookies and similar technologies to deliver ads which are more relevant to you, and assist us with advertising-related analytics (e.g., measuring ad performance, optimizing our ad campaigns). This may be considered "selling" or "sharing"/disclosure of personal data for "targeted advertising" as defined by certain U.S. state laws. To opt out of these activities, press "Opt Out" below. If the toggle below for "Targeted Advertising and 'Sale' Cookies" is to the left, you are already opted out and you can close these preferences.

Please note that your choice will apply only to your current device/browser. You must indicate your choice on each device and browser you use to access our website. If you clear your cookies or your browser is set to do so, you must opt out again.

Your Privacy Choices

As explained further in our website Privacy Policy, we allow certain advertising partners to collect information from our website through cookies and similar technologies to deliver ads which are more relevant to you, and assist us with advertising-related analytics (e.g., measuring ad performance, optimizing our ad campaigns). This may be considered "selling" or "sharing"/disclosure of personal data for "targeted advertising" as defined by certain U.S. state laws. To opt out of these activities, press "Opt Out" below. If the toggle below for "Targeted Advertising and 'Sale' Cookies" is to the left, you are already opted out and you can close these preferences.

Please note that your choice will apply only to your current device/browser. You must indicate your choice on each device and browser you use to access our website. If you clear your cookies or your browser is set to do so, you must opt out again.

Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Targeted Advertising and "Sale" Cookies

These cookies allow targeted ads or the "sale" of personal data (toggle to the left to opt out).

Analytics cookies enable us to analyze your activities on our and other websites in order to improve and adapt the functionality of our website and our ad campaigns.

Advertising cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Meta Pixel

_fbp

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or

Reddit

_rdt_uuid

Welcome to Our Website! If you stay on our site, we and our third-party partners use cookies, pixels, and other tracking technologies to better understand how you use our site, provide and improve our services, and personalize your experience and ads based on your interests. Learn more in your privacy choices.