How to Block Communication between Two Server Groups in Different Subnets

This document applies to firmware version ReOS V10.
 
User Requirements
 
A company’s network uses a UTT Router to connect to the Internet. The network consists of two subnets: 192.168.16.0/24 (Subnet A) and 192.168.1.0/24 (Subnet B). There are two groups of servers, one group (IP address range: 192.168.16.200-254) is located at the Subnet A, and the other group (IP address range: 192.168.1.200-254) is located at the Subnet B. It is required that the two server groups cannot communicate with each other.
 
Analysis
By default, the hosts in the two LAN subnets can communicate with each other via the UTT Router. However, the Router allows you to create an access control rule to block communication between the two server groups.
 
Configuration Steps
Login to the Web UI of your Router, and then do the following settings.
 
Adding a Secondary LAN IP Address
 
First, you need to add a secondary LAN IP address on the Router. The steps are as follows:
 
 Go to the Basic > LAN page, see the following figure.
 
Click the Advanced Options hyperlink, and enter 192.168.1.1 in the IP Address text box.
Leave the other parameters at their default values.
Click the Save button to save the settings.
 Configuring an Access Control Rule
Next create an access control rule to block communication between the two server groups, see the following figure. The steps are as follows:
 
 Go to the Security > Firewall > ACL Settings page, see the following figure.
 
Select Deny from the Action drop-down list.
 Enter 192.168.16.200 and 192.168.16.254 in the Source Addresses From and To text boxes.
Enter 192.168.1.200 and 192.168.1.254 in the Destination Addresses From and To text boxes.
Leave the other parameters at their default values.
Click the Save button to save the settings.
Enabling Access Control
 
Lastly, you need to enable access control feature to make the access control rule take effect. The steps are as follows:
 
Go to the Security > Firewall > Access Control List page, see the following figure.
 
Select the Enable Access Control check box.
Click the Save button to save the settings.
 
The configuration is now complete. Then the servers in the two groups cannot communicate with each other, without affecting communication between other hosts in the two LAN subnets.