EAP ACL need help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP ACL need help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP ACL need help
EAP ACL need help
2020-12-15 17:09:25
Model: EAP245  
Hardware Version: V3
Firmware Version: 2.21.0

Hello I'm struggling a bit setting some ACL on the EAP245 via Omada (OC200).

 

I have 2 SSID, one called IOT and the other PRIVATE, they are in 2 separate VLAN (router is TL-R605 and switch TL-SG2428P at which the EAP is connected).

 

IOT devices, like for example Google Home, is connected to IOT WiFi.

Phone is connected to PRIVATE WiFi.

 

I wanted to create a rule where IOT Network can't talk with another network, in this example with PRIVATE WiFi.

 

What I have done was simply to go in Settings->Network Security->EAP ACL and create a simple ACL that Deny ALL protocols from Source (Network) IOT to Destination (Network) PRIVATE.

 

It actually works in the sense that if from the Phone I ping Google Home device, the ping fails.

But the issue is that if I open the Google Home App from the phone I can still continue to communicate with Google Home (of course Bluetooth is disabled).

 

Any idea why this happens ? I also tried to make a similar rule but using IP addresses, so for example to deny Google Home IP to PRIVATE Network or to deny Google Home IP to Phone IP. But the results is always the same, every rule works in the way that I cannot ping anymore but I still can communicate using the App that in other words means that the traffic is not blocked.

 

Then I have another couple of questions:

1) if I want a specific client to be able to communicate only with certain clients what I have to do ?

2) if I want a specific client NOT be able to access internet but maybe able to talk with some other internal network or specific client what I have to do ?

 

Thanks

  0      
  0      
#1
Options
1 Reply
Re:EAP ACL need help
2020-12-25 01:21:49

@Xstreem 

 

Very interesting observation.

 

Did you try enabling the Guest network function on the the IOT SSID? I will then use the EAP firewall to allow certain things thru.

 

I don't have any such devices to test with as I am old school guy, but in absence of communication from phone to Google Home, how do you use Google Home device to work? I had read that even to bring this type of devices online, you need to set them up via an app on phone to push WiFi configuration like SSID name and PSK and then all command and control and updates etc need to be done thru the phone app. If that is correct (and I hope that is not the case), then you do need to have connectivity from at least your phone to such devices.

 

Maybe it is the Bluetooth that is needed to control such devices from phone and not the Wi-Fi.

 

Merry Christmas and happy new year.

  0  
  0  
#2
Options