OC200 + EAP660HD guest network with vouchers and management VLAN
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello everyone
I have a question about setting up guest access with vouchers in a secure way.
Here is an overview of how i setup the network components
Router(TL-ER7206 V1 - VLAN1 ) > Switch(TL-SG2428P V1 VLAN1) > OC200 Controller (VLAN 1)
> EAP660 HD (all VLANS on this switch port)
I have setup Switch ACL Rules to prevent communication between all VLANs except for the Guest VLAN(voucher) which can
communicate with VLAN1, else guests wont get the voucher page since they can't contact the controller.
The problem now is that anyone connecting to the guest network can access the configuration pages of the router, all switches and the controller, since
they can communicate with VLAN1.
I tried setting up the management VLAN before, but then i simply lose connection to the controller since its in another VLAN than the router
Any help to secure this setup would be greatly appreciated
Thanks
Hey
I accomplished this by creating a Group and adding the gateway address into the group as shown below, as well as the ports for access
I then created a switch ACL to stop the traffic from certain VLANs (Guest, IOT etc) from connecting to the devices listed in the group
Any help to you?