ACLs in OC200 for ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACLs in OC200 for ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ACLs in OC200 for ER605
ACLs in OC200 for ER605
2022-11-07 19:30:52
Model: OC200  
Hardware Version:
Firmware Version:

Hi,

i have an OC200 wich controlls a ER605 VPN Router. I created four VLANs, eg to sperate my Home-PC Network from my Homelab. Not all devices are connected to the ER605 directly. Some are wired through a TL-SG108E switch, which also helps to seperate the VLANs. 


Before i used the OC200 i created some Firewall ACL Rules in the ER605 to deny communication between the differend VLANs and only permitted to access some services. 
But how do i configure this in the OC200? The Network Security > ACL > Gateway ACL Rules work as expected when i blocked a AWS EC2 IP for testing. But how do i deny communication inside my network and between my VLANs. Neighter the Switch ACL configuration seem to be applyed when blocking access between whole networks, nor the EAP ACL had any effect.

 

My understanding is:

Gateway ACL -> Everything going auto through the WAN Port

Switch ACL -> Everything thought the LAN Ports of the ER605 and inside the wired network

EAP ACL -> Everything going throug External Access Points

 

Can someone tell me what i'm doing wrong or missunderstood?

 

Thank you in advice.

 

PS: This is a simple screenshot of my switch configuration, which i thought should work as expected.

 

  0      
  0      
#1
Options
2 Reply
Re:ACLs in OC200 for ER605
2022-11-07 23:11:53

  @j3nko 

 

Hey

 

To use a switch ACL you will need a switch that is managed by the OC200, in short one that is Omada compatible.   Sadly the TL-SG108E is not an controller managed switch and therefore anything you apply here will not take effect.

 

As you have an ER605 the gateway ACL should work, and if you have an AP the EAP should also work.. as you say this isn't, im guessing you dont have an EAP?

 

 

 

But how do i deny communication inside my network and between my VLANs. Neighter the Switch ACL configuration seem to be applyed when blocking access between whole networks, nor the EAP ACL had any effect.

 

You could likely do this via the Smart Switch controls on the 108E, but sadly as its not managed by the controller this wont be done via the OC200

 

 

  2  
  2  
#2
Options
Re:ACLs in OC200 for ER605
2022-11-08 14:42:29

  @Philbert 

 

Hi Philbert,

 

thank you for your fast reply. Unfortunately I feared that anwser. I had hoped that I would be able to keep the status quo with the OC200 without having to switch everything directly to TP-Link components. 

 

Thank you!

  1  
  1  
#3
Options