Trouble setting up ACL rules to allow communication across VLANs
I'm trying to isolate my IoT VLAN from my main VLAN while allowing connections between my IoT devices and home assistant. Home assistant is on my main VLAN. Each VLAN has a wireless network associated with it.
First I set up an ACL rule in the Omada controller to block the IoT VLAN from connecting to devices on the main VLAN.
- Type: Gateway
- Direction: LAN -> LAN
- Policy: Deny
- Protocols: All
- Source: Network; IoT
- Destination: Network; Main
This works fine. Now I want to allow devices on the VLAN to be able to communicate with home assistant, which is on my main VLAN. I can't manage to figure out how to allow this to happen. I connected my laptop to the IoT VLAN and tried to ping the Home Assistant IP. None of the rules I set up make it work.
I tried setting up EAP rule:
- Type: EAP
- Policy: Permit
- Protocols: All
- Source: Network; IOT
- Destination: IP Group; Home Assistant
I tried switch rules (even though I'm not using a managed switch) with the same settings as above. I tried to bind it to all ports, to the IoT VLAN, and to the main VLAN. None of that worked.
I would think that the place to set this up would be as a gateway ACL rule with the direction being LAN -> LAN, but there is no option to choose specific IP groups here. The only gateway rules that let me choose IP groups are WAN -> LAN and WAN In, and neither of those work either.
Any advice? I can't figure out what I'm doing wrong.