I'm trying to isolate my IoT VLAN from my main VLAN while allowing connections between my IoT devices and home assistant. Home assistant is on my main VLAN. Each VLAN has a wireless network associated with it.

First I set up an ACL rule in the Omada controller to block the IoT VLAN from connecting to devices on the main VLAN.

• Type: Gateway
• Direction: LAN -> LAN
• Policy: Deny
• Protocols: All
• Source: Network; IoT
• Destination: Network; Main

This works fine. Now I want to allow devices on the VLAN to be able to communicate with home assistant, which is on my main VLAN. I can't manage to figure out how to allow this to happen. I connected my laptop to the IoT VLAN and tried to ping the Home Assistant IP. None of the rules I set up make it work.

I tried setting up EAP rule:

• Type: EAP
• Policy: Permit
• Protocols: All
• Source: Network; IOT
• Destination: IP Group; Home Assistant

I tried switch rules (even though I'm not using a managed switch) with the same settings as above. I tried to bind it to all ports, to the IoT VLAN, and to the main VLAN. None of that worked.

I would think that the place to set this up would be as a gateway ACL rule with the direction being LAN -> LAN, but there is no option to choose specific IP groups here. The only gateway rules that let me choose IP groups are WAN -> LAN and WAN In, and neither of those work either.

Any advice? I can't figure out what I'm doing wrong.