Trouble setting up ACL rules to allow communication across VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Trouble setting up ACL rules to allow communication across VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Trouble setting up ACL rules to allow communication across VLANs
Trouble setting up ACL rules to allow communication across VLANs
2023-09-15 19:10:36
Tags: #ACL
Hardware Version: V5
Firmware Version:

I'm trying to isolate my IoT VLAN from my main VLAN while allowing connections between my IoT devices and home assistant. Home assistant is on my main VLAN. Each VLAN has a wireless network associated with it.

First I set up an ACL rule in the Omada controller to block the IoT VLAN from connecting to devices on the main VLAN.

 

  • Type: Gateway
  • Direction: LAN -> LAN
  • Policy: Deny
  • Protocols: All
  • Source: Network; IoT
  • Destination: Network; Main

 

This works fine. Now I want to allow devices on the VLAN to be able to communicate with home assistant, which is on my main VLAN. I can't manage to figure out how to allow this to happen. I connected my laptop to the IoT VLAN and tried to ping the Home Assistant IP. None of the rules I set up make it work.

I tried setting up EAP rule:

  • Type: EAP
  • Policy: Permit
  • Protocols: All
  • Source: Network; IOT
  • Destination: IP Group; Home Assistant

 

I tried switch rules (even though I'm not using a managed switch) with the same settings as above. I tried to bind it to all ports, to the IoT VLAN, and to the main VLAN. None of that worked.

 

I would think that the place to set this up would be as a gateway ACL rule with the direction being LAN -> LAN, but there is no option to choose specific IP groups here. The only gateway rules that let me choose IP groups are WAN -> LAN and WAN In, and neither of those work either.

 

Any advice? I can't figure out what I'm doing wrong.

  0      
  0      
#1
Options
2 Reply
Re:Trouble setting up ACL rules to allow communication across VLANs
2023-09-16 04:36:47

  @tokun 

 

If you have blocked with router ACL, you cannot override this with Switch or EAP ACL., unfortunately you can only close everything and not open anything with ip or port group, on router ACL, so this function is not finished. I thought for a while that it was a bug but it turned out not to be.

 

  0  
  0  
#2
Options
Re:Trouble setting up ACL rules to allow communication across VLANs
2023-09-16 08:16:08

You might be able to apply both rules at EAP level in this instance. 

  0  
  0  
#3
Options