Business Community > WiFi > EAP doesn't enforce ACLs
< WiFi

EAP doesn't enforce ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP doesn't enforce ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP doesn't enforce ACLs
EAP doesn't enforce ACLs
2023-12-30 21:45:45
Tags: #EAP ACL #VLAN & Multi-Networks
Model: EAP615-Wall  
Hardware Version: V1
Firmware Version: 1.1.6

I have an EAP615-Wall using Omada and I want to add an ACL to deny wifi client Phone1 from connecting to wifi client Phone2 on port 8111. Other connections are permitted.

 

So I make an EAP ACL to deny source Phone1 and destination Phone2 port 8111.

 

This doesn't work. The connection is actually permitted. I suspect the problem is this issue and that "doesn't work" is expected behavior.

 

Is there a work-around?

 

"Guest network" isn't useful since I want to allow other connections. My best thought is to put Phone1 and Phone2 on different VLANs and route all the permitted connections but that's both inefficient and cumbersome.

 

  0      
 
  0      
 
#1
Options
3 Reply
Re:EAP doesn't enforce ACLs
2024-01-02 08:51:36

  @runner89 

 

Yes, "the design is such that for different devices under the same SSID, the data exchange between them will be forwarded directly by the AP, so it will not be affected by functions such as portal and ACL at this time. " - From the support.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:EAP doesn't enforce ACLs
2024-01-02 15:26:39

  @Virgo yup, and so my question... Is there a workaround so I can apply ACLs to data exchanged between two clients on the same EAP?

 

Is it impossible to manage such traffic? Is what I suggested the best there is?

 

  0  
  0  
#3
Options
Re:EAP doesn't enforce ACLs
2024-01-10 19:02:00

For others, I upgraded to firmware v1.2.3 and that didn't fix the issue. I put the two clients on different VLANs, forcing packets to cross the switches which implement ACLs properly.

 

Not a great solution but it's the best I could think of.

 

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 371

Replies: 3

Tags

EAP ACL VLAN & Multi-Networks
Related Articles
EAP 615 messing with other EAP units
191 0
EAP 615-Wall: Can it mesh with another EAP?
1999 0
Nest Protect - Do not use Lock to AP
429 0
EAP615: Multiple VLANs on a downstream port?
410 0
 How to enforce DNS proxy?
1117 0
Problems with ACLs
1034 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.