Hi @Diego787 

Thanks for posting in our business forum.

Don't understand your question at all.

Diego787 wrote

Hello All, I have set up IP-MAC binding in my network. I have 4 VLANs for home use, and separate VLAN for guest network. 

IP MAC binding has been working fine in my network, when adding the vlan for guest network I made sure this is bot selected in the IP MAC binding configuration, still guest network does not work. Users cannot even access portal page if IP MAC binding is enabled even with guest vlan excluded from the configuration. How can I resolve this?

 

I need guest network working with simple password portal authentication while the rest of the network is protected with IP MAC binding. Thanks.

What does it mean?

Guest should be accessing the portal but it is based on it has an IP address and it is allowed to access the local network.

IP-MAC binding would allow the matching client to use the network. If this fails prior to the portal auth, that's normal to see you have no successful access to the portal page. Because L2 and L3 have failed it. Of course, you don't have any internal or external access.

Hi @Diego787 

Thanks for posting in our business forum.

Diego787 wrote

Hello  @Clive_A,

 

I would like to have IP MAC binding enabled in my network. But this is impacting guest users. I cannot configure IP MAC binding for guest users because I don't know all the MAC address for future guests. 

 

How can I configure this in Omada Controller so IP MAC binding is in force in my other VLANs but not in the guest network VLAN. 

 

Thanks

Diego

You have specified the interface, right?

What's the behavior on your guest VLAN interface clients? Do they get an IP address?

Hi @Diego787 

Thanks for posting in our business forum.

Diego787 wrote

  @Clive_A 

 

This is my current configuration IP-MAC Binding config:

 

 

 

With this configuration, if the client is not autheticated yet in the Portal, they will connect to the guest Wifi, they will get a message saying that there is no internet on this network and they will never be redierected to the Portal. If the guest was previously autheticated in the Portal, they will not pick any IP address.

 

However if I disabled "Permit the packets matching the IP-MAC Binding entries only" option, Autheticated guest client will get their IP address assigned on their corresponding subnet and non-autheticated guests will be automatically redirected to the Portal.

 

By the way, my setup is:

Omada Controller 5.13.30.8 (linux container) and the following devices/firmware versions:

 

Router	ER605 v2.0	2.2.6
Switch 1	TL-SG2008P v1.0	1.0.9
Switch 2	TL-SG2008P v1.0	1.0.9
Switch 3	SG2210P v5.20	5.20.1
EAP 1	EAP653(EU) v1.0	1.0.14
EAP 2	EAP653(EU) v1.0	1.0.14
EAP 3	EAP225-Outdoor(EU) v1.0	5.1.6

 

 

 

Guest wireless config:

 

 

 

 

VLAN Config:

 

 

 

 

OK. I got something different from your results.
First, put out the facts and conclusion, that this is not a problem with the system.

The guest VLAN that I used in this situation is not included in the IP-MAC binding. So, it should not be effective.

Portal enabled. Voucher for the whole VLAN interface.

Cellphone can join the network and see the portal. Pops up automatically. They also get an IP address.