Open Ports from a VLAN to Internet
Hi community!
I defined some VLANs on my ER605. Internet access from VLAN20 (it holds my Marantz Audiosystem) is working well, but need to open some ports for proper communication with Tunein and Spotify.
my bypass currently is that I grant access defined IP adresses from VLAN20 to VLAN10 (default VLAN).
Configuration:
ER605 V2 2.2.6 (VLAN10, VLAN20)
EAP653 V1.0 1.1.0
any suggestions?
Herwig
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @wickie
Thanks for posting in our business forum.
Not sure what you are after. If this is LAN to LAN access, in standalone mode you are provided with the ACL. Controller mode and its ACL does not offer that granular ACL.
If this is about the port forwarding, see this guide where it contains the configuration steps:
Virtual Services(Port Forwarding) on the Router Doesn't Take Effect
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
you are right. my description is poor. lets have a new try.
I am using the TP-Link equipment in controller mode. In former configuration all clients were in VLAN10 which is the Default LAN.
Internet Access was fine including the Sorround System.
Now I separated specific clients from die standard network in my case the Surround System (Receiver, Subwoofer, 2 Speakers)
into VLAN20 (Advanced Settings in edit Wireless Network) and gave them dedicated IP addresses via DHCP Reservation. So far so good.
Following the description of the Surround system I did set up mDNS/Bonjour and IGMP.
Also Ports 443 and 80 have to be open to the internet. From VLAN20 they are probably closed, I guess.
In this situation my surround system does not work.
To double check this, I build an EAP ACL rule, which allows these dedicated IP addresses mentioned above to access VLAN10.
and now it is working well.
So how I can open ports 443 and 80 from the WAN interface to VLAN20?
Wickie
- Copy Link
- Report Inappropriate Content
Hi @wickie
Thanks for posting in our business forum.
wickie wrote
Hi @Clive_A
you are right. my description is poor. lets have a new try.
I am using the TP-Link equipment in controller mode. In former configuration all clients were in VLAN10 which is the Default LAN.
Internet Access was fine including the Sorround System.
Now I separated specific clients from die standard network in my case the Surround System (Receiver, Subwoofer, 2 Speakers)
into VLAN20 (Advanced Settings in edit Wireless Network) and gave them dedicated IP addresses via DHCP Reservation. So far so good.
Following the description of the Surround system I did set up mDNS/Bonjour and IGMP.
Also Ports 443 and 80 have to be open to the internet. From VLAN20 they are probably closed, I guess.
In this situation my surround system does not work.
To double check this, I build an EAP ACL rule, which allows these dedicated IP addresses mentioned above to access VLAN10.
and now it is working well.
So how I can open ports 443 and 80 from the WAN interface to VLAN20?
Wickie
80 and 443 can only be used once on your WAN.
Which in short means you can only port forward it once and it would only match one local service.
And some ISPs do not open 80 and 443 for you unless you pay an extra fee or register on their end.
I am not sure if this happens to your ISP. But you should try to test with a different external port number to verify if you can port forward it correctly.
Port forward is a simple setting on the router. Whether it works or not, can vary based on the environment.
mDNS is local LAN discovery. IGMP does not matter too much as I recall Spotify does not require that.
Inter-VLAN ACL does not stop the port forward. Port forwarding is LAN-WAN direction.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 88
Replies: 3
Voters 0
No one has voted for it yet.