Home

Forums

Stories

Knowledge Base

Business Community > All Threads > ACL Confusion

< All Threads

ACL Confusion

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACL Confusion

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ACL Confusion

Quigs

2024-03-18 19:52:38

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-03-18

ACL Confusion

2024-03-18 19:52:38

Model: OC200

Hardware Version:

Firmware Version:

Finished setting up new Omada network but confused on setting up ACLs to block video cameras on POE VLAN from Secure network. My NVR sites in the secure network as it has storage that is private as well. I know I can setup a switch ACL to Deny all traffic from the POE VLAN to the Secure LAN. But how do I block all traffic, but whitelist the server IP in the Secure Lan? Do you add another ACL after the first one - do they work in precedent order?

4 Reply

MR.S

LV5

2024-03-19 13:28:23 - last edited 2024-03-19 13:33:19

Posts: 2481

Helpful: 896

Solutions: 339

Stories: 0

Registered: 2018-08-17

Re:ACL Confusion

2024-03-19 13:28:23 - last edited 2024-03-19 13:33:19

@Quigs

With the gateway ACL, you can only block everything or open everything up. it is not possible to open any ports to a printer, e.g. You can do it with switch ACL, but it is not stateful and for mee is only an emergency solution that not work optimal for ACL between VLAN
I hope TP-Link comes up with an updated version of the router ACL soon because as it is now, it's not good enough.

since the switch ACL is not statefull, you must first block the VLAN, then you create a rule that lies above the block in the list which is bidirectional.
then you can, for example, open port 9100 to a printer, but the port opening must go both ways.

Hank21

2024-03-20 08:13:23

Posts: 3673

Helpful: 734

Solutions: 496

Stories: 8

Registered: 2021-12-13

Re:ACL Confusion

2024-03-20 08:13:23

@Quigs

First, you can try creating a rule to allow your NVR to access the cameras. You can make it bi-directional. Then you can set the second rule to deny your POE VLAN access to the secure network. You can also set it as bi-directional. It will take effect according to the order. This means that the smaller the order ID, the higher the priority.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

jwadsley

LV1

2024-08-25 22:18:00

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-08-25

Re:ACL Confusion

2024-08-25 22:18:00

Does the switch ACL only work if you have a switch in the Omada environment? If I only have a ER7206 and an EAP610, then switch ACL's won't work for me?

Hank21

2024-08-26 00:52:10

Posts: 3673

Helpful: 734

Solutions: 496

Stories: 8

Registered: 2021-12-13

Re:ACL Confusion

2024-08-26 00:52:10

@jwadsley

Yes, a switch that is controlled by the Omada Controller will employ the Switch ACL configuration.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

Quigs

2024-03-18 19:52:38

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-03-18

Information

Helpful: 0

Replies: 4

ACL Confusion

ACL Confusion

Information

Voters 0

Tags