Guest network with EAP ACL can't connect to VLAN gateway
I setup a guest network as follow:
SSID: guest
subnet 192.168.100.0/24
I enabled "Guest Network" to isolate each wireless clients for security, a captive portal is running at the guest network gateway (192.168.100.1)
so I added an EAP ACL rule:
from SSID: guest
to IP Group 192.168.100.1/32
but it doesn't work, all clients connected can't reach 192.168.100.1 until I disable "Guest Network"
Any hints?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@kkyyww Can you provide screenshot from that EAP ACL rule?
I'm using similar thing and it works fine.
I have policy "Permit" and protocol "UDP, TCP, ICMP".
- Copy Link
- Report Inappropriate Content
I think I found an EAP ACL bug
I created several SSID for my guest network,
guest
pantry
conference room
all actually shared the same VLAN (192.168.100.0/24) , just with different SSID name for different AP locations.
they all shared a same EAP ACL rule to permit 192.168.100.1 ( the VLAN subnet gateway, which run the captive portal as well )
If I create 3 EAP ACL rules and 1:1 map to the 3 different SSID, then the ACL rules work. All SSID can reach 192.168.100.1
If I just create 1 EAP ACL rule and share it with more than 1 SSID, then the ACL rule stop working, all SSID cannot reach 192.168.100.1
Wish TP-Link can fix this bug
- Copy Link
- Report Inappropriate Content
nope. did not reproduce this. it works on three ssids: 1 vlan 1 ssid and 2 vlan 100 ssid(both enabled guest network)
allow
3 ssid > 192.168.100.1/32 ip group.
ping works great.
could be your protocol issue?
controller version?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
one more thing, my controller is at different VLAN and subnet from my guest wifi VLAN
controller IP is 192.168.99.1
guest wifi VLAN 192.168.100.0/24, gateway 192.168.100.1
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1097
Replies: 5
Voters 0
No one has voted for it yet.