When will the Guest Network in the EAP225 be fixed ?
When will the Guest Network in the EAP225 be fixed ?
Based on a simple setup without the Omada Controller with a couple of 2.4 Mhz and 5 Mhz SSIDs and one guest SSID
I want to segment the local network for IOT devices not having acces to the local network.
The Guest Network in the EAP225 V3 2.6.1 is broken as there is no local IP isolation.
1) There is still ping access to other devices within the local networks when connected to the guest SSID
2) Having a guest SSID defined causes the isolation to function after some time on all other SSIDs necessitating a reboot of the EAP225 e.g. when wanting to using chromecast from an Android phone
This has been discussed before in this community, but no action has been taken to fix these bugs.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I have tested the beta firmware and can confirm, that in our setup it is working as expected.
There is no access between SSIDs and locally wired units for units on a guest network SSID.
However, there is access to the gateway router which is hosting a DHCP server and to a local DNS server.
- Copy Link
- Report Inappropriate Content
The clients connected to the Guest Network SSID should also access the internet, so the packets from them should be able to routed to the DHCP Server and DNS.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hello,
When will this version be available for everybody? Is this EAP225 only? Or also for the EAP245?
Thanks.
Regards,
Meetriks
- Copy Link
- Report Inappropriate Content
Now that we have a working SSID + local net isolation in the EAP225 then it should be possible to use it without having a college degree in IT.
What other companies are supporting is not the responsibility of TP-Link, but its own devices should support it easily.
The TP-Link Smart Switch HS100 is a good example.
Till now I have only been using it locally without any cloud account through the Kasa app, BUT as it needs frequent access to an external time server (absolutely no reason for that!) there is a potential route into our local network, which I hoped to close by the EAP225 guest network.
As the guest network prohibits access to local devices, I had to create a cloud account to operate the HS100 by the Kasa app thus creating another pathway for hackers into the unit.
However, the current way of setting the HS100 up on a 'normal' local SSID and then moving it to the guest network SSID is not for the faint hearted.
I believe, that only a few technically advanced customers will be able to do so, and after doing it myself I am not sure I can explain exactly how I managed to do it.
The simple solution seems to be to change the Kasa app, so that the user may change the SSID, that the unit must use for connecting.
So I am looking forward to TP-Link to making their devices easily support IOT guest networks improving the security in the IOT world.
- Copy Link
- Report Inappropriate Content
Now some private subnets cannot be blocked by the guest network, we will fix this in the next firmware.
- Copy Link
- Report Inappropriate Content
I guess that you want to connect the HS100 to the EAP and you want to connect it to the guest SSID. But if you connect it to the guest SSID directly, you cannot manage it because the access is blocked, so you have to connect the HS100 to the host SSID first to configure it and then connect it to guest SSID, yes?
For this, I think you can add an Access Control rule on the AP to allow the HS100.
- Copy Link
- Report Inappropriate Content
Please also fix for eap110 v4. The device is of little use to me without the guest network.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 5573
Replies: 19