@Baseng 

you cannot stop a client from accessing the gateway web ui. but i remember that ap can set up the so-called 'access control' where you block device from accessing the web ui. only admin can do that.

brought up before by someone. i remember. 

i don't know what to say. if you cannot access the gateway ip. how would it be posssible to access the internet? gateway is accessible, that somehow explains this issue you see. from the perspective of the networking, gateway should be accessible by ping. just block the network web ui. maybe you do something like acl to block visit gateway ip by http or https for your guest network?? a workaround? 

  @Baseng 

OK. I just did a simple test by creating the ip-port acl. blocking port 80 and 443, because the gateway is still using both for access.

default lan 10.0.0.1/24

create a vlan for test 172.168.1.1/24 and i set up the acl and i can block the access from client to the gateway web ui and i can still get internet. 

>switch acl > type ip-port > src any network; dst ip-port group of following entry:

ip-port group=172.168.1.1/32 port 80 port 443. nothing else need to be configured. 

ok. it works immediately. i cannot telnet into 172.168.1.1 80 or 443 anymore. 

  @Baseng 

Baseng wrote

  @Tedd404 

 

Thanks for your help! But can you post an screenshot of that config?

We can't follow your description.

  @Baseng 

yep. same thing. http 80 https 443, so two rules should make the same thing. 

you can also use the ip/subnet. 32 refers to a single ip address which means it's one and only. so, you can use 10.0.0.1/32 as well. anyway it works the same way, just blocking 80 and 443 so that nobody can access the gateway web ui but still can get internet.