Business Community > WiFi > How to limit WAN access to a site (multiple sites in the same Controller)
< WiFi

How to limit WAN access to a site (multiple sites in the same Controller)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to limit WAN access to a site (multiple sites in the same Controller)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to limit WAN access to a site (multiple sites in the same Controller)
How to limit WAN access to a site (multiple sites in the same Controller)
2022-07-22 18:33:45
Tags: #Mesh
Model: EAP245  
Hardware Version: V3
Firmware Version: 5.0.3 Build 20210708 Rel. 35014

Hello everyone, I'm having trouble with my configuration on the Omada Controller.

We have two networks:
1. 192.168.0.0/24 (Can go out on the Internet — Users are free to browse — Internet access works on this subnet) 
2. 172.16.0.0/21 (This network is not meant to go out on the Internet, it should be able to frame-switch data between devices without Internet Gateway)

 

In the Controller (Omada), we installed/configured the "Controller", on a computer. It is working completely fine.

However, in the Controller, I cannot find where to "limit/block" WAN access to this "172.16.0.0" network.

 

Note: I will not update/reset the antennas to factory defaults, unless it is the ONLY way to do it.

 

- 2x EAP-245 (172.16.0.0, 172.16.0.0)

- 1x PoE Switch

- One Wireless Device needs to access the 172.16 network but WAN/Internet access must not exist

 

Any help would be greatly appreciated! Thank you very much.

  0      
 
  0      
 
#1
Options
2 Reply
Re:How to limit WAN access to a site (multiple sites in the same Controller)
2022-07-22 21:36:46

  @TLinkers_0 

 

Hey

 

You dont mention that you have a gateway router in your setup, something like an ER605..  If you are not using an omada router, you are likely not using VLANs either?

 

Usually this type of configuration would be done at the gateway, basically block the traffic going out.  As you are not using an Omada router this would not be possible via the controller, you would need to manually configure this on your ISP / current router to block this traffic to internet.

  0  
  0  
#2
Options
Re:How to limit WAN access to a site (multiple sites in the same Controller)
2022-07-23 13:51:14

  @TLinkers_0 

 

If the one user to be blocked isn't a smart or motivated user (ie NOT a teenager), then you could simply break outbound traffic by manually forcing a non-existent default gateway IP via DHCP.   So if 172.16.0.1 is the real gateway.....manually set the DHCP to assign 172.16.0.254 (which doesn't exist).  That limits your traffic to the local subnet.

 

If the user is motivated to circumvent your restrictions (ie something other than an IOT device), then VLANs and policy routes are likely going to be required.

<< Paying it forward, one juicy problem at a time... >>
  2  
  2  
#3
Options

Information

Helpful: 0

Views: 265

Replies: 2

Tags

Mesh
Related Articles
SITE-TO-SITE WAN CONNECTION
276 0
How to unlink a mesh AP
1708 0
3 Sites connect via ipsec site-to-site vpn
97 0
How to disable WAN side access?
1676 0
Multiple Wireguard Site-To-Site / Is it possible?
216 0
2nd Site how to discover without discovery tool
493 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.