Standalone ACL on ER7206 V1 not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Standalone ACL on ER7206 V1 not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Standalone ACL on ER7206 V1 not working
Standalone ACL on ER7206 V1 not working
2023-03-15 05:47:57 - last edited 2023-03-16 05:13:47
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.2.3 Build 20221104 Rel.41500

Following this guide from the Support page.

 

I want to setup VLANs and ACL to stop traffic from VLAN Test (30) to VLAN LAN(1). Mainly to stop VLAN Test to reach the TL-ER7206's admin page.

 

I have VLAN on port 3 for PoE unmanaged switch. I have working IP addresses in VLAN Test.

 

Screenshot of the configurations.

 

---

 

----

----

---

 

---

 

The problem is devices on VLAN 30 `192.168.30.0/24` still can ping the gateway 192.168.20.1 and open up the management page.

 

---

 

Here is the result from my iPhone on WLAN .Private that stays on VLAN 30 at Port 3.

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Standalone ACL on ER7206 V1 not working-Solution
2023-03-16 04:35:13 - last edited 2023-03-16 05:13:47

Hi @YuukiA 

 

1. On your VLAN settings, port 3 in VLAN 1 should change to Tagged, or just remove port 3 from your VLAN1;

 

2. There is a direct routing from VLAN1 to VLAN30 on tyhe router, means if you can reach 192.168.30.1(on VLAN30), then you must can reach 192.168.20.1.

Also you can even open the management page via 192.168.30.1.

 

It's the limitation of the standalone ACL. 

 

If you want to block access to the management page, the simple solution is to use the Omada controller.

 

Recommended Solution
  1  
  1  
#3
Options
2 Reply
Re:Standalone ACL on ER7206 V1 not working
2023-03-15 06:07:06

  @ Hank21

 

Is this a bug? Or did I misconfigure the ACL or VLAN somewhere in ER7206?

  0  
  0  
#2
Options
Re:Standalone ACL on ER7206 V1 not working-Solution
2023-03-16 04:35:13 - last edited 2023-03-16 05:13:47

Hi @YuukiA 

 

1. On your VLAN settings, port 3 in VLAN 1 should change to Tagged, or just remove port 3 from your VLAN1;

 

2. There is a direct routing from VLAN1 to VLAN30 on tyhe router, means if you can reach 192.168.30.1(on VLAN30), then you must can reach 192.168.20.1.

Also you can even open the management page via 192.168.30.1.

 

It's the limitation of the standalone ACL. 

 

If you want to block access to the management page, the simple solution is to use the Omada controller.

 

Recommended Solution
  1  
  1  
#3
Options

Information

Helpful: 0

Views: 353

Replies: 2