Multiple SSID, same subnet, one without internet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Multiple SSID, same subnet, one without internet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Multiple SSID, same subnet, one without internet
Multiple SSID, same subnet, one without internet
2023-05-08 07:10:48
Model: EAP650  
Hardware Version:
Firmware Version: last

I have 5 AP installed in a factory, I need to configure 2 SSID on the same subnet (both must see the server), but on one of them I must block internet acces

 

Can you help me, please?

 

I also have a controller, OC300, and, if needed, a router EAP605.

 

Thanks

  0      
  0      
#1
Options
2 Reply
Re:Multiple SSID, same subnet, one without internet
2023-05-08 09:43:50

  @DaveCUD 

 

I have blocked port 80, 8080, 443 and 22 but mobile continue to have access to internet!

  0  
  0  
#2
Options
Re:Multiple SSID, same subnet, one without internet
2023-05-08 15:55:07

  @DaveCUD 

 

Hi Dave, need to explore a bit more what you are trying to do here.  It can't be done out of the box, but there are some workarounds that might help.

 

My first question is around broadcast domain (L2) and pertains to the need to have two groups of devices share the same subnet, but have different gateway behaviour.  Do both groups of devices need to interact with servers at layer 2, or if they are layer 3 (routable) is that sufficient?

 

Omada has the concept of a LAN (internal subnet) each with their own VLAN ID.  These IP ranges cannot overlap.

Omada has the concept of wireless SSIDs which are mapped to a VLAN ID.  So you can have multiple SSIDs attached to the same subnet.

 

The problem is that you only get one DHCP server per subnet.

 

I see at least two options, the easiest by far is to create two subnets A and B, assign them respectively to SSIDs wA and wB.  Apply routing policy to block devices on subnet B from reaching the internet, but allow them to route to subnet A.  As long as you don't need broadast or multicast between clients and servers across subnets A and B you should be fine (ie unicast traffic will route just fine, and routable is the default).

 

The alternative is to assign both wA and wB to the same subnet, let's say A.  Use DHCP Reservations to block the smaller group of users into an IP range that you can then apply a routing policy to either allow/prevent that subset of users from gaining internet access.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#3
Options