How do I isolated a wired device that can be connected at any point of the network
I want to be able to isolate a device that has a wired connection to my Network. Would like to use VLANs but I can't restrict the ports to which I will connect the device.
I've tried using an ACL but I can't seem to set up a rule to restrict via a MAC Group. Is there any other way to isolate the device.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@RADEB Thanks for everyone's responses. In the end I had to purchase a easy smart switch (SG105E V5) and use that to set up a Tagged VLAN for the device I wanted to isolated. I then used the ACL in the ER605 to control and isolate access to that device as it was on separate VLAN.
- Copy Link
- Report Inappropriate Content
Hi, dude, have you seen this?
Essence Posts Summary — Omada Configuration Videos (VPN, VLAN, ACL-Related)
- Copy Link
- Report Inappropriate Content
Thank you for your post. Unfortunately, all the solutions mentioned involved setting up VLAN on a port basis or use the wireless guest function. This does not help me as I need to isolate a wired device that can connect anywhere on the network and not on a specific VLAN on a particular port.
- Copy Link
- Report Inappropriate Content
You can set the ACL based on the IP address, but you need to bind the IP address to the wired devices' Mac address like IP-Mac binding.
- Copy Link
- Report Inappropriate Content
Thank for this. I tried but on the ER605, you can't set an ACL based on an IP Group or MAC Group.
- Copy Link
- Report Inappropriate Content
You can actually set up an ACL using IP Groups. At least on Switch ACLs.
You could also set up an interface that is bound to all possible locations the wired device might connect to, bind an IP address to the device in the interface and create ACL's using that interface. That way you can isolate the device. I'm using IP Groups, Networks and IP Port Groups in all of my ACL's without any problem. Restricting access from wifi to wired for example but allowing the DNS-port to connect my PiHole to my wifi as well.
- Copy Link
- Report Inappropriate Content
@RADEB Thanks for everyone's responses. In the end I had to purchase a easy smart switch (SG105E V5) and use that to set up a Tagged VLAN for the device I wanted to isolated. I then used the ACL in the ER605 to control and isolate access to that device as it was on separate VLAN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1173
Replies: 6
Voters 0
No one has voted for it yet.