EAP doesn't enforce ACLs

EAP doesn't enforce ACLs

EAP doesn't enforce ACLs
EAP doesn't enforce ACLs
2023-12-30 21:45:45
Model: EAP615-Wall  
Hardware Version: V1
Firmware Version: 1.1.6

I have an EAP615-Wall using Omada and I want to add an ACL to deny wifi client Phone1 from connecting to wifi client Phone2 on port 8111. Other connections are permitted.

 

So I make an EAP ACL to deny source Phone1 and destination Phone2 port 8111.

 

This doesn't work. The connection is actually permitted. I suspect the problem is this issue and that "doesn't work" is expected behavior.

 

Is there a work-around?

 

"Guest network" isn't useful since I want to allow other connections. My best thought is to put Phone1 and Phone2 on different VLANs and route all the permitted connections but that's both inefficient and cumbersome.

 

  0      
  0      
#1
Options
3 Reply
Re:EAP doesn't enforce ACLs
2024-01-02 08:51:36

  @runner89 

 

Yes, "the design is such that for different devices under the same SSID, the data exchange between them will be forwarded directly by the AP, so it will not be affected by functions such as portal and ACL at this time. " - From the support.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:EAP doesn't enforce ACLs
2024-01-02 15:26:39

  @Virgo yup, and so my question... Is there a workaround so I can apply ACLs to data exchanged between two clients on the same EAP?

 

Is it impossible to manage such traffic? Is what I suggested the best there is?

 

  0  
  0  
#3
Options
Re:EAP doesn't enforce ACLs
2024-01-10 19:02:00

For others, I upgraded to firmware v1.2.3 and that didn't fix the issue. I put the two clients on different VLANs, forcing packets to cross the switches which implement ACLs properly.

 

Not a great solution but it's the best I could think of.

 

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 202

Replies: 3

Related Articles