Wifi guest network on a different vlan for network isolation, ACL problem
Hi
I have recently got a ER707-M2 router and I'm trying to setup guest network with Omada controller and EAP660 AP.
Everything are running with the latest software/firmware.
Software Controller is running in a Synology NAS via Docker.
My guest wifi network is connected to a different vlan from the main network for isolation. This is because the wifi guest feature won't stop peoples connected to the guest network to see devices that are in the same network (can see but can't connect) and also if I have IPv6 enabled, then the "guest" feature wont work at all (can see and can connnect).
Guest Wifi is run with the voucher portal for user authorization.
Everything is fine with the different guest wifi vlan setup expect someone on the guest network can still connected to the devices on the main network if they know the IP address.
Therefor I have setup the ACL rule so the Guest network's vlan is totally ioslated from all other netwroks. (oneway deny to all protocols)
Now I have encountered a problem that when people connected to the guest network, the captive page (the popup page for user to enter the voucher code) wont load due to the Controller is hosted on the main network.
Does anyone know how do I fix this problem? Is it possible to allow access to a specific IP address with port number in ACL?
Thanks in advances.