ACL Confusion
Finished setting up new Omada network but confused on setting up ACLs to block video cameras on POE VLAN from Secure network. My NVR sites in the secure network as it has storage that is private as well. I know I can setup a switch ACL to Deny all traffic from the POE VLAN to the Secure LAN. But how do I block all traffic, but whitelist the server IP in the Secure Lan? Do you add another ACL after the first one - do they work in precedent order?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
With the gateway ACL, you can only block everything or open everything up. it is not possible to open any ports to a printer, e.g. You can do it with switch ACL, but it is not stateful and for mee is only an emergency solution that not work optimal for ACL between VLAN
I hope TP-Link comes up with an updated version of the router ACL soon because as it is now, it's not good enough.
since the switch ACL is not statefull, you must first block the VLAN, then you create a rule that lies above the block in the list which is bidirectional.
then you can, for example, open port 9100 to a printer, but the port opening must go both ways.
- Copy Link
- Report Inappropriate Content
First, you can try creating a rule to allow your NVR to access the cameras. You can make it bi-directional. Then you can set the second rule to deny your POE VLAN access to the secure network. You can also set it as bi-directional. It will take effect according to the order. This means that the smaller the order ID, the higher the priority.
- Copy Link
- Report Inappropriate Content
Does the switch ACL only work if you have a switch in the Omada environment? If I only have a ER7206 and an EAP610, then switch ACL's won't work for me?
- Copy Link
- Report Inappropriate Content
Yes, a switch that is controlled by the Omada Controller will employ the Switch ACL configuration.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 528
Replies: 4
Voters 0
No one has voted for it yet.