Omada blocks both ways when denying EAP unidirectional traffic

Omada blocks both ways when denying EAP unidirectional traffic

Omada blocks both ways when denying EAP unidirectional traffic
Omada blocks both ways when denying EAP unidirectional traffic
2024-06-15 04:31:10 - last edited 2024-06-17 07:32:36
Hardware Version: V5
Firmware Version:

I am on the topology below trying to configure a unidirectional ACL rule. However it forces me to a bi-directional deny. The answer on other post mentions it should work with tp-link router, assuming it is statefull. But it doesn't work with ER605 router as in the topology below.

  • iot-vlan
  • internal-vlan
  • default-vlan

 

Configuration:

 

Expected behavior:

  • iot-vlan cannot ping internal-vlan or default-vlan
  • internal-vlan and default-vlan can ping iot-vlan

 

Observed behavior:

  • iot-vlan cannot ping internal-vlan or default-vlan
  • internal-vlan and default-vlan cannot ping iot-vlan

 

Extra info:

ER605 - hardware v2.0, firmware v2.2.5

EAP610(2x) - hardware v2.0(U.S.), firmware 1.1.7

 

Obs:

I'm 90% sure it was working correctly before updating from 2.2.3(ER606). It may also be because the main AP was marked as type `Gateway` (whatever this may be). I should test this config later and let you know as well.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Omada blocks both ways when denying EAP unidirectional traffic-Solution
2024-06-15 05:02:17 - last edited 2024-06-17 07:32:36

Edit: Solution found - making a gateway ACL LAN-LAN works just fine.

 

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Omada blocks both ways when denying EAP unidirectional traffic-Solution
2024-06-15 05:02:17 - last edited 2024-06-17 07:32:36

Edit: Solution found - making a gateway ACL LAN-LAN works just fine.

 

Recommended Solution
  1  
  1  
#2
Options