Omada blocks both ways when denying EAP unidirectional traffic
I am on the topology below trying to configure a unidirectional ACL rule. However it forces me to a bi-directional deny. The answer on other post mentions it should work with tp-link router, assuming it is statefull. But it doesn't work with ER605 router as in the topology below.
- iot-vlan
- internal-vlan
- default-vlan
Configuration:
Expected behavior:
- iot-vlan cannot ping internal-vlan or default-vlan
- internal-vlan and default-vlan can ping iot-vlan
Observed behavior:
- iot-vlan cannot ping internal-vlan or default-vlan
- internal-vlan and default-vlan cannot ping iot-vlan
Extra info:
ER605 - hardware v2.0, firmware v2.2.5
EAP610(2x) - hardware v2.0(U.S.), firmware 1.1.7
Obs:
I'm 90% sure it was working correctly before updating from 2.2.3(ER606). It may also be because the main AP was marked as type `Gateway` (whatever this may be). I should test this config later and let you know as well.