Omada blocks both ways when denying EAP unidirectional traffic

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada blocks both ways when denying EAP unidirectional traffic

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada blocks both ways when denying EAP unidirectional traffic
Omada blocks both ways when denying EAP unidirectional traffic
2024-06-15 04:31:10 - last edited 2024-06-17 07:32:36
Hardware Version: V5
Firmware Version:

I am on the topology below trying to configure a unidirectional ACL rule. However it forces me to a bi-directional deny. The answer on other post mentions it should work with tp-link router, assuming it is statefull. But it doesn't work with ER605 router as in the topology below.

  • iot-vlan
  • internal-vlan
  • default-vlan

 

Configuration:

 

Expected behavior:

  • iot-vlan cannot ping internal-vlan or default-vlan
  • internal-vlan and default-vlan can ping iot-vlan

 

Observed behavior:

  • iot-vlan cannot ping internal-vlan or default-vlan
  • internal-vlan and default-vlan cannot ping iot-vlan

 

Extra info:

ER605 - hardware v2.0, firmware v2.2.5

EAP610(2x) - hardware v2.0(U.S.), firmware 1.1.7

 

Obs:

I'm 90% sure it was working correctly before updating from 2.2.3(ER606). It may also be because the main AP was marked as type `Gateway` (whatever this may be). I should test this config later and let you know as well.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Omada blocks both ways when denying EAP unidirectional traffic-Solution
2024-06-15 05:02:17 - last edited 2024-06-17 07:32:36

Edit: Solution found - making a gateway ACL LAN-LAN works just fine.

 

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Omada blocks both ways when denying EAP unidirectional traffic-Solution
2024-06-15 05:02:17 - last edited 2024-06-17 07:32:36

Edit: Solution found - making a gateway ACL LAN-LAN works just fine.

 

Recommended Solution
  1  
  1  
#2
Options