Access single LAN device from Guest AND Secure SSIDs

Access single LAN device from Guest AND Secure SSIDs

Access single LAN device from Guest AND Secure SSIDs
Access single LAN device from Guest AND Secure SSIDs
2024-09-06 13:34:23 - last edited 2024-09-10 01:24:57
Model: OC200   SG2008P   EAP653  
Hardware Version: V1
Firmware Version: 1.0.14

I am setting up a new WiFi system in a small community hall. The TP-Link Omada 3x APs and OC200 controller are connected to the POE ports of the SG2008P. The site broadband router was supplied by the ISP and isn't a TP-Link device.

 

We have setup  2x WiFi SSIDs - a hall internal management one with a hidden SSID and password and a Guest one with no security password to connect.

 

One of the community rooms has a wired LAN connection to a Samsung Smart TV screen.

 

As we are at the moment, only the WiFi devices on the internal management SSID can access the TV for presentation screen sharing etc.

 

We need to be able to allow hall users to use the Guest WiFi but still connect to the screen for their meeting use.

 

I am not an advanced network guru and so VLANs and subnets etc do not come easily to me - please be patient!

 

Could someone suggest the simplest way to set things up (if it is possible to do so!) such that users of the Guest SSID can connect to the TV but no other LAN/WLAN devices? Preferably with the secure SSID also being able to use the TV too.

 

If it would make it easier / possible we could make the TV use a WiFi connection although this wouldnt be ideal from a performance / stability point of view.

 

Should the wired TV LAN be connected through the SG200 rather than the ISP Router or doesn't it make any difference?

 

CAn anyone suggest the simplest way to achieve what we are looking for?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Access single LAN device from Guest AND Secure SSIDs-Solution
2024-09-09 09:29:58 - last edited 2024-09-10 01:24:57

Hi  @JohnWD 

 

This can be done by the following config:

1. Configure DHCP reservation for the TV (Settings>services> DHCP reservation);

2. Create an IP group for the TV's IP address (Settings > Profiles > Groups > Create an new IP group > Choose type as IP group, input the IP address for the TV, subnet fill in as 32). Below is an example:

3. Create an EAP ACL for the TV and the guest SSID: (Settings > Network Security > ACL > EAP ACL> Create New Rule);

Policy choose Permit, Protocols choose ALL, source choose the guest SSID, destination choose as the IP group you created in step 2. And apply the config. Below is an example:

 

With above config, it will work as expected.

Recommended Solution
  0  
  0  
#2
Options
3 Reply
Re:Access single LAN device from Guest AND Secure SSIDs-Solution
2024-09-09 09:29:58 - last edited 2024-09-10 01:24:57

Hi  @JohnWD 

 

This can be done by the following config:

1. Configure DHCP reservation for the TV (Settings>services> DHCP reservation);

2. Create an IP group for the TV's IP address (Settings > Profiles > Groups > Create an new IP group > Choose type as IP group, input the IP address for the TV, subnet fill in as 32). Below is an example:

3. Create an EAP ACL for the TV and the guest SSID: (Settings > Network Security > ACL > EAP ACL> Create New Rule);

Policy choose Permit, Protocols choose ALL, source choose the guest SSID, destination choose as the IP group you created in step 2. And apply the config. Below is an example:

 

With above config, it will work as expected.

Recommended Solution
  0  
  0  
#2
Options
Re:Access single LAN device from Guest AND Secure SSIDs
2024-09-09 10:00:11

 

Thanks very much for your very helpful reply.

 

I've put most of that in but need to visit the Hall to power on the TV to get its IP address. 

 

Sounds very promising though!

 

John

 

  0  
  0  
#3
Options
Re:Access single LAN device from Guest AND Secure SSIDs
2024-09-09 12:32:58

  @Vincent-TP thanks again, it is all working as required!

Simple! (When you know how.....)

john

  1  
  1  
#4
Options