TPlink EAP can not access the internal video streaming system

TPlink EAP can not access the internal video streaming system

TPlink EAP can not access the internal video streaming system
TPlink EAP can not access the internal video streaming system
2024-10-21 15:32:50 - last edited 2024-10-22 07:27:30
Model: OC200  
Hardware Version: V1
Firmware Version: 1,24,0 build 20230328 rel,52384

Bell Fiber internet Lan DHCP : 192.168.123.x/24

Bell Lan client -->wan ip: 192.168.123.2-- Meraki MX60 -->Lan ip 192.168.0.x/24 --> Video streaming system 192.168.0.40/24

Bell Fiber modem WIFI client can access video streaming system ip: 192.168.0.40/24

But

 

OC-200 omada controller connected 10 EAP245+ 610.  attached to the same subnet as the Bell fiber modem Lan subnet 192.168.123.0/24

 

All EAP wifi connected clients could not reach the Video streaming system 192.168.0.40/24

 

Why and how we can resolve it.

 

Is it because the Bell modem can not add a static route to it

But why a WiFi client on the bell modem Can reach 192.168.0.40/24

The client also obtains ip: 192.168.123.x/24

 

EAP WiFi client also obtains ip: 192.168.123.x/24

Why EAP clients can not access video streaming system 192.168.0.x/24

Please help

Foster

  0      
  0      
#1
Options
1 Accepted Solution
Re:TPlink EAP can not access the internal video streaming system-Solution
2024-10-22 07:26:21 - last edited 2024-10-22 07:27:30

  @howardhome 

Hi, Meraki MX60 is a router.

EAP wifi clients are connected to the WAN side of the router, while the video stream are connected in the LAN side.

 

Routers are usually configured with firewalls. By default, to prevent unauthorized access to the internal network (LAN) from the external network (WAN), access from the WAN port to the LAN port is blocked. This is a basic security strategy to protect the devices connected to the LAN from potential attacks from the Internet (WAN). For example, most home routers have state - inspection firewalls that examine the state of data packets. For connection requests from the WAN to the LAN, they are judged according to pre - set rules. If there is no explicit permission rule, these requests will be rejected.

In addition, NAT is an important function of routers. It is used to convert the private IP addresses in the LAN to the public IP address of the WAN port, enabling the devices in the LAN to access the Internet. However, NAT is mainly designed for communication from the LAN to the WAN, not the other way around. Accessing the LAN from the WAN goes against the basic design intention of NAT because it would expose the internal network to external risks. For example, in a typical dynamic NAT or Port - Address Translation (PAT) configuration, the router does not automatically allow reverse access from the WAN to the LAN.

 

The easiest solution is: plug the EAP units in the LAN side of the video streams so that they are all in the same LAN 192.168.0.40/24.

 

Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:TPlink EAP can not access the internal video streaming system-Solution
2024-10-22 07:26:21 - last edited 2024-10-22 07:27:30

  @howardhome 

Hi, Meraki MX60 is a router.

EAP wifi clients are connected to the WAN side of the router, while the video stream are connected in the LAN side.

 

Routers are usually configured with firewalls. By default, to prevent unauthorized access to the internal network (LAN) from the external network (WAN), access from the WAN port to the LAN port is blocked. This is a basic security strategy to protect the devices connected to the LAN from potential attacks from the Internet (WAN). For example, most home routers have state - inspection firewalls that examine the state of data packets. For connection requests from the WAN to the LAN, they are judged according to pre - set rules. If there is no explicit permission rule, these requests will be rejected.

In addition, NAT is an important function of routers. It is used to convert the private IP addresses in the LAN to the public IP address of the WAN port, enabling the devices in the LAN to access the Internet. However, NAT is mainly designed for communication from the LAN to the WAN, not the other way around. Accessing the LAN from the WAN goes against the basic design intention of NAT because it would expose the internal network to external risks. For example, in a typical dynamic NAT or Port - Address Translation (PAT) configuration, the router does not automatically allow reverse access from the WAN to the LAN.

 

The easiest solution is: plug the EAP units in the LAN side of the video streams so that they are all in the same LAN 192.168.0.40/24.

 

Recommended Solution
  0  
  0  
#2
Options