Business Community > Wireless > Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
< Wireless

Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud

Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud

Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-21 14:52:09 - last edited 2025-04-22 07:30:12
Tags: #ACL #Printer
Model: EAP225  
Hardware Version: V4
Firmware Version: 5.1.0 Build 20220926 Rel. 62456(4341)

Hello everyone!

 

I would like to allow access to a guest printer, which is connected to the guest network, to all other guest computers on the guest network, but I also want guest isolation to stay enabled, because it is a standard security feature that we want to keep for obvious reasons, to avoid a rogue laptop to hack all the other guest devices.

 

Is it possible to whitelist a single IP Address on the guest network so all guest computers can print on the guest printer with guest isolation enabled?

 

I just tried to uncheck the "Guest Network: Enable" checkbox and printing started working immediately. Once I check it, it stops working immediately.

 

Seems like some people made it work with higher end TP-Link APs or by setting up some ACLs. I wonder if it is possible to set it up on EAP225. We do not have a cloud controller, they are all configured individually.

 

We do not mind using the CLI if the GUI doesn't allow it, but we do not know how.

 

Hoping everything is OK, if there's anything else, do not hesitate to ask.

 

Thanks!

Konnan

  0      
 
  0      
 
#1
Options
2 Accepted Solutions
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud-Solution
2025-04-22 12:29:39 - last edited 2025-04-23 12:09:46

  @Konnan 

 

Nope, you can only setup access rules for EAPs when using any form of controller.  Do you not have a spare PC you could install the software controller on? or even buy the small OC200 / 220 ?

 

Alternatively, do you have a managed switch onthe network? this could let you set up switch access rules, so you can turn off guest mode on the wifi and let the switch restrict access ?

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
Recommended Solution
  0  
  0  
#4
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud-Solution
2025-04-23 02:01:53 - last edited 2025-04-23 12:09:04

Hi  @Konnan 

 

Apologies for missing your preference to avoid using the controller.

 

I guess I'd like to have a guest isolation with an exception list or a whitelist, but I guess without a controller, it's not possible.

>>>You're right in your understanding.

 

We recommend following GRL's suggestion:

  1. Install the free controller software temporarily to manage these EAPs
  2. Configure your ACL and guest network settings;
  3. You may then shut down the controller after the config since these config don't require a controller to be running all the time.
Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#6
Options
7 Reply
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-22 07:30:02 - last edited 2025-04-23 12:09:25

Hi  @Konnan 

 

Yes, we can do this. But you need to connect the guest printer to another network, since the guest network has a higher priority than ACL rules.

 

For more config details, you may refer to the following post:

How to allow guest network to access specific device on the main network by configuring EAP ACL?

 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-22 11:59:59

  @Vincent-TP 

 

Hello!

 

Thanks for the quick reply, but I do not know how this was flagged as an accepted solution, because as far as I know, it's not.

 

We are not using an Omada SDN controller, as stated in my previous post, all APs are configured individually. Is there a way to set up something similar directly on the EAP225?

 

Thanks!

Konnan

  0  
  0  
#3
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud-Solution
2025-04-22 12:29:39 - last edited 2025-04-23 12:09:46

  @Konnan 

 

Nope, you can only setup access rules for EAPs when using any form of controller.  Do you not have a spare PC you could install the software controller on? or even buy the small OC200 / 220 ?

 

Alternatively, do you have a managed switch onthe network? this could let you set up switch access rules, so you can turn off guest mode on the wifi and let the switch restrict access ?

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
Recommended Solution
  0  
  0  
#4
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-22 13:06:08

  @GRL 

 

Thank you for the quick reply and for the clear answer!

 

I do have a managed switch. Maybe my understanding is wrong, but wouldn't all devices connected to the same AP be able to communicate with each other even with a managed switch since they all share the same network port on the switch? I understand that devices connected on AP #1 will not be able to reach devices on AP #4 with a managed switch, but on the same AP would the rules block them?

 

I guess I'd like to have a guest isolation with an exception list or a whitelist, but I guess without a controller, it's not possible.

  0  
  0  
#5
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud-Solution
2025-04-23 02:01:53 - last edited 2025-04-23 12:09:04

Hi  @Konnan 

 

Apologies for missing your preference to avoid using the controller.

 

I guess I'd like to have a guest isolation with an exception list or a whitelist, but I guess without a controller, it's not possible.

>>>You're right in your understanding.

 

We recommend following GRL's suggestion:

  1. Install the free controller software temporarily to manage these EAPs
  2. Configure your ACL and guest network settings;
  3. You may then shut down the controller after the config since these config don't require a controller to be running all the time.
Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#6
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-23 12:08:49

  @Vincent-TP 

 

Thank you for the followup!

 

Good idea for the temporary setup.

 

Have a nice day!

  0  
  0  
#7
Options
Re:Allow a guest printer on a Wi-Fi network with Guest isolation enabled - EAP225 without cloud
2025-04-24 02:50:14

  @Konnan 

My great pleasure. 

If you encounter any further problems or have additional questions, feel free to reach out. We're here to help! 😊

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#8
Options

Information

Helpful: 0

Views: 538

Replies: 7

Tags

ACL
Printer
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.