Business Community > Gateways > How do I allow access to the customer portal but deny access to the procuctiv LAN?
< Gateways

How do I allow access to the customer portal but deny access to the procuctiv LAN?

How do I allow access to the customer portal but deny access to the procuctiv LAN?

How do I allow access to the customer portal but deny access to the procuctiv LAN?
How do I allow access to the customer portal but deny access to the procuctiv LAN?
2025-09-09 15:25:24 - last edited 2025-09-10 08:01:45
Tags: #ACL #Network Connectivity
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.4.2 Build 20240618 Rel.63827

Hello everyone, I have a customer who wants/needs to provide Wi-Fi for customers. Basically, this works, but I have the following problem. When a customer logs into the Wi-Fi, they are redirected to the portal page. However, these are located in the productive LAN (VLAN ID 1), as this is where the Omada controller and gateway are logically located. I had denied access to the LAN via ACL. This works in itself, but then the portal is no longer accessible. What combination of ACLs is necessary to grant access to the LAN except for the portal?

 

W/LAN Customer: 10.0.10.0/22 (VLAN ID: 10)
Productive LAN: 192.168.178.0/24 (VLAN ID:1)

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?-Solution
2025-09-10 08:01:22 - last edited 11 hours ago

  @AOIT 

Thank you for your post. After enabling the Guest Network, all clients are unable to reach any private IP addresses. In light of this, you need to configure an EAP ACL to allow clients to access the Omada Controller’s IP. Please first assign a static IP address to the Omada Controller. The following guide explains how to configure an EAP ACL to permit access to a specific IP—please refer to it.

How to allow guest network to access specific device on the main network by configuring EAP ACL?

Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
Recommended Solution
  0  
  0  
#5
Options
7 Reply
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
2025-09-10 05:11:01

  @AOIT 

 

If you enable guest on the SSID then you don't need to use ACL, Guest will not have access to anything other than the login portal, you can also enter Pre-Authentication Access to grant access to the portal

 

  0  
  0  
#2
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
2025-09-10 05:59:30

  @MR.S Hi, thanks for your reply. The checkbox for guest network is selected. However, it is still possible to access the other network.

  0  
  0  
#3
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
2025-09-10 06:09:29

  @AOIT 

 

Have you created any EAP ACLs or other ACLs that can override. And what type of access point do you have?

 

  0  
  0  
#4
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?-Solution
2025-09-10 08:01:22 - last edited 11 hours ago

  @AOIT 

Thank you for your post. After enabling the Guest Network, all clients are unable to reach any private IP addresses. In light of this, you need to configure an EAP ACL to allow clients to access the Omada Controller’s IP. Please first assign a static IP address to the Omada Controller. The following guide explains how to configure an EAP ACL to permit access to a specific IP—please refer to it.

How to allow guest network to access specific device on the main network by configuring EAP ACL?

Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
Recommended Solution
  0  
  0  
#5
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
2025-09-11 19:04:26

Thanks for the replies. As soon as I have time again, I will check the configuration and then get back to you.

  0  
  0  
#6
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
Wednesday

  @Ethan-TP Hi Ethan,

 

I finally had time to check the configuration. Unfortunately, this was not possible due to time constraints, which is why my response is late.

Unfortunately, we still have a ‘problem’ here. The fact is that TP-Link no longer uses APs. Only switches and routers are used. In Omada, all devices are therefore always displayed as if they were connected by cable. This is not actually the case, and I don't know exactly what impact this has on the ACLs. 

Currently, the default LAN can still be accessed despite the Wi-Fi guest. I have included a screenshot of the configuration. Unfortunately, I do not know how to prevent this. If I block the entire LAN, the login page for guests will no longer be accessible. Unfortunately, that is not the goal either. 

 

I wanted to read through the link you posted. The problem is that the link no longer works.

 

Screenshots:

 

.

  0  
  0  
#7
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
11 hours ago
The link is working now—please check it again.
Wishing you a joyful life and smooth internet! Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates Omada US Enterprise Beta Program Launch
  0  
  0  
#8
Options

Information

Helpful: 0

Views: 397

Replies: 7

Tags

ACL Network Connectivity
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.