Business Community > Gateways > How do I allow access to the customer portal but deny access to the procuctiv LAN?
< Gateways

How do I allow access to the customer portal but deny access to the procuctiv LAN?

How do I allow access to the customer portal but deny access to the procuctiv LAN?

How do I allow access to the customer portal but deny access to the procuctiv LAN?
How do I allow access to the customer portal but deny access to the procuctiv LAN?
Tuesday - last edited Wednesday
Tags: #ACL #Network Connectivity
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.4.2 Build 20240618 Rel.63827

Hello everyone, I have a customer who wants/needs to provide Wi-Fi for customers. Basically, this works, but I have the following problem. When a customer logs into the Wi-Fi, they are redirected to the portal page. However, these are located in the productive LAN (VLAN ID 1), as this is where the Omada controller and gateway are logically located. I had denied access to the LAN via ACL. This works in itself, but then the portal is no longer accessible. What combination of ACLs is necessary to grant access to the LAN except for the portal?

 

W/LAN Customer: 10.0.10.0/22 (VLAN ID: 10)
Productive LAN: 192.168.178.0/24 (VLAN ID:1)

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?-Solution
Wednesday - last edited Wednesday

  @AOIT 

Thank you for your post. After enabling the Guest Network, all clients are unable to reach any private IP addresses. In light of this, you need to configure an EAP ACL to allow clients to access the Omada Controller’s IP. Please first assign a static IP address to the Omada Controller. The following guide explains how to configure an EAP ACL to permit access to a specific IP—please refer to it.

How to allow guest network to access specific device on the main network by configuring EAP ACL?

Recommended Solution
  0  
  0  
#5
Options
5 Reply
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
Wednesday

  @AOIT 

 

If you enable guest on the SSID then you don't need to use ACL, Guest will not have access to anything other than the login portal, you can also enter Pre-Authentication Access to grant access to the portal

 

  0  
  0  
#2
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
Wednesday

  @MR.S Hi, thanks for your reply. The checkbox for guest network is selected. However, it is still possible to access the other network.

  0  
  0  
#3
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
Wednesday

  @AOIT 

 

Have you created any EAP ACLs or other ACLs that can override. And what type of access point do you have?

 

  0  
  0  
#4
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?-Solution
Wednesday - last edited Wednesday

  @AOIT 

Thank you for your post. After enabling the Guest Network, all clients are unable to reach any private IP addresses. In light of this, you need to configure an EAP ACL to allow clients to access the Omada Controller’s IP. Please first assign a static IP address to the Omada Controller. The following guide explains how to configure an EAP ACL to permit access to a specific IP—please refer to it.

How to allow guest network to access specific device on the main network by configuring EAP ACL?

Recommended Solution
  0  
  0  
#5
Options
Re:How do I allow access to the customer portal but deny access to the procuctiv LAN?
Thursday

Thanks for the replies. As soon as I have time again, I will check the configuration and then get back to you.

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 231

Replies: 5

Tags

ACL Network Connectivity
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.