Home

Forums

Stories

Knowledge Base

Business Community > Controllers > Isolating one network device

< Controllers

Isolating one network device

Seensent

15 hours ago

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-10-08

Isolating one network device

15 hours ago

Tags: #Controller #VLAN & Multi-Networks

Model: Omada Software Controller (Windows)

Hardware Version:

Firmware Version: 5.15.24.19

Our client has four ER605's (3 are V2 and 1 is V2.20), each is its own site running on a Software Controller in Windows remotely. Each is on its building, own network, own internet.

The client wants to add 1 device to each of the four networks that must be isolated from all the rest only allowing internet access.

The sites have multiple LAN devices, some of which are linked through a different manufacturer's managed switch.

Is there a way we can isolate a single MAC address to communicate only with the internet and not see other devices? Can this be done with 2 devices on the network?

i.e. 30 devices all able to communicate with each other and the internet, another device with only internet access and no other visibility, and another with only internet access and no other visbility?

Thank you in advance

3 Reply

NeilR_M

15 hours ago

Posts: 10

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2025-08-19

Re:Isolating one network device

15 hours ago

@Seensent Sounds like ACLs should meet your needs. Assign a static IP to each of those devices, then set up ACL rules for that specific IP to only communicate with the internet, and deny traffic to other devices in that LAN.

Seensent

LV1

14 hours ago

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-10-08

Re:Isolating one network device

14 hours ago

@NeilR_M Thanks, that is exactly what I had in mind (or MAC address) but I can't find where to do that?

If i go to Settings and ACL (under Network Security) I can only select "Network" as my source type if choosing LAN<->LAN.

GRL

LV4

6 hours ago - last edited 6 hours ago

Posts: 798

Helpful: 326

Solutions: 93

Stories: 0

Registered: 2022-01-02

Re:Isolating one network device

6 hours ago - last edited 6 hours ago

@NeilR_M

This is only achievable with Switch ACLs currently, Gateway ACLs do not yet support IP Groups

If you dont have the ability to add a switch ACL, you can achieve this by creating another VLAN (just for this device), and creating gateway LAN<>LAN ACLs to block it from all other vlans

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300

Isolating one network device

Isolating one network device

Information

Voters 0

Tags