Business Community > Wireless > EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
< Wireless

EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667

EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667

EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
Yesterday

Hi all,

My tuya ACs broadcast every few seconds to 255.255.255.255 using udp port 6667. I have many of these devices essentially congesting the 2.4ghz band.

I have tried to create an IP-Port group and then an EAP ACL rule to block this traffic but no success so far. To begin with, I cannot add an IP subnet like 255.255.255.255 when creating an IP-Port group.
 

Any ideas?

  0      
 
  0      
 
#1
Options
3 Reply
Re:EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
Yesterday - last edited Yesterday

  @Tournas 

 

Only guessing here...  I would create an IP-Port group with the Tuya device subnet and port 6667 and use it as the source in a Deny ACL.  For the destination, I would try IPGroup_Any to see what happens.

 

Side note... Even if you manage to block the broadcast traffic with an ACL, the band congestion will still remain the same as the devices will continue to transmit.

 

1x ER7406 1x OC300 4x SG2008 1x EAP610 3x EAP650-Desktop
  0  
  0  
#2
Options
Re:EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
22 hours ago

  @Tournas 

 

You can also try making an IP-Port-Group with just the port - if you dont add a subnet it applies to 0.0.0.0/0 (any IP) and use that as the source and destination IP_any in a switch ACL, i dont think EAP ACLs can actually block stuff on the broadcast subnet 255.255.255.255 - i have tried to do similar in the past to prevent clients on a particular SSID from getting DHCP on TCP/UDP 67-68, it just would not work at all, i had to use a hacky switch ACL to do it

  0  
  0  
#3
Options
Re:EAP ACL Rule to block Tuya local discovery broadcast on UDP port 6667
15 hours ago - last edited 15 hours ago

  @GRL 

 

At the moment I am doing

source: the whole IoT network and

destination: the ip-port group with the udp ports only

for both the switch acl rule and the eap acl rule.

 

the switch rule seems to work, in the sense that I do not see this broadcast travelling in the rest of the network. The eap side does nothing, and I dont know how a switch rule could help further as the traffic remains in the AP side?

 

i will also try your suggestion

source: the ip ports group

destination; any

but this will presumably block udp 6667 on all my vlans?

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 60

Replies: 3

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.