ACL on Omada with EAP245 and ER605
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello,
I'm using the software Omada Controller on a Raspberry Pi with EAP245's and an ER605 Router - all adopted in Omada.
I need to prevent Internet Access for a few devices from 6PM to 8AM. I have tried using ACL to do this but it prevents the entire network from accessing the Internet.
Can someone guide me on how to do this? I think the problem lies in the IP group - it asks for a subnet and I'm not sure what I need to enter here. I would just like to block a few IP's / MAC Addresses.
Thanks.
You have some choices, but let's say you have 3 teenagers you want to get some sleep. You can either corral them into a small block of IP's and then operate on that, or you can add them as individual hosts (either way, you want to have a DHCP reservation for the MAC addresses of those devices or this won't work permanently)
Adding 3 users to a Profile:
or if you statically assigned them IP addresses in the controller in a contiguous block, say 192.168.1.243, 192.168.1.244 and 192.168.1.245 you can treat this block as a small subnet like this:
what this does is apply a filter so that all IP addresses from 192.168.1.240 through 192.168.1.247 are managed at once.
then you simply Apply your newly createrd Profile->Group to your ACL rule.
Now teenagers being teenagers, the very first thing they will do is statically configure their devices to a different unmanaged IP in the same subnet and circumvent all your good work. So what you really want to do is operate on their MAC addresses (unique to the hardware and much harder to change)
Same basic idea but now you add the MACs to the Profile instead of the IPs. You can get the MAC corresponding to the client from the 'Clients' page on your controller.
You have some choices, but let's say you have 3 teenagers you want to get some sleep. You can either corral them into a small block of IP's and then operate on that, or you can add them as individual hosts (either way, you want to have a DHCP reservation for the MAC addresses of those devices or this won't work permanently)
Adding 3 users to a Profile:
or if you statically assigned them IP addresses in the controller in a contiguous block, say 192.168.1.243, 192.168.1.244 and 192.168.1.245 you can treat this block as a small subnet like this:
what this does is apply a filter so that all IP addresses from 192.168.1.240 through 192.168.1.247 are managed at once.
then you simply Apply your newly createrd Profile->Group to your ACL rule.
Now teenagers being teenagers, the very first thing they will do is statically configure their devices to a different unmanaged IP in the same subnet and circumvent all your good work. So what you really want to do is operate on their MAC addresses (unique to the hardware and much harder to change)
Same basic idea but now you add the MACs to the Profile instead of the IPs. You can get the MAC corresponding to the client from the 'Clients' page on your controller.