LAN port isolation on ER707-M2
I have an ER707-M2 for firewall/gateway with PORT1 (WAN) and PORT2(LAN), PORT3(AP). I am using PORT3 as guest wifi access point. I want to isolate PORT3 from the main LAN on PORT2 but retain internet access via the router for PORT3. How do I configure this?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
This seems to be the solution except you can't block all access to the router (aka Me), so I just blocked HTTP.
https://www.tp-link.com/ca/support/faq/4025/
- Copy Link
- Report Inappropriate Content
you can only do it on a vlan switch. on router you cannot remove LAN or vlan1 on a port.
on router all ports are untagged with vlan1.
the only thing you can do is change pvid on a port, you do that on router property and port.
but why do you use a separate access point for guests, can't you use vlan and give the guests access to the ordinary access points?
- Copy Link
- Report Inappropriate Content
@MR.S Is there a good general reference on the VLAN behavior, tags, etc. other than the user guide?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I created a second LAN and associated VLAN for the port connected to my guest network wifi AP, seems to work, but the new LAN still can access the original LAN. Any way to isolate the two?
- Copy Link
- Report Inappropriate Content
This seems to be the solution except you can't block all access to the router (aka Me), so I just blocked HTTP.
https://www.tp-link.com/ca/support/faq/4025/
- Copy Link
- Report Inappropriate Content
In the Firewall - Access Control section, create a policy that blocks the direction LAN_NEW->LAN_ORIGINAL where the source network is LAN_NEW and the destination network is LAN_ORIGINAL This way you will have internet but you will not be able to access the equipment on your original network through that Wi-Fi, but you will be able to access that AP from your original network. You can block both directions if you want. I hope it helps you.
- Copy Link
- Report Inappropriate Content
@David11 I ended up with blocking LAN->LAN with source AP destination !AP type ANY, and LAN->LAN with source AP destination Me type HTTP.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 370
Replies: 8
Voters 0
No one has voted for it yet.