Business Community > All Threads > LAN port isolation on ER707-M2
< All Threads

LAN port isolation on ER707-M2

LAN port isolation on ER707-M2

LAN port isolation on ER707-M2
LAN port isolation on ER707-M2
2024-08-09 19:36:20 - last edited 2024-08-29 01:35:19
Tags: #VLAN & Multi-Networks #Gateway ACL #Network Connectivity
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.2

 

I have an ER707-M2 for firewall/gateway with PORT1 (WAN) and PORT2(LAN), PORT3(AP). I am using PORT3 as guest wifi access point. I want to isolate PORT3 from the main LAN on PORT2 but retain internet access via the router for PORT3. How do I configure this?

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:LAN port isolation on ER707-M2-Solution
2024-08-11 14:18:06 - last edited 2024-08-29 01:35:04

  @JamesLu 

 

This seems to be the solution except you can't block all access to the router (aka Me), so I just blocked HTTP.

 

https://www.tp-link.com/ca/support/faq/4025/

 

Recommended Solution
  0  
  0  
#7
Options
8 Reply
Re:LAN port isolation on ER707-M2
2024-08-10 07:57:22 - last edited 2024-08-10 08:05:38

  @JamesLu 

 

you can only do it on a vlan switch. on router you cannot remove LAN or vlan1 on a port.

 

on router all ports are untagged with vlan1.
the only thing you can do is change pvid on a port, you do that on router property and port.

 

but why do you use a separate access point for guests, can't you use vlan and give the guests access to the ordinary access points?

 

 

  0  
  0  
#2
Options
Re:LAN port isolation on ER707-M2
2024-08-10 14:35:07

  @MR.S Is there a good general reference on the VLAN behavior, tags, etc. other than the user guide?

  0  
  0  
#3
Options
Re:LAN port isolation on ER707-M2
2024-08-10 14:41:29

  @JamesLu 

 

https://community.tp-link.com/en/business/forum/topic/682406

  0  
  0  
#4
Options
Re:LAN port isolation on ER707-M2
2024-08-10 14:44:41
thank you.
  0  
  0  
#5
Options
Re:LAN port isolation on ER707-M2
2024-08-11 03:17:24 - last edited 2024-08-11 03:18:01

  @MR.S 

 

I created a second LAN and associated VLAN for the port connected to my guest network wifi AP, seems to work, but the new LAN still can access the original LAN. Any way to isolate the two?

  0  
  0  
#6
Options
Re:LAN port isolation on ER707-M2-Solution
2024-08-11 14:18:06 - last edited 2024-08-29 01:35:04

  @JamesLu 

 

This seems to be the solution except you can't block all access to the router (aka Me), so I just blocked HTTP.

 

https://www.tp-link.com/ca/support/faq/4025/

 

Recommended Solution
  0  
  0  
#7
Options
Re:LAN port isolation on ER707-M2
2024-08-28 14:59:18

  @JamesLu 

In the Firewall - Access Control section, create a policy that blocks the direction LAN_NEW->LAN_ORIGINAL where the source network is LAN_NEW and the destination network is LAN_ORIGINAL
This way you will have internet but you will not be able to access the equipment on your original network through that Wi-Fi, but you will be able to access that AP from your original network. You can block both directions if you want. I hope it helps you.
  0  
  0  
#8
Options
Re:LAN port isolation on ER707-M2
2024-08-28 15:17:54

  @David11 I ended up with blocking LAN->LAN with source AP destination !AP type ANY, and LAN->LAN with source AP destination Me type HTTP.

  0  
  0  
#9
Options

Information

Helpful: 0

Views: 370

Replies: 8

Tags

VLAN & Multi-Networks Gateway ACL Network Connectivity
Related Articles
ER707-M2 -> Internet Wan Off-line. (HW-upgrade from ER605-V2 to ER707-M2)
1090 0
Disable LAN ports on ER707-M2
594 0
Er707-m2 CityFibre
1975 0
ER707-M2 Question
640 0
ER707-M2 now with IPv6 Firewall?
643 0
Internet down after upgrading ER707-M2 (v1) to version 1.2.0
1679 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.