ER605: IPGroups & LAN>LAN Access Control Rules not possible?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605: IPGroups & LAN>LAN Access Control Rules not possible?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605: IPGroups & LAN>LAN Access Control Rules not possible?
ER605: IPGroups & LAN>LAN Access Control Rules not possible?
2021-12-15 03:28:29
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.1.1

With WiFi already part of the main LAN, I added a second network "OFFICE" to keep things like business NAS separate.

 

I assumed I could create an IPGROUP of my notebook and mobile devices that are on the main LAN WiFi, and allow these to access the OFFICE devices, while blocking other LAN users.

 

However, as far as I can tell, when defining LAN>LAN rules, I can only specify complete networks, not the IPGROUPS - which are only offered when selecting anything other than LAN>LAN.

 

Is there a viable option on the ER605 to permit only specific IPs to access across networks?

 

Thanks

  0      
  0      
#1
Options
4 Reply
Re:ER605: IPGroups & LAN>LAN Access Control Rules not possible?
2021-12-16 08:34:20

Dear @IanRP ,

 

IanRP wrote

With WiFi already part of the main LAN, I added a second network "OFFICE" to keep things like business NAS separate.

I assumed I could create an IPGROUP of my notebook and mobile devices that are on the main LAN WiFi, and allow these to access the OFFICE devices, while blocking other LAN users.

However, as far as I can tell, when defining LAN>LAN rules, I can only specify complete networks, not the IPGROUPS - which are only offered when selecting anything other than LAN>LAN.

Is there a viable option on the ER605 to permit only specific IPs to access across networks?

 

Did you use the router in standalone mode or controller mode?

If you have the controller, do you also have a tplink switch?

 

I guess you set the second VLAN interface on this router, right?

Actually you can use the Access control rule to separate the different VLAN, but can not do that on the specific IPs.

Please refer to this FAQ: https://www.tp-link.com/en/support/faq/3061/

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605: IPGroups & LAN>LAN Access Control Rules not possible?
2021-12-16 09:17:25

@Hank21
 

IPGROUPS would be the obvious, and ideal, mechanism to tailor admin access across the networks, so forbidding it just on the LAN>LAN  makes no sense to me.

 

This is standalone mode. 

 

Does a controller mode setup change this at all ?

 

 

 

 

  0  
  0  
#3
Options
Re:ER605: IPGroups & LAN>LAN Access Control Rules not possible?
2021-12-17 05:31:54

Dear @IanRP ,

 

IanRP wrote

@Hank21
 

IPGROUPS would be the obvious, and ideal, mechanism to tailor admin access across the networks, so forbidding it just on the LAN>LAN  makes no sense to me.

This is standalone mode. 

Does a controller mode setup change this at all ?

 

There is the Switch ACL you can set on the controller to achieve your needs, but you need to have a switch managed by the controller firstly.

 

Best Regards!

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:ER605: IPGroups & LAN>LAN Access Control Rules not possible?
2021-12-19 02:36:25

@Hank21 

 

Oh Right -  so just like the OpenVPN promoted on the box that also requires you to double your investment with a controller because they didn't explain what the little "*" means on the packaging. 

  0  
  0  
#5
Options