Business Community > WiFi > EAP 660 HD + ACL issue
< WiFi

EAP 660 HD + ACL issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP 660 HD + ACL issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP 660 HD + ACL issue
EAP 660 HD + ACL issue
2023-01-31 16:30:00
Model: EAP660 HD  
Hardware Version: V1
Firmware Version: 1.0.1 Build 20200724 Rel. 57531(4555)

Hello,

 

I've created two differents SSID on my EAP 660 HD. One for the employees (10.13.1.0/24) and another for the guests (10.13.3.0/24). The guest SSID has not the "guest" option enable.

 

The port where the EAP is connected is in the vlan 1601 (default) and the port is also tagged with VLAN 1603 (guest).

 

on the EAP interface, we configured the guest SSID in VLAN 1603.

 


 In the guest VLAN, people should only be able to surf the web. In order to do that, we created an ACL on our router (where there's the vlan interfaces).

When the ACL is active, people can't get an IP from the guest SSID. As soon as we turn the ACL off, everything works (but inter vlan routing is possible).

 

We ran some test on another wifi access point (DLINK) connected to a port in vlan 1603, znd the ACL works fine.

 

We don't know what we're doing wrong. Why is the ACL not working when using the EAP 660 HD?

 

Any advices or tips whould be welcome.

 

Regards,

 

David.




 

 

 

  0      
 
  0      
 
#1
Options
4 Reply
Re:EAP 660 HD + ACL issue
2023-02-01 07:42:41

  @Kalagan 

 

It will need to check all ACL settings and VLAN settings...

 

But a simple solution is just to enable guest network on the EAP, so it can block access to your main network but allow Internet access.

 

  0  
  0  
#2
Options
Re:EAP 660 HD + ACL issue
2023-02-01 07:51:27

  @Kalagan 

It will need to check all ACL settings and VLAN settings...

 

But a simple solution is just to enable guest network on the EAP, so it can block access to your main network but allow Internet access.

  0  
  0  
#3
Options
Re:EAP 660 HD + ACL issue
2023-02-01 07:54:33

Hi thank for your answer.

Actually, it is a little bit more complicated than that. We're using a device called NovoConnect to allow people to broadcast their screen during meetings or participe in visio conferences.

This device is wired to the network (with a cable) in the employee VLAN and is also connected to the EAP on the guest network.

it seems that if we enable "guest network" on the EAP, you can't even ping/join devices on the same subnet. Only the internet access is working. So guest won't be allow to use the NovoConnect to broadcast their screen.

  0  
  0  
#5
Options
Re:EAP 660 HD + ACL issue
2023-02-06 00:39:41

  @Kalagan 

We had a similar issue at our office with wanting guests to be able to cast their screens to conference room TVs but keep them off the main LAN. The best solution for us was to use casting hardware that doesn't connect to a network, but uses it's own Bluetooth-like signal to connect wirelessly. Microsoft Display Adapter and Apple TVs did the trick for us. 

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 536

Replies: 11

Related Articles
EAD 660 HD firmware update issue (file invalid)
506 0
EAP 660 isolated no reason
609 0
 EAP 660 HD -- First Business Class Wifi-6 EAP is HERE!
1080 1
 EAP 660 HD OFDMA + Mesh auto disconnect and cannot adopt
804 0
 EAP 660 and EAP 620 - Mesh Network
1101 0
 Adopt eap 660 in mesh mode
839 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.