Security's "Access Control" Function only blocks Internet Access for WIRED device

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Security's "Access Control" Function only blocks Internet Access for WIRED device

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Security's "Access Control" Function only blocks Internet Access for WIRED device
Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-04 08:31:34
Model: Archer AX90  
Hardware Version: V1
Firmware Version: 1.1.8 Build 20220321 rel.13967(5553)

I just noticed this behavior. The WIRED device still can access another wired Win10 server's file sharing folders. Only the internet access is blocked.

 

So it does not look like the expected behavior that wired device not listed in White List should be totally blocked from accessing LAN network.

 

If the MAC address filtering settings are set into Broadcom BCM53134 switching IC, this behavior should not happen. :)

 

 

 

 

 

 

  0      
  0      
#1
Options
5 Reply
Re:Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-10 05:43:29

Hello @WayneHu 

 

The Access Control Blacklist blocks all traffic from LAN to the Internet, it will not block the communication between LAN devices. If you need to block the internet access as well as the LAN communication for a specific device, I'm wondering why you connect it to the router, you may just leave it alone and disconnected from the router.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-10 08:04:32 - last edited 2022-05-10 08:04:53

  @Kevin_Z 

 

OK. I got it. This [Access Control] function is not equal to [MAC Filtering]. As a result, any wired & whitelisted wireless devices still can communicate with each other within the LAN. :p

 

The following wording is probably the reason why I got it misunderstood.

 

 

  0  
  0  
#3
Options
Re:Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-11 02:46:34

@WayneHu 

 

From my understanding, the wording should mean local network, maybe "Configure a Whitelist to only allow local communication between the specified devices with others"? How do you think?

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#4
Options
Re:Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-11 06:58:56

  @Kevin_Z 

 

Hi Kevin,

 

From my usage experience with Buffalo / Netgear WiFi routers, the access control often means (wireless) MAC Filtering.

 

With Buffalo AC1750DHP + DD-wrt FW @ router mode, it only provides the first 5G wireless (wl0) and the first 2.4G wireless (wl1) interfaces MAC filtering options separately.

 

With Netgear R7000 + factory FW @ AP mode(the same chipset as above),  its functionality is actually wireless device's MAC filtering only. The traffic sent among the wired ports are NOT blocked at all.

 

On AX90 V1 it is truly MAC address filtering for wireless devices, but obviously not for wired one. According to your suggested wording, it cannot explain why any of wired devices connected to this LAN and NOT listed on the whitelist still can communicate with each other. :p

 

I don't know if it is due to AX90 HW design to result in such behavior. Can you confirm if the following diagram is AX90 V1's chipset connecting topology? If so, it is somewhat more complex to implement wired port's MAC address filtering.

 

ps: In my case, WAN(1G) port is connected to VDSL modem, and LAN(2.5G) port is connected to my server.

 

 

 

 

  0  
  0  
#5
Options
Re:Security's "Access Control" Function only blocks Internet Access for WIRED device
2022-05-11 08:43:14 - last edited 2022-05-29 08:16:35

Now I can confirm this device's topology is like the above diagram instead of the following one because concurrent of two wired 1000BaseT devices to 2.5GBaseT wired one is still at 110 MB/s. One 1000BaseT wired and one 802.11ax to the 2.5GBaseT wire server can reach more than 200 MB/s throughput.

 

 

I think the HW topology is more like this due to the fact that BCM6755 only contains 1 RGMII/SGMII port and 1 GPHY port.

Unless there is 1 additional GPHY chip connected to BCM53134, it does not seem able to provide 2.5GBaseT port while it is still 1Gx2 link between BCM6755 and BCM53134.

 

 

 

  0  
  0  
#6
Options