When will the Guest Network in the EAP225 be fixed ?
When will the Guest Network in the EAP225 be fixed ?
Based on a simple setup without the Omada Controller with a couple of 2.4 Mhz and 5 Mhz SSIDs and one guest SSID
I want to segment the local network for IOT devices not having acces to the local network.
The Guest Network in the EAP225 V3 2.6.1 is broken as there is no local IP isolation.
1) There is still ping access to other devices within the local networks when connected to the guest SSID
2) Having a guest SSID defined causes the isolation to function after some time on all other SSIDs necessitating a reboot of the EAP225 e.g. when wanting to using chromecast from an Android phone
This has been discussed before in this community, but no action has been taken to fix these bugs.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi all,
We have realized this issue and we will fix this bug on the next firmware. You can keep an eye on the official website for more updates.
Because it needs some time to release this firmware, we have made a beta to solve this issue. If any of you meet such an issue, please feel free to contact us.
- Copy Link
- Report Inappropriate Content
@joergent, works for me. But my network is IPv4 only. What setup do you use?
- Copy Link
- Report Inappropriate Content
The Guest Network in the EAP225 V3 2.6.1 is broken as there is no local IP isolation.
This feature also takes effect on my network topology, when you create the SSID, please check the guest network. After the client devices connect to this SSID, these devices cannot communicate with each other and they cannot access the private subnet.
- Copy Link
- Report Inappropriate Content
I am enclosing some screendumps of the setup of the EAP225. I have reduced the configuration to as simple as possible.
My Samsung Galaxy S8 on the iot_nomap SSID can ping my PC on the wired local network (same 10.30.3.0/24 subnet) as well as the TP-link HS100 on another SSID, which I don't think it should be able to.
- Copy Link
- Report Inappropriate Content
@joergent, I'm sorry, but this works for me, too.
Tested with MacBook & Android tablet on EAP225v3 with firmware 2.6.1:
Ping from MacBook (.205) to router(.1), server (.10), Android tablet (.204):
dhcp-205 $ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
dhcp-205 $ ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
Request timeout for icmp_seq 0
^C
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
dhcp-205 $ ping 192.168.1.204
PING 192.168.1.204 (192.168.1.204): 56 data bytes
Request timeout for icmp_seq 0
^C
--- 192.168.1.204 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
dhcp-205 $
- Copy Link
- Report Inappropriate Content
@joergent, the 10.0.0.0/8 IP range indeed reveals an issue:
Router: 10.30.3.1/24
Android: 10.30.3.66/24
MacBook: 10.30.3.216/24
Wireless settings as in last post, »guest_nomap« is the Guest network:
Ping to the router (.1) and Android tablet (.66):
$ ping 10.30.3.1
PING 10.30.3.1 (10.30.3.1): 56 data bytes
64 bytes from 10.30.3.1: icmp_seq=0 ttl=64 time=1.218 ms
^C
--- 10.30.3.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.218/1.218/1.218/0.000 ms
$ ping 10.30.3.66
PING 10.30.3.66 (10.30.3.66): 56 data bytes
64 bytes from 10.30.3.66: icmp_seq=0 ttl=64 time=8.239 ms
^C
--- 10.30.3.66 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.239/8.239/8.239/0.000 ms
$
Only client isolation inside the same virtual wireless interface works, but not blocking private IPs:
$ ping 10.30.3.66
PING 10.30.3.66 (10.30.3.66): 56 data bytes
Request timeout for icmp_seq 0
^C
--- 10.30.3.66 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
$
@forrest, please can you validate this? I can't execute ebtables on my EAP to proof it.
- Copy Link
- Report Inappropriate Content
My Samsung Galaxy S8 on the iot_nomap SSID can ping my PC on the wired local network (same 10.30.3.0/24 subnet) as well as the TP-link HS100 on another SSID, which I don't think it should be able to.
You are right, when we connect the client devices to the SSID, they shouldn't be able to communicate with other client devices. We want to have a test in our lab, can you tell us the network topology? We will try to reproduce the issue in our lab. If it is truly a bug of the firmware, we will fix it as soon as possible. If possible, please upload some screenshots of your SSID settings.
- Copy Link
- Report Inappropriate Content
Wouldn't it be better to send you the configuration file from the unit ?
Please, send an email to bugs(a)jth.net and I'll respond with the config.bin file
- Copy Link
- Report Inappropriate Content
(deleted)
- Copy Link
- Report Inappropriate Content
Sorry, I just found out that my email server rejected your email due to your email specifying the charset of gb2312. Due to a lot of spam in Chinese characters this filter was introduced. The filter has been removed. Anyway I am sending the config.bin file to your email address now
- Copy Link
- Report Inappropriate Content
Hi all,
We have realized this issue and we will fix this bug on the next firmware. You can keep an eye on the official website for more updates.
Because it needs some time to release this firmware, we have made a beta to solve this issue. If any of you meet such an issue, please feel free to contact us.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 5504
Replies: 19