Inter VLAN Routing and Gateway Management Page
Trying to isolate each VLAN. I've created an ACL Rule which blocks the VLAN from accessing other VLANs. This seems to work. However, if I block a VLAN from accessing the Gateway Management Page it seems to cut those devices on the VLAN from accessing the internet. Although this has been inconsistent. For example, I've blocked a VLAN setup for VOIP from accessing other VLANs and also from the Gateway Management Page and it seems like calls still work. However, if I block the vlans which specific wifi devices are connected to from accessing the Gateway Management Page, then the internet doesn't work for those devices.
I understand when I block intervlan traffic and the Gateway Management Page is on a different VLAN, the rule is redundant. If want to block other devices on the same vlan from accessin the gateway management page, then the internet access ceases.
What then is the purpose of that rule? Isolated traffic from the internet alltogether? an isolated intranet?
Or do I need to block inter vlan traffic and access to the gateway management page for extra security?
I would appreciate any insight on this. Thank you very much.
Setup OC200 Omada Controller is connected via the main LAN to the ER707-M2 V1
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello @Clive_A
It seems like I tested it out, and only if the deny access to gateway management page is with TCP protocol does it work.
If other protocols are used the internet access is disconnected.
Here is a thread where this person figured out a solution and may help others as well:
Management Page Block ACL blocks internet access
https://community.tp-link.com/en/business/forum/topic/642230
Thank you so much.
- Copy Link
- Report Inappropriate Content
Hi @FlameOtter
Thanks for posting in our business forum.
FlameOtter wrote
Thank you so much. This is using the Omada Controller OC200 withv5.13.30.20
Confirmed with the dev that this was a bug and will be fixed in future firmware updates. I have notified them about this matter and its importance.
This was mainly because UDP was selected in the protocols which blocks the DNS query(UDP) and leads to the Internet not being accessible.
- Copy Link
- Report Inappropriate Content
Hi @FlameOtter
Thanks for posting in our business forum.
FlameOtter wrote
Trying to isolate each VLAN. I've created an ACL Rule which blocks the VLAN from accessing other VLANs. This seems to work. However, if I block a VLAN from accessing the Gateway Management Page it seems to cut those devices on the VLAN from accessing the internet.
I don't think this is correct. I've tried and tested it many times it does not affect the Internet connectivity. You should check your ACL or other config. This feature definitely works.
Feel free to create a new VLAN and test this ACL only.
- Copy Link
- Report Inappropriate Content
Hello @Clive_A
It seems like I tested it out, and only if the deny access to gateway management page is with TCP protocol does it work.
If other protocols are used the internet access is disconnected.
Here is a thread where this person figured out a solution and may help others as well:
Management Page Block ACL blocks internet access
https://community.tp-link.com/en/business/forum/topic/642230
Thank you so much.
- Copy Link
- Report Inappropriate Content
Hi @FlameOtter
Thanks for posting in our business forum.
FlameOtter wrote
Hello @Clive_A
It seems like I tested it out, and only if the deny access to gateway management page is with TCP protocol does it work.
If other protocols are used the internet access is disconnected.
Here is a thread where this person figured out a solution and may help others as well:
Management Page Block ACL blocks internet access
https://community.tp-link.com/en/business/forum/topic/642230
Thank you so much.
I double-confirmed this with the test team that even if you select protocols = all, you will still have Internet access. It does not affect the Internet connection which also fits what I remembered about this ACL.
Are you able to confirm your statement? Certain about this result? On your model and firmware, can you reproduce it?
Would love to hear from you. If necessary, we might need a backup of your config.
- Copy Link
- Report Inappropriate Content
Did you check the post I linked to earlier? Why is there not response there it that solution is incorrect?
I just tested it again? If I turn on All protocols, the device cannot connect. If I select only TCP then the internet works.
I am using the er707-m2 hardware version 1 with firmware version 1.2.2
thank you for your assistance.
the vlan is connected to an access point which is connected to a poe switch that's connected with a trunk port to the er707-m2 router.
- Copy Link
- Report Inappropriate Content
Hi @FlameOtter
Thanks for posting in our business forum.
FlameOtter wrote
Did you check the post I linked to earlier? Why is there not response there it that solution is incorrect?
I just tested it again? If I turn on All protocols, the device cannot connect. If I select only TCP then the internet works.
I am using the er707-m2 hardware version 1 with firmware version 1.2.2
thank you for your assistance.
the vlan is connected to an access point which is connected to a poe switch that's connected with a trunk port to the er707-m2 router.
I know what you wrote. I just need to confirm this because what you said is not what we expect and intend for the Gateway Management Page ACL.
Since you can confirm this, I will take this case to the test team and see if we can get the same result as yours.
That latest controller? Windows or Omada Hardware controller? Do let me know this as we need to test this out.
- Copy Link
- Report Inappropriate Content
Thank you so much. This is using the Omada Controller OC200 withv5.13.30.20
- Copy Link
- Report Inappropriate Content
Hi @FlameOtter
Thanks for posting in our business forum.
FlameOtter wrote
Thank you so much. This is using the Omada Controller OC200 withv5.13.30.20
Confirmed with the dev that this was a bug and will be fixed in future firmware updates. I have notified them about this matter and its importance.
This was mainly because UDP was selected in the protocols which blocks the DNS query(UDP) and leads to the Internet not being accessible.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 724
Replies: 7
Voters 0
No one has voted for it yet.