Accessing proxmox machine on IOT vlan/subnet from Home vlan/subnet
Accessing proxmox machine on IOT vlan/subnet from Home vlan/subnet

Hello all
Trying to reach IOT machine but I am unable to ping, check for open ports and webgui does not respond (proxmox machine).
  
I have created ACL rules on switch and eap but I cant connect to this machine at all.
 
 
Same rules are added to EAP as well.
 I also added route for this 
 
 
and on switch I have used all profile and IOT profile but it did not make any affect on end result.

Anything else I can do/check to reach IOT machine?
 
 Mind you I can connect with secure vlan with same rules (only they are made for scure vlan in mind)
 
 Please advise
  
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
  @Wifi-freak  @Vincent-TP 
 I have removed static route and deleted all rules that I had before and now started ACL from scratch.
 I can now access devices IOT and Secure Vlan.
 


Goal is to deny other devices from Home Vlan accessing Secure Vlan, they should only see/access SecureDns (pi-hole) on Secure Vlan.
AB-Devices can access everything on Secure Vlan and would like to do the same for OIT vlan as well.
I created deny rule (last screenshot) but if enabled I can not access anything on secure.
- Copy Link
- Report Inappropriate Content
Thanks for posting here. we don't need extra ACL config to allow communication between different VLAN interfaces.
To understand the situation, please let us know the following info:
1. A screenshot of the VLAN config page;
2. Some screenshots of the Ping results;
3. Does this only happens on the IOT machine? If plug another client into the IOT VLAN, will the same thing happen?
4. Is the Internet access working correctly for the IOT VLAN?
- Copy Link
- Report Inappropriate Content
Can you let me know what IPs are in your groups, and what vlans they reside on.
Its a bit diffuclt to decode the ACL list you have set up without know what is what and going where
- Copy Link
- Report Inappropriate Content
  @Vincent-TP 
 Hello 
 Here are more details
 

There are no other machines on this vlan, just this one PC and bunch of IOT sensors that are communicating using wifi IOT.
 Internet is working as I am runnning proxmox machine with mutiple virtual machines on it and all have access to internet.
- Copy Link
- Report Inappropriate Content
  @GRL 
 I have my devices on IP 172.16.172.x vlan 10 which need to access server/s on IOT vlan 30 with IP 172.16.174.x (ACL rule 7)
- Copy Link
- Report Inappropriate Content
What kind of IOT machine is it?
Do you have another client device for testing? For example, try connecting your phone to the IoT network to see if the same issue occurs.
Additionally, as I mentioned, different VLAN interfaces can communicate with each other by default. I recommend temporarily disabling the relevant ACL to test.
- Copy Link
- Report Inappropriate Content
  @Vincent-TP 
 There is nothing special with this machine, its normal hp mini pc running proxmox.
 I can use and access IOT wifi with my phone but as I said I can not access from my laptop connected to wifi home (Vlan 10) to wired hp mini pc on vlan 30.
- Copy Link
- Report Inappropriate Content
You should remove the static route that you created. no point of doing that.
If you disable the Switch ACL, will it work?
I can see you are using Omada routers, have you tried to use Gateway ACL?
- Copy Link
- Report Inappropriate Content
  @Wifi-freak  @Vincent-TP 
 I have removed static route and deleted all rules that I had before and now started ACL from scratch.
 I can now access devices IOT and Secure Vlan.
 


Goal is to deny other devices from Home Vlan accessing Secure Vlan, they should only see/access SecureDns (pi-hole) on Secure Vlan.
AB-Devices can access everything on Secure Vlan and would like to do the same for OIT vlan as well.
I created deny rule (last screenshot) but if enabled I can not access anything on secure.
- Copy Link
- Report Inappropriate Content
Thanks for the update.
The ACL configuration you've set up seems a bit messy. If all the EAPs are connected to the switch, I recommend configuring only the switch ACL.
Based on your requirements, you can try temporarily disabling the GW ACL and EAP ACL to see if it works as expected.
- Copy Link
- Report Inappropriate Content
  @Vincent-TP 
 
 Access point 1 is connected to gateway on first floor and access point 2 is connected to switch downstairs, meaning that I need to use the same rules on all three ACL ?
 
 
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 169
Replies: 11
Voters 0
No one has voted for it yet.



