EAP Controller 2.0.3 Access Control Application Example

Suitable for EAP controller 2.0.3 or higher version


In some scenario, such as in an office network administrator may want to provide visitors Wi-Fi access to Internet. But they do not want the visitor to have access to local wired network for security concern.


For TP-Link wireless routers this requirement can be fulfilled by using guest network. On EAP we can achieve this goal by using access control.This article aims to give you some instructions on how to configure access control on EAP controller 2.0.3. For EAP controller 2.2.3 configuration example please refer to FAQ1060.


Below is a sample topology. In this sample we want the laptop to have Internet access but cannot access the server in the LAN.  


1. Before configuration verify that the laptop can communicate with wired desktop/server. Here we use ping on laptop and ping a wired server as an example.

2. Configure Access control. Go to Wireless Control-> Access Control and fill in the restricted Subnets field and click Apply button. By using the below configuration the laptop will not be able to communicate with any of the wired desktop or server. If you only want to prevent the laptop from access a specific server, for instance, enter

3. Enable Access Control on the wireless network.

4. Verify that laptop cannot ping the wired server but can ping Internet.

In the above example as the laptop cannot communicate with any of the device in the subnet you must make sure the DNS server on the laptop is outside or the laptop will not be able to access Internet. One solution is to set the DHCP server to assign public DNS server.

This Article Suits for:
EAP220 , EAP110 , EAP120
User Application Requirement | Updated 03-10-2016 07:56:31 AM