EAP Controller 2.0.3 Access Control Application Example
Suitable for EAP controller 2.0.3 or higher version
In some scenario, such as in an office network administrator may want to provide visitors Wi-Fi access to Internet. But they do not want the visitor to have access to local wired network for security concern.
For TP-LINK wireless routers this requirement can be fulfilled by using guest network. On EAP we can achieve this goal by using access control.This article aims to give you some instructions on how to configure access control on EAP controller 2.0.3. For EAP controller 2.2.3 configuration example please refer to FAQ1060.
Below is a sample topology. In this sample we want the laptop to have Internet access but cannot access the server in the LAN.
1. Before configuration verify that the laptop can communicate with wired desktop/server. Here we use ping on laptop and ping a wired server 192.168.1.5 as an example.
2. Configure Access control. Go to Wireless Control-> Access Control and fill 192.168.1.0/24 in the restricted Subnets field and click Apply button. By using the below configuration the laptop will not be able to communicate with any of the wired desktop or server. If you only want to prevent the laptop from access a specific server, for instance 192.168.1.5, enter 192.168.1.5/32.
3. Enable Access Control on the wireless network.
4. Verify that laptop cannot ping the wired server but can ping Internet.
In the above example as the laptop cannot communicate with any of the device in the 192.168.1.0/24 subnet you must make sure the DNS server on the laptop is outside 192.168.1.0/24 or the laptop will not be able to access Internet. One solution is to set the DHCP server to assign public DNS server.