How to configure ACL on Omada AP via Omada Controller

Configuration Guide
Updated 10-24-2024 09:32:48 AM 2914
This Article Applies to: 

Objective

Requirements

Introduction

Configuration

Conclusion

FAQ

Objective

This document outlines the steps to configure ACL rules on Omada AP using the Omada Controller to restrict wireless client access.

Requirements

  • Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller)
  • Omada AP

Introduction

To ensure network security and maintain the quality of service within an enterprise network, Omada APs support Access Control Lists (ACL). By filtering wireless packets, ACL limits unauthorized wireless users’ access to the network and controls the access rights of user nodes. This helps manage traffic and enhances network security. There are two primary use cases for the ACL feature on Omada APs:

1. Protecting resource nodes. By isolating specific packets from devices, ACL can block unauthorized users from accessing sensitive resources.

2. Restricting access rights. ACL can limit the permissions of specific wireless users.

This guide demonstrates how to configure ACL, using Omada Controller version 5.14.20.9 as an example.

Configuration

Step 1. Log in to the Controller and navigate to Site Settings > Network Security > ACL > EAP ACL. Click Create New Rule to add a new ACL rule.

Location to create new EAP ACL rules.

Step 2. Enter a description for the ACL, check Enable by default, and select either Deny or Permit based on your needs (this example uses Deny). Choose the required protocols, or select Select All to include all protocols.

EAP ACL configurations, including Description, Status, Policy, Protocols, and Rule.

Step 3. Configure the Source and Destination by selecting the relevant types. For this example, choose SSID as the Source and IP Group as the Destination. Select the desired SSID and IP Group for the ACL, then click Create to finalize the rule.

EAP ACL configurations, including Description, Status, Policy, Protocols, and Rule. This example shows a specific rule being configured.

Each type of entry is created differently:

  • Network: To view or create network entries, navigate to Site Settings > Wired Networks > LAN > Network.

Location to create new LAN networks.

  • IP Group, IP-Port Group, IPv6 Group, IPv6-Port Group: These can be created directly from the ACL configuration page by selecting the appropriate type and clicking Create. This example demonstrates creating an IP Group.

Creating a new IP group, including Name, IP Subnet, and Description.

You can also view or create these entries in Site Settings > Profiles > Groups.

Location to create a new group.

  • SSID: To view or create SSID entries, go to Site Settings > Wireless Networks > WLAN.

Location to create a new wireless network.

Conclusion

This guide provides a step-by-step process for configuring ACL on Omada APs using the Omada Controller.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

FAQ

Does Omada AP ACL apply to specific directions?

Re. The current ACL on Omada APs only applies to the WLAN->LAN and WLAN->WLAN directions.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.