Block LAN access by Restricted Subnets

I have created a Guest WLAN in the E400 but I'm trying to block LAN access and only provied internet access to this WLAN. With the rules I have in place below traffic does not flow. No LAN or WAN access.

What do I need to change here?

192.168.11.1 is the router

192.168.11.2 is the AP

Thanks,

You need to add a rule at the end allowing traffic to the internet. Add a 'permit' rule with precedence 4  with a source IP value of 'any' and adestination IP value of 'any'.

Assume that Guest WLAN is mapped to VLAN 11 and VLAN 11 subnet is 192.168.11.0/24. The network has other VLAN ment for non guest traffic like coporate or production network say VALN 1 and VLAN 5

VLAN 1 : 192.168.1.0/24

VLAN 5 : 192.168.5.0 

The guideline for ACL will be 

1. Blcok traffic going to production network or corporate network at WLAN level 

2. Allow all other traffic 

The ACL will look like 

1. deny 192.168.11.0/24 to 192.168.1.0/24 in (deny traffic to VLAN 1 network)

2. deny 192.168.11.0/24 to 192.168.5.0/24 in (deny traffic to VLAN 5 network)

3. permit ip any any any (allow all other traffic)

 

1 Like