I did star work for small company as IT admin. They have network base on omada products. The network is build by external company and they also configured it.
router : ER605 v2.0
switches : TL-SG2428P v5.0
APs : EAP615-Wall(EU) v1.0
controller : OC200
LAN network is not used and we have Management VLAN where all swithces and APs are, then I have home VLAN 10 and quest VLAN 20. In settings → network security → ACL there are only two rules in switch ACL (gateway and EAP ACLs are empty):
- denny quest access to LAN, home and Management
- denny home access to LAN and Management
so question #1 what is default state? all routing between vlan is permint?
I am trying to access host in quest from home and it is not possible. So I assume that routing between vlans is denny by default. question #2 do you think that those two rules are unnecessary?
I did create rules (in switch ACL) which permit access from home to quest. It is first rule. But still not able to access host in quest vlan from home. I did enable all protocols. I am not also ping router quest IP from home vlan.
question #3 what is different or how should I understand gatewat ACL, switch ACL, EAP acls?
maybe I dont understand it correctly. Thank you for any help, tip or link to documentation.