Got it

EG8145v5 IP Filter of a specific SSID

Created: Jul 13, 2021 15:45:35Latest reply: Jul 16, 2021 00:19:13 512 10 0 0 0
  HiCoins as reward: 0 (problem unresolved)

Hi everybody. First post. Thanks in advance for any support I get.


I have a EG8145v5 and have a rather specific requirement that I hope it can be possible.


I want to create a second SSID (I know how) that can only send and receive from a specific IP. That is, I create a SSID2 with passw XXXX and the device that connects to this SSID should only be able to send to a specific IP/Port.


The Security->IP Filter Configuration is of no use since it will filter for ALL SSIDs, not just the required SSID.


I am lost as to how to do this or even if possible. Please some advice or help.


Thanks



Featured Answers

Recommended answer

Chenxintao
Admin Created Jul 14, 2021 00:59:56

Posted by rsnbusa at 2021-07-14 00:24 Thanks for your answer.1-1) YES but for a MAC address which limits to a specific device vs a specifi ...

Hello friend!


I think you can also configure a static WAN implementation corresponding to the SSID index.


1. Click the Advanced Configuration > WLAN tab and choose WLAN Basic Configuration.


WLAN


2. In the navigation tree on the left, choose Advanced > WAN. In the pane on the right, click New.


WAN


In static mode, the IP address is set statically. You need to enter the IP address, subnet mask, IP addresses of the active and standby DNS servers, as well as the default gateway.


Binding Options: used to bind the WAN interface to the LAN port or to the wireless SSID.


NOTE:


Before setting the binding options, set the work mode of the LAN port to route or set the wireless SSID. The binding options can be set only after the work mode or wireless SSID has been successfully set.


Thanks!

View more
  • x
  • convention:

All Answers
Thanks for contacting the Huawei community!

We are checking your question and will provide an answer to you shortly...
View more
  • x
  • convention:

1) Actualy, IP Filter must to work with specified SSID:

1-1) Security >WLAN MAC Filter Configuration

OR

1-2) Advanced Configuration > Security Configuration > Wi-Fi MAC Address Filtering

(maybe upgrade..?)

https://www.router-switch.com/media/upload/product-pdf/huawei-echolife-ont-faq.pdf

2) IF not, look at ONT Parental Control =

https://forum.huawei.com/enterprise/en/ont-parental-control-introduction/thread/507813-100181


View more
  • x
  • convention:

Thanks for your answer.

1-1) YES but for a MAC address which limits to a specific device vs a specific ip/port
1-2) Does not exist in the EG8145V5 or at least not in my Router.

2) Will look into it.

The MAC address works well with the SSID and MAC combination. Tested it today. Still better if it was an IP/PORT.

Thanks.

View more
  • x
  • convention:

Posted by rsnbusa at 2021-07-14 00:24 Thanks for your answer.1-1) YES but for a MAC address which limits to a specific device vs a specifi ...

Hello friend!


I think you can also configure a static WAN implementation corresponding to the SSID index.


1. Click the Advanced Configuration > WLAN tab and choose WLAN Basic Configuration.


WLAN


2. In the navigation tree on the left, choose Advanced > WAN. In the pane on the right, click New.


WAN


In static mode, the IP address is set statically. You need to enter the IP address, subnet mask, IP addresses of the active and standby DNS servers, as well as the default gateway.


Binding Options: used to bind the WAN interface to the LAN port or to the wireless SSID.


NOTE:


Before setting the binding options, set the work mode of the LAN port to route or set the wireless SSID. The binding options can be set only after the work mode or wireless SSID has been successfully set.


Thanks!

View more
  • x
  • convention:

Thanks @Chenxintao for your answer.

I tried your solution and the result was:

1._ The SSID was created first ===> OK
2._ When creating a new WAN the parameters are IPoE not PPOe to be able to set the Static option below.
3._ Need a new IP different from the first WAN or any other existing WAN===> OK created
4._ When done like that and under WAN Information (first page) u can see that BOTH connections are "connected" (GREAT!!!!! i_f01.gif )

5._ Ping the new or old ip ====> Timeout no response. Apparent issues with the new IP.
6._ Delete the new WAN ====> pings respond to old WAN everything is now Ok

So close and yet so far i_f09.gif

The only alternative is to filter via MAC and SSID which makes it a little more constrained/limited since we would have to assign a specific MAC (I can) to our connections in order to be able to control its function/access to a specific ip/port (which we actually cannot do that, just know that since we control the device it will only call a specific ip/port).


So it seems there cannot be a way to filter ip/port on a specific SSID or is there another way.


It seems to be a very good option to be able to filter from a specific SSID.


I also tried using PARENTAL CONTROL but which could be "forced" to do what I need except it need a WAN connection and not a SSID and we get to the current alternative that does not seem to work.


Kind regards.

View more
  • x
  • convention:

Chenxintao
Chenxintao Created Jul 15, 2021 01:58:31 (0) (0)
If you can, collect the configuration file of the device by following the link below:
https://forum.huawei.com/enterprise/en/ont-information-collection-guide/thread/680485-100181
Thanks!  
Posted by rsnbusa at 2021-07-15 00:58 Thanks @Chenxintao for your answer.I tried your solution and the result was:1._ The SSID was created ...

Hi, friend!


The above method is feasible.

After the SSID is bound to the WAN, packets can be transmitted only through the WAN. Before configuring the static IP address, ensure that the static IP address is available.


If the IP address you are bound to be an invalid IP address, the network is disconnected. Therefore, you cannot ping the IP address.


Thanks!

View more
  • x
  • convention:

Hello, friend!


I need to reconfirm:


You want to control device access, you want to create an SSID and restrict the device to a specific IP address/port by using the new SSID2. The previous SSID1 can work properly.


Do you think I understand correctly?


Thanks!


View more
  • x
  • convention:

Hi Chenxintao.

Yes, I will have two SSIDs. One visible (discoverable) SSID1 and one not visible SSD2.

SSID1 with its password1 can connect to any IP/PORT the user needs.

SSID2 with its password2 should only access a specific IP/Port example 12.X.X.X:18000.

If I use WLAN MAC filtering in SSID2 (it works) I will have to create a list of MACs which I do not know beforehand or will make work harder in installation efforts. If SSID2 will filter/whitelist only IP/PORT (12.xx.xx.xx:18000) that would make possible to have any device connect to that service without knowing their MAC address.

Thanks.
View more
  • x
  • convention:

Also, I only have 1 IP from the ISP so adding a second WAN is not possible as I wrote before.

Regards.
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.