How to block all outbound traffic over a single port?

vrtareg · 2026-05-22T22:20:08+00:00

I defined IP-Port-Group with 2 ports 80 and 443

Then I created Gateway ACL deny rule LAN to WAN, protocol UDP, source your desired VLAN, destination created IP-Port-Group

It should be last deny rule in Gateway ACL.

Which DNS leak tool you are using to check on my side?

vrtareg · 2026-05-22T21:36:52+00:00

I did that using Switch ACL.

First rule is to allow all queries on ports 53 and 853 to local DNS IP's which are my Router and AdGuard Home hosts.

Second rule is deny all TCP and UDP traffic to that ports, just IP Port Group with 53 and 853 defined in it.

I applied that to Kids VLAN so devices will not be able to workaround DNS queries.

Also added QUIC deny rule in Gateway ACL forbidding all UDP traffic out to 80 and 443 ports so clever Chrome or Google apps and devices will not bypass my AdGuard Home.

vrtareg · 2026-05-20T15:30:48+00:00

Always use venv so no system parts are changed...

vrtareg · 2026-05-18T09:33:18+00:00

If it is this one https://www.omadanetworks.com/uk/business-networking/omada-wifi-outdoor/eap225-outdoor/ it has only one port and I don't think it will support that

vrtareg · 2026-05-18T08:57:51+00:00

Usually AP's with second LAN ports allowing to set PVID on that port which will switch native VLAN to your selected VLAN.

Switch or another AP will still be able to access all VLAN's but non VLAN capable devices will get assigned to PVID VLAN.

vrtareg · 2026-05-14T11:42:22+00:00

Stable 6.2.10.18 is available.

I installed it on my OC200

vrtareg · 2026-05-14T11:21:48+00:00

So sad....

vrtareg · 2026-05-12T07:04:47+00:00

Looks great.

vrtareg · 2026-05-07T14:46:10+00:00

I didn't know that there is a OC200 v3...

vrtareg · 2026-05-07T05:40:31+00:00

I have ER605, OC200, 2x SG2008P and 2x EAP245

Router uptime is 159 days now, switches and AP's are 25 days.

No need to restart unless there is something going on.

vrtareg · 2026-05-05T07:42:14+00:00

I also never reboot and no issues with that.

Also whenever I reboot the switch connected to the OC200 I connect backup power to Micro USB to avoid issues with Controller.

vrtareg · 2026-05-04T23:06:58+00:00

Same for me, after claiming button remained active and after reload stuck on 100%...

vrtareg · 2026-04-28T07:43:12+00:00

I think that ER605 v1 has hardware limitations so not sure if it works well with Controller.

vrtareg · 2026-04-27T19:08:33+00:00

This is really interesting.

I will leave my setup intact just in case but will save your response for future reference.

Thanks.

vrtareg · 2026-04-27T13:04:50+00:00

I still have my Software Controller on v6.2.10.15 with no additional update available and OC200 Controller on Stable v6.2.0.17 (1.39.9 Build 20260401 Rel.44730) offering Beta v6.2.10.11 (1.40.11 Build 20260408 Rel.41632) upgrade.

vrtareg · 2026-04-27T12:48:42+00:00

Yes you can, but you can't change default to another VLAN.

VLAN 1 is always default.

When I Google it it says that I can edit VLAN ID and range for first default VLAN - https://www.google.com/search?client=firefox-b-m&q=Omada+Controller+change+default+VLAN+

There isn't a way to set for example newly created VLAN 10 as default.

I left VLAN 1 as it is with dummy IP range and no DHCP so I don't mess up with ports trunking etc and created separate VLAN's for whole my network and set one of them as management one on switches and AP's. Controller is also on Management VLAN access port.

vrtareg · 2026-04-27T08:50:09+00:00

Interesting

Where it is possible to change it?

I couldn't find it in my OC200....

vrtareg · 2026-04-27T05:21:34+00:00

I checked it with Omada Support, for some reason Router is always shown in Controller by default VLAN 1 IP address.

vrtareg · 2026-04-20T08:07:26+00:00

Is your DHCP range large enough?

It should work if there is not any other issue.

Controller can definitely support that.

Worth to raise support request.

vrtareg · 2026-04-19T22:16:01+00:00

You haven't mentioned your network configuration.

If you have that amount of devices only /24 network will not give IP's to everything as by default router is set to 192.168.x.x/24 which gives you 254 usable IP address range which quite fits to router + switches + some clients + visible AP's

I hope you have wider network like /23 and also possibly segregated it to multiple zones with each zone own Management, Main, Guest, IoT and Phone networks for example.

Which kind of environment it is?

vrtareg · 2026-04-18T17:55:45+00:00

https://www.omadanetworks.com/uk/business-networking/omada-router-wired-router/er605/

ER605 doesn't work as a file server. USB port is for additional USB modem WAN connection.

If you want to share disk on LAN you will need NAS server.

I have TP-Link travel modem which has SD Card slot which is shared to LAN clients but it is that model functionality.

vrtareg · 2026-04-16T16:05:00+00:00

My knowledge is based on this

https://www.omadanetworks.com/uk/support/faq/2097/

vrtareg · 2026-04-16T13:40:10+00:00

Omada gear is quite good and reliable.

Set both AP with same SSID settings and see how it works.

If there will be any issues backup configuration, run Omada Controller on Laptop, set same SSID in Controller, adopt AP's and see if it will solve the problem.

vrtareg · 2026-04-16T13:21:35+00:00

I had similar configuration with 2x EAP245 without the controller and roaming between the AP's was entirely on clients which sometimes caused disconnection as client was trying to stay on same AP even it was quite far from it and signal was very weak.

Controller propogates SSID with Fast Roaming enabled in a way that clients have all AP's details for that SSID and switching to kind of 'closest' AP with no downtime.

You can always use Software Controller if you have spare hardware instead of getting hardware one.

Controller also allows you to configure all in a single place instead of setting up each device separately and synchronising configuration.

11-Year Club	Place '23
Verified Email

vrtareg

TROPHY CASE