I need to create two VLANs : one only for VoWifi users and one for Internet users.

For the first lan i want to drop access to the wan exept for Vowifi (ports 500 and 4500 I think).

Any suggestions ?


1 Answer

+1 vote


1. Create a second access point

2.  Create a second LAN network

3. Create a new Port Based VLAN, set all LAN ports to OFF, uncheck primary Access point used for internet and check your newly created Wifi for VoWiFi. Save settings.

4. Create firewall rules

5. Specify which ports you wont to accept separated by space. In this case you want 500 4500. Save settings

6. Add a new rule as in step 4. In edit page specify action as Drop

7. Your settings should look something like this:

Please note: drop rule should always be the last one, and accept rules should be above it.

Very clear answer, thank you very much. I made the test and it works fine ! But in my configuration I opened the source port 500 4500 not the destination ports. And it works. However, I closed the 500 4500 from the wan.

Thank you again for your explanation !
I'm very glad to hear you made it work, have a nice day :)