i do not believe i went over omada in detail, but here we go. essentially, i just figured out the rest of my acl setup since i was not thinking too hard about it. this all started with my network infrastructure and wanting to segment network access across different lans. reason being is that i want my severs and clients to stay on different vlans.

though acls, traffic can be cut off so that there is no access to crucial resources by threat actors or random people who connect. mainly so that i can control who logs into what service. all of the servers that i can access are only accessible by me.

this first started with blocking all access to the admin lan from other lans. from there was fine grain control of which ip and port combinations i wanted to let through. adguard dns had to get through so i created recursive rules to allow the port 53 across the lan. i also ensured to create it two spots, switch acl and eap acl. since i wanted my wifi users to use my dns server as well. this was successful as i was able to check through the dns logs in adguard and ip addresses from the other lan came through.

next step was to allow access to immich since i want my family to utilize the service for their photos and video backups. then again, i had to let through a specific ip and port. i also wanted access for the other lan to use domain names, so i had to allow the nginx proxy manager ports as well.

after creating the needed acls, the access worked. testing was done on my phone as i just connect to the different ssids.