*Solved* Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
*Solved* Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled
*Solved* Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled
2020-10-28 03:50:18 - last edited 2020-11-12 11:16:23
Model: EAP225  
Hardware Version: V3
Firmware Version: 2.20.1

Thank you for the questions and tips.

 

*Solution* I was using a non-VLAN-aware router/modem combo provided by ISP. Added a VLAN-aware router (TL-R470t+) to network and had ISP set their modem/router to bridge mode so I can use my own router's functionality.

 

All VLANS are TAGGED on ports connecting network infrastructure (Router-Switch, Switch-Switch, Switch-EAP) and each client port is set to the PVID of its client's VLAN. VLANS are isolated as expected.

 

*Problem*

My wifi devices can connect to the EAP 225, but enabling VLANs on the wirelss networks in Omada software controller causes the devices to lose internet connection. This defeats the whole purpose of segmenting my network to separate home automation/media devices from my other VLANs.

 

Here is the network infrastructure:

EAP225(US) v3.0 firmware 2.20.1, previously 2.5.1

T1600G-28PS v3.0 firmware 3.0.6, previously 3.0.5

T1500G-8T v2.0 firmware 2.0.6, previously 2.0.5

Omada Software Controller v4.1.5, useable with current firmware, not previously

Hitron router supplied by ISP (Shaw)

 

This is my configuration, I had no problems with it before the firmware upgrade:

T1600 is the backbone, in between the T1500, EAP, and router. Omada is on a laptop connected to the T1500.

VLANs 1 (default), 2 (guest), 3 (automation and media), 4 (gaming), 5 (internet) - I had to have a separate 'internet' VLAN to add to ports to allow them internet access.

Switch-to-switch port profile is the default 'All' profile (PVID 1, all VLANs tagged)

T1600-to-Router port profile is PVID 5, all VLANs untagged

Ports for client devices have the PVID x, with VLAN x and 5 untagged. So, my omada laptop, NAS, virtual machine on the NAS, and printer are on VLAN 1, have PVID 1 with 1 and 5 untagged. This allows them to access one another as well as internet. Ports for guest devices are on VLAN 2 so have PVID 2 with 2 and 5 tagged, etc.

 

Ethernet devices are all functioning properly. They have internet access and are segmented between VLANs.

 

***This last part is my stumbling block.

T1600-to-EAP225 port profile has PVID 1 with 1,2,3,5 untagged (no wifi access required for VLAN 4). It seems I have tried every permutation but nothing seems to allow me to have SSIDs with enables VLANs that also connect to internet.

The EAP had no problem separating SSIDs into VLANs with firware 2.5.1. Now that it is using 2.20.1 and Omada, wifi devices can connect to the EAP, but can only access internet through the EAP if VLANs are disabled.

 

 

I would be interested to hear some advice on how to set the port profiles, thank you.

0
0
#1
Options
1 Accepted Solution
Re:Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled-Solution
2020-11-05 22:01:23 - last edited 2020-11-12 11:16:23

" port profile has PVID 1 with 1,2,3,5 untagged "

 

Did you meant to say that you have PVID ( untagged / native VLAN) 1 with 2,3,4,5 tagged?

 

The management IP address of the AP needs to be untagged (it could also be tagged if management vlan is specified, but if ID is 1, then it cannot be tagged) and user vlans need to be tagged.

 

" T1600-to-Router port profile is PVID 5, all VLANs untagged "

 

This also needs to have vlans tagged. You can only have one vlan untagged (or all vlans tagged) on a port.

 

You may like to scribble a quick diagram showing all equipment and their interconnections and mark it with port numbers and associated T or U for the required VLANs. All end client devices should only be in their required VLAN. Routing them to Internet does not require any additinal vlans tagged or untagged. Only switch to switch or switch to AP links should have multiple VLANs.

Recommended Solution
3
3
#3
Options
4 Reply
Re:Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled
2020-11-03 10:23:00

Dear @deerskin,

 

Could you please show us a detailed network topology and provide the backup file of your Omada Controller?

With more detailed info, we could figure out the issue and give you effective suggestions.

Get Started Here: https://community.tp-link.com/en/business/forum/topic/551684 https://community.tp-link.com/en/business/forum/topic/552406
0
0
#2
Options
Re:Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled-Solution
2020-11-05 22:01:23 - last edited 2020-11-12 11:16:23

" port profile has PVID 1 with 1,2,3,5 untagged "

 

Did you meant to say that you have PVID ( untagged / native VLAN) 1 with 2,3,4,5 tagged?

 

The management IP address of the AP needs to be untagged (it could also be tagged if management vlan is specified, but if ID is 1, then it cannot be tagged) and user vlans need to be tagged.

 

" T1600-to-Router port profile is PVID 5, all VLANs untagged "

 

This also needs to have vlans tagged. You can only have one vlan untagged (or all vlans tagged) on a port.

 

You may like to scribble a quick diagram showing all equipment and their interconnections and mark it with port numbers and associated T or U for the required VLANs. All end client devices should only be in their required VLAN. Routing them to Internet does not require any additinal vlans tagged or untagged. Only switch to switch or switch to AP links should have multiple VLANs.

Recommended Solution
3
3
#3
Options
Re:*Solved* Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled
2020-11-24 00:45:40 - last edited 2020-11-24 00:48:30

I am having this same issue with EAP-235wall. However my eap-225 ceilings are working just fine with same port and controller configuration. This is a new install for me and the 30 eap-235's are gonna be returned if this is not fixed. It's definitely a bug because as I said the eap225 v3's work just fine on same switch port and same configs. BTW the same situation occurs when AP is in standalone mode. Wireless clients obtain an IP address on the correct vlan but traffic does not pass. 

0
0
#4
Options
Re:*Solved* Post-Omada Upgrade: Wifi Clients Unable to Connect to Internet with VLANs Enabled
2020-11-24 03:54:02

Dear @JBark,

 

I am having this same issue with EAP-235wall. However my eap-225 ceilings are working just fine with same port and controller configuration. This is a new install for me and the 30 eap-235's are gonna be returned if this is not fixed. It's definitely a bug because as I said the eap225 v3's work just fine on same switch port and same configs. BTW the same situation occurs when AP is in standalone mode. Wireless clients obtain an IP address on the correct vlan but traffic does not pass. 

 

The post you replied has a solution. Did you read it and does it help? What's the firmware version of the working EAP225 V3, please?

If the solution above doesn't help for your case, it's highly recommended to start a new thread (click here).

 

It would be much appreciated if you could describe the problem as detailed as possible, it's also helpful to locate the problem if you provide the configuration file and draw a diagram showing all devices and marking their interconnections with port numbers for further analysis. Thank you!

Get Started Here: https://community.tp-link.com/en/business/forum/topic/551684 https://community.tp-link.com/en/business/forum/topic/552406
0
0
#5
Options