42
Votes

mDNS Service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
1101112...
 
42
Votes

mDNS Service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
252 Reply
Re:mDNS Service
2022-06-01 01:24:17

I would also like to throw my vote in for adding mDNS to the omada controller + er605 setup. Interlan firewall and routing rules are a close second after that. IoT on a separate vLAN is networking and security 101 these days. There is NO WAY I will add my LG stove to vLAN with my other clients, as an example. There is just no way LG patches their stoves regularly.

 

I otherwise really like the tp-link omada product lineup and features.

#102
Options
Re:mDNS Service
2022-06-01 01:29:07

  @Xstreem 

 

Though I'd love to have mDNS, the lack of it should not prevent you from assigning your LG stove to your IoT VLAN. Most people need mDNS only because some of their IoT devices (like chromecast) need to do inter-vlan broadcast.

#103
Options
Re:mDNS Service
2022-06-01 05:14:46

  @Softtryme

Well if this:

"Interlan firewall and routing rules are a close second after that."

would work, XStreem would probably do that. But it does not and therefore it does not matter if he/she uses a vlan or not, because it does not offer any protection right now.

#104
Options
Re:mDNS Service
2022-06-01 16:33:24

  @Softtryme mDns is needed because devices that just uses Bonjour (typically Apple) but not just Apple cannot communicate if not in the same vlan.

Think for example to use AirPrint you cannot print if not in the same printer lan or DLNA on a tv that access a NAS or all devices that uses Apple HomeKit like some smart lamps.

And for security and segmentation reason I don't want to have my phone, printers, TV, NAS, iot stuff in the same network.

#105
Options
Re:mDNS Service
2022-06-01 17:45:04 - last edited 2022-06-01 17:52:38

@Kaktus317 

I'm pretty sure you can use ACL rules to achieve inter-vlan routing rules. This is exactly how I implemented it. and therefore my IoT and camera vlans are unable to talk to my main LAN. I even blocked my camera vlan's access to the router, which makes them strictly "offline" ip cameras.

#106
Options
Re:mDNS Service
2022-06-01 17:47:32 - last edited 2022-06-01 17:52:10

@Xstreem 

 

Yes I got what you are saying. Printer is indeed a legit use case. But does your LG stove use bonjour? I was trying to say nothing should prevent you from adding your smart stove to your IoT vlan, because it doesn't do any sort of broadcast.

#107
Options
Re:mDNS Service
2022-06-01 21:48:26

  @Softtryme

I am pretty sure that this is not possible, because some weeks ago when I was trying to do that, based on a unify tutorial, it would not work because tplink does not provide the features for it.

#108
Options
Re:mDNS Service
2022-06-01 22:11:56

  @Kaktus317 

 

Maybe you shouldn't be following unifi tutorials when setting up TP-Link equipments. Check this out https://youtu.be/7i17jvrIjD0?t=721. This is exactly how I did it.

#109
Options
Re:mDNS Service
2022-06-01 22:30:14

  @Softtryme

Maybe you should not assume that everybody has the same needs as you do.

I was/am not the only one with this problem and as far as I know it has not been resolved yet:

https://community.tp-link.com/en/business/forum/topic/252860

 

And one has to ask why an advertised "professional" system is not able to do such things even after months of possible firmware updates. 

#110
Options
Re:mDNS Service
2022-06-01 22:44:12

  @Kaktus317 

 

I did not assume anything. OP Xstreem said "There is NO WAY I will add my LG stove to vLAN with my other clients, as an example.", which clearly indicates a one-way denial:  block traffic from IoT to main LAN, regardless of who the initiator is. So I don't understand why your problem could prevent him from adding his stove to his IoT vlan. 

 

Regarding the point you made, yes it would be a great feature to have. I have many IP cameras myself too, but I don't have your problem, because all of my cameras connect directly to my synology NAS, which has two ethernet ports. I just dedicated one of them to my camera VLAN. 

 

I never really take their "professional" "business" buzz words too seriously. The only reason I chose Omada is because it can offer about 80% of what Unify can offer, at a much lower cost. 

#111
Options