Inter-vlan routing always on with TL-R605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Inter-vlan routing always on with TL-R605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Inter-vlan routing always on with TL-R605
Inter-vlan routing always on with TL-R605
2021-01-30 20:10:25
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.0

I have the latest SDN Controller running on a VM.   i have an access point.  I have just added a TL-605   and im stuck with intervlan routing always on. 

 

I have vlan 1  with DHCP and DNS running on a windows server

I have VLan 31  with DHCP on the R605

 

I do not have a TP-Link switch I have a Cisco SG-300.  I do not have access to apply ACL's on the SWITCH section of the controller.   but i have applied them on the Router and EAP sections.

I cannot connect across vlans over WIFI,  but i have alot of hardwired devices that have no problems passing traffic between the vlans.  

 

The cisco switch is set correctly and was restricting intervlan traffic with an RV320 router.  I am wanting to move more to the TP-Link ecosystem. but this may be a deal breaker.

 

A trace route clearly shows a HOP at the router

 

Is there somewhere else i should look or is there a way to better manager the switchports on the TL-605

  1      
  1      
#1
Options
15 Reply
Re:Inter-vlan routing always on with TL-R605
2021-01-31 09:55:03

@ ScottB.ca 

 

There is no ACL on the TL-R605 this function is for decoration :-) you can make some ACL rules from LAN to WAN, that's all. so briefly summed up, no ACL between VLAN nor any ACL from remote LAN to LAN in VPN tunnel, only from LAN to remote LAN .. I was a little surprised ovet that this important feature was missing, especially considering that they sell the device with these descriptions .

 

 

Reference TP-LINK WEB.
Abundant Security Features: Advanced firewall policies, DoS defense, IP / MAC / URL filtering, and more security functions protect your network and data.

 

 

  0  
  0  
#2
Options
Re:Inter-vlan routing always on with TL-R605
2021-01-31 15:33:31

@shberge 

I was feeling the the ACL portion was a farce from looking at the interface.

 

I did notice that on the controller I could assign an EAP access list and my wireless clients were not able to pass traffic.

 

I did not think about VPN.  Thanks for pointing that out.

 

Unless this gets corrected in the near future I will be using tp-link solely for wireless hardware.   

shberge wrote

@ ScottB.ca 

 

There is no ACL on the TL-R605 this function is for decoration :-) you can make some ACL rules from LAN to WAN, that's all. so briefly summed up, no ACL between VLAN nor any ACL from remote LAN to LAN in VPN tunnel, only from LAN to remote LAN .. I was a little surprised ovet that this important feature was missing, especially considering that they sell the device with these descriptions .

 

 

Reference TP-LINK WEB.
Abundant Security Features: Advanced firewall policies, DoS defense, IP / MAC / URL filtering, and more security functions protect your network and data.

 

 

 

  0  
  0  
#3
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-15 15:29:12

I've become frustrated with this as well... you can't configure routing functions on the router.  Before I continue to buy into the TP-Link ecosystem, can someone confirm that with a TP-Link SDN compatible switch, inter-vlan routing can be blocked?  

  0  
  0  
#4
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-15 17:50:20

@trimmkm 

 

I have a R605 Router, SDN switch and APs running 4x vlans (Management, Private, Guest and IOT)

 

The VLANs are all separated and dont route controlled by ACLs, with exception of the controller address / ports as I use the Guest Portal. 

 

This video on YouTube might be of interest to you, he describes it in some detail 

 

https://www.youtube.com/watch?v=7i17jvrIjD0

 

 

  0  
  0  
#5
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-22 02:32:11 - last edited 2021-02-22 02:32:33

@Philbert 

 

thanks for you input. 

 

My problem was that the router by itself does not stop inter-vlan routing.  it needs to have switch to block that traffic.

  0  
  0  
#6
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-22 08:13:58

Dear @ScottB.ca,

 

My problem was that the router by itself does not stop inter-vlan routing.  it needs to have switch to block that traffic.

 

Sorry for any inconvenience caused. This feature will be supported in the subsequent firmware updates.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  2  
  2  
#7
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-24 03:03:30

@Fae    Thank you for the information.  I look forward to future releases.    

 

Is there an option to apply to Beta test firmware releases.  I work in the networking industry and would enjoy providing feedback.

  0  
  0  
#8
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-26 02:16:01

@Philbert 

 

Thanks for the reply.  I found Cody's videos about a month ago, and I bought into the Omada system because of them.  I've tried setting up my networks based on the linked video (I'm sure half his YT views are from me), but I'm having trouble setting up access between VLANs.  I've been able to recreate his rule to allow access to the switch GUI, but as soon as I try the same rule format with my HA server, only about 5% of my pings are returned.  I can't get get my clients on my main VLAN to talk with my home assistant server on my IoT VLAN.  I can get Kodi on the IoT VLAN to talk to my NAS on my main VLAN, but I can't get the other IoT devices to talk to my DNS on the same server (on the main VLAN).  I'm getting frustrated. 

 

Does anyone have a good reference for allowing traffic between VLANs that is specific to the Omada software?

  0  
  0  
#9
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-26 02:19:51

@trimmkm 

 

By default traffic will flow between vlans.    Can you isolate what might be different between the connections that work and those that don't?

 

Wireless / wired?    

What are you networks per VLAN?

 

 

 

Scottb.ca  supporting technology.

  0  
  0  
#10
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-26 02:55:03

@ScottB.ca 

 

Here is my setup. 

 

TL-605, TL-SG2008P, and EAP245, Omada controller software on PC

 

TL-SG2008P:

EAP245 (Port 1 - VLAN1 Native, VLAN 10, 20, 30 Tagged)

PC (Port 2 - VLAN1 Native)

Home Assistant (Port 3 - VLAN 30 Native)

TL-605 (Port 8 - All port profile)

 

VLANS are set up as Interfaces with DHCP enabled on separate subnets

 

With all ACL rules off, I can connect to HA on VLAN 30 from my PC on VLAN 1 and from an iPad on VLAN 10

 

Relavent ACL rules (all other rules disabled):

"deny all protocols, source: network interface for VLAN 30 to destination: other network interfaces/VLANS" - This is at the bottom of the ACL stack.  With only this enabled I can't ping/connect to HA on anything other than VLAN 30.

 

"Permit all protocols, source: network/VLAN 10 to destination: HA IP Group" - This is at the top of the stack.  When first enabled or moved in the ACL list, two pings will be returned then the rest time out, and no connection to HA from any other VLAN.

 

I'm sure its something simple that I'm overlooking, but at this point I can see the forest for the trees. 

 

 

HA on Raspberry PI is on VLAN 30, wireless clients on VLAN 10 and wired PC on VLAN 1 cannot access HA.

  0  
  0  
#11
Options