How to route between different vlans?
Im using ER7206 with Omada Software Controller.
I created 2 Vlans, but I couldn't even ping between their gateways. How to configure it?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
use this video for stopping inter vlan communication:
https://www.youtube.com/watch?v=7i17jvrIjD0
basically you create rules in the switch ACL to block your VLAN from accesing the default LAN and that is about it.
Deny > all protocols > network (vlan home) to network (lan).
setup a rule to prevent the acces to the gateway or switch from vlan by using ip port group with the subnets of lan and vlan gateways/32 (32 means that you block only that ip)
note: if you have your desktop connected to the 7-8 ports and you lock yourself out of the router/gateway just remember to change the port to the 1-6 if you want to connect to the router or use a cloud controller if you have one set up
for anything more complicated, pray that maybe somebody from tp link will actually make working examples on how to allow exceptions targeted at device level trough the deny rules with acl. omada has alot of potential, but for now is still behind the competition.
- Copy Link
- Report Inappropriate Content
@kibokura056 by default all inter vlan communication is open, you should ping whatever you want.
if you don't have a switch you cant use vlans without vlan aware devices that could tag their own traffic (switches, ap's), so maybe you can't ping anything because you only have devices on vlan1?
- Copy Link
- Report Inappropriate Content
I assigned Vlan1 and Vlan2 to the port connected to the switch that surpports tag Vlan.
The settings on the Switch are as follows.
Please help.
- Copy Link
- Report Inappropriate Content
Try somthin like this, I think this will work for you.
PVID is right if you want only vlan2 on port 7-8
connect router to port 1-6
Or this, then you have to connect router to port 1
And remember LAN interface on router, enable port you use to connect the switch
- Copy Link
- Report Inappropriate Content
Thanks for your advice. it worked!
And then, routing all packets between different Vlans is inconvenient, so i want to filter it. Can you please teach me how to set the ACL of it?
- Copy Link
- Report Inappropriate Content
use this video for stopping inter vlan communication:
https://www.youtube.com/watch?v=7i17jvrIjD0
basically you create rules in the switch ACL to block your VLAN from accesing the default LAN and that is about it.
Deny > all protocols > network (vlan home) to network (lan).
setup a rule to prevent the acces to the gateway or switch from vlan by using ip port group with the subnets of lan and vlan gateways/32 (32 means that you block only that ip)
note: if you have your desktop connected to the 7-8 ports and you lock yourself out of the router/gateway just remember to change the port to the 1-6 if you want to connect to the router or use a cloud controller if you have one set up
for anything more complicated, pray that maybe somebody from tp link will actually make working examples on how to allow exceptions targeted at device level trough the deny rules with acl. omada has alot of potential, but for now is still behind the competition.
- Copy Link
- Report Inappropriate Content
I really appreciate your help.
My switch doesn't support omada SDN so I orderd a switch that supports it.
Ill try the method when i get the item.
- Copy Link
- Report Inappropriate Content
@kibokura056 if you got a switch compatible with omada sdn, just remember to uprade it's firmware in order to use vlans properly. try to use a rasberry pi or an oc200 and it's all good. you could set things up with software controller and forget about it.
after adoption and firmware upgrade you will have a vlan tab in config, enable your home vlan in config:
And edit ports
The ports with a single vlan, that have the vlan enabled in config (vlan interface) will act as untagged ports. in my config port 1 the uplink is a trunk, port 2 is also a trunk that leads to the EAP. If you are using this setup home you can leave it at that, but for business it's recommended that the unused ports should either be disabled or used with a dead end vlan (black hole) that has no dhcp and no usability.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 9747
Replies: 7
Voters 0
No one has voted for it yet.