MAC-Groups on TL-SG2210MP controlled by OC200
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello,
I want to have some guest-isolation with ACLs in a setup without vlans.
Since ACL with ipv6 is not possible yet, i want to achive some switch-ACL with MAC-groups to control traffic on MAC-layer.
But I would need a group "all MACs" in a way like all IPs in Ip-Group with 0.0.0.0/24
In switch-standalone-mode there is something like a mask for MACs. I don't see this in Omada.
I would like to have two switch-ACLs which are set on certain switch ports:
Allow: source: all MACs, destination: MAC of Router
Deny: source: all MACs, destination: all MACs
So guest on Port #2 would be allowed to reach the router on port #1, but would not be allowed to reach other clients on other isolated ports. Problem: Some isolated ports should reach other isolated ports (PC on Port #4 should reach Printer on Port#5)
In switch-standalone Mode you could achieve this with port-isolation and forwarding ports (instead of MAC-Rules). But forwarding-ports can't be set in Omada SDN.
So I have two questions:
1. Can i set something to set All-MACs as Mac-Group (for example placeholders or masks like 00-00-00-00--00-00 or ff-ff-ff-ff-ff-ff)
2. Or if the Mac-Rule-Thing is not possible: Can i set Forwarding ports in addition to Portisolation like in switch-standalone Mode
Greatings
As for the Port Isolation, you can go to "Settings-Wired Network--LAN--Profile-Advanced Option".
Click the checkbox to enable Port Isolation. An isolated port cannot communicate directly with any other isolated ports, while the isolated port can send and receive traffic to non-isolated ports.
Hi,
Port 2 (guest) is not allowed to communicate with port 4 and 5. So port 4 and port 5 have to be isolated.
But Port 4 and Port 5 shall communicate with each other (private PC and private printer). So there has to be a possibility to set up a forwarding port list (like in the standalon mode of the switch gui).
Here is a screenshot of standalone-mode of the feature i am looking for (first part is isolated port, second part is the list of isolated ports, to which an isolatet port can communicate). I am wondering if Omada SDN has that possibility of setting up a forwarding port list or if this ist planned or not planned to be implemented.
