MAC-Groups on TL-SG2210MP controlled by OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

MAC-Groups on TL-SG2210MP controlled by OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
MAC-Groups on TL-SG2210MP controlled by OC200
MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-16 09:46:29
Model: OC200  
Hardware Version: V1
Firmware Version: 4.3.5

Hello,

 

I want to have some guest-isolation with ACLs in a setup without vlans.

Since ACL with ipv6 is not possible yet, i want to achive some switch-ACL with MAC-groups to control traffic on MAC-layer.
But I would need a group "all MACs" in a way like all IPs in Ip-Group with 0.0.0.0/24

 

In switch-standalone-mode there is something like a mask for MACs. I don't see this in Omada.

 

I would like to have two switch-ACLs which are set on certain switch ports:
Allow: source: all MACs, destination: MAC of Router
Deny: source: all MACs, destination: all MACs

 

So guest on Port #2 would be allowed to reach the router on port #1, but would not be allowed to reach other clients on other isolated ports. Problem: Some isolated ports should reach other isolated ports (PC on Port #4 should reach Printer on Port#5)

In switch-standalone Mode you could achieve this with port-isolation and forwarding ports (instead of MAC-Rules). But forwarding-ports can't be set in Omada SDN.

 

So I have two questions:
1. Can i set something to set All-MACs as Mac-Group (for example placeholders or masks like 00-00-00-00--00-00 or ff-ff-ff-ff-ff-ff)

2. Or if the Mac-Rule-Thing is not possible: Can i set Forwarding ports in addition to Portisolation like in switch-standalone Mode

 

Greatings

 

  0      
  0      
#1
Options
5 Reply
Re:MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-19 05:39:44

@nutzich 

 

As for the Port Isolation, you can go to "Settings-Wired Network--LAN--Profile-Advanced Option".

 

Click the checkbox to enable Port Isolation. An isolated port cannot communicate directly with any other isolated ports, while the isolated port can send and receive traffic to non-isolated ports.

  0  
  0  
#2
Options
Re:MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-19 16:48:50

@John1234 

Thank you John1234. Port Isolation is one part. But there are isolated ports wich should communicate with each other. For example Port #4 PC with Port #5 Printer.

In standalone mode you can set up that by the feature "forwarding ports". I miss that in Omada.

Greatings

  0  
  0  
#3
Options
Re:MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-20 08:58:16

@nutzich  Port 4 sets up as the Isolated port, and port 5 doesn't set it up.  The User Guider tells me: An isolated port cannot communicate directly with any other isolated ports, while the isolated port can send and receive traffic to non-isolated ports.

 

Which may make port4 and port5 can communicate with each other and port4 cannot communicate with other isolated ports?

  0  
  0  
#4
Options
Re:MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-20 09:19:24 - last edited 2021-07-20 09:20:46

@John1234 

Hi,

Port 2 (guest) is not allowed to communicate with port 4 and 5. So port 4 and port 5 have to be isolated.

But Port 4 and Port 5 shall communicate with each other (private PC and private printer). So there has to be a possibility to set up a forwarding port list (like in the standalon mode of the switch gui).

Here is a screenshot of standalone-mode of the feature i am looking for (first part is isolated port, second part is the list of isolated ports, to which an isolatet port can communicate). I am wondering if Omada SDN has that possibility of setting up a forwarding port list or if this ist planned or not planned to be implemented.

  0  
  0  
#5
Options
Re:MAC-Groups on TL-SG2210MP controlled by OC200
2021-07-22 03:52:36

@nutzich 

If the situation is A can not talk to B, but A and B can talk to C, then I think the port isolation on the controller can work as expected.

 

The controller has no the same function on standalone mode, maybe the ACL will be the solution.

  0  
  0  
#6
Options