@nLofy Can you explain your network topology a little more?  Is/are the WAP(s) connected directly to the ER605 or are they connected to a switch?  If it is a switch, how have you configured the port(s) on the switch?

  @Alex789 I am using my ISP's DSL model into a TL-SG2008P switch with an OC200 controller. The WAP is a EAP225 it is connected to port 1 of the switch and port 1 is configured to profile "all". The Gateway Model is set to universal 1 port. 

  @nLofy If you aren't using an Omada gateway/firewall, you will need to configure the networks/VLANs on the device from your ISP as well.  The Omada controller only configures the omada devices it is managing.  So if you only have a switch/EAP managed by the controller the VLANs will exist on both of those but the gateway which is not Omada won't understand the traffic and will not be able to route it properly.

You also need to set whichever switch port your gateway is plugged into as "All".

  @Alex789 If I had a ER605 how would I setup these VLAN's. Assuming I go from ISP to wan 1 of the device then port 2 into the switch.

  @nLofy If you had an ER605 then you would put your ISP device into the WAN port on the ER605 and switch in the lan port.  As long as the networks were setup in the controller, the networks would get pushed into the ER605 by the controller.

Ideally, you would put your ISP device into passthrough mode if it supports that so you weren't applying NAT twice(double NAT).

If you wanted to isolate the network traffic between your VLANs you would also apply ACLs on the switch ports.

  @nLofy I did indeed get it all working on my bench but I thought I tried this exact setup once and it faild... im sure its me. I will deploy tomorrow with an update.

  @Alex789 I go the ER605 working and vlan are enabled on each network, now how do I make a EAP ACL that doesnt let the networks talk to eachother but lets the IoT network reach the internet? 

This does not let let IoT reach internet.

  @nLofy You probably want to use a switch acl, not an eap acl in that case.  Also, you should probably mark the IOT network as a guest which will block any wireless iot clients from being able to access anything else.

  @Alex789 I would like to make it so that the Home network can talk to the IoT for stuff like casting to a device but not have Iot Talk to Home?

  @nLofy 

Hi , I have the exact same problem...

But my switch is not managed by Omada... it's a T1600G.

How can I match Omada Controller settings with my switch?