Trying to understand how to work with VLANs and Omada Controller
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello community,
sorry I know that a lot of threads already existing about VLANs, but I cannot fully understand in my specific case how to proceed. We would like to move from our current setup with 2x TL-ER6120 v3.0 Router and Netgear / TP-Link switch to our new Setup with
- 1x TP-Link OC200 Omada
- 1x ER7206
- 2x TL-SG3428
- 1x TP-Link TL-SX3016F 16-Port 10GE
We need to get the setup fit for our infrastructure, this means we have 3 root server 1x storage and 2x hypervisior running. All root servers are on the same network and working fine. We already created 2x interfaces with different IP subnet (10.1.11.0/24 and 192.168.0.0/24) in the omada controller. After that we have restrict the networks with ACL that a communication between the two subnets is not possible which is fine. Also give the VMs the VLAN from subnet 1 and 2 is working and the VM is getting the right IP address from router and internet is also working fine.
Now we try to create different VLANs on subnet 1 and 2 and assign the VMs with the VLAN, but we get this setup not running. This means the VMs get no IP address and did not have an internet connection. What we need to do that this will be possible? And is it possible that the router give the VM based on the VLAN tag a IP adress from the right subnet, this means when I create VLAN 200 which is a VLAN from Subnet 2 the VM should get a IP address from 192.168.0.XX instead of 10.1.11.XX which is the default network. We have created the port 17 as tagged port where we route the interfaces and VLANs.
One more security question: currently we testing the setup in our office:
FritzBox (with own internal Network) -> 1x ER7206 -> TL-SG3428 -> Hypervisor -> VMs. Inside the VM I can not ping from subnet 1 to subnet 2 but I can ping all devices from the FritzBox network. Is this issue coming from the fritzbox or is there a setup issue on controller / router?
Many thanks in advanced
@Somnus Thanks for your help and answer. I try to explain a bit more and hope you will understand my issue:
Image 1 show you my test setup about the network and some explanations:
Image 2 show you my Subnet and VLAN setup:
So my question is:
- After creation of the VLAN1001: I get no internet connection inside the VM. I have created the profile VLAN and have tagged all Subnet and also the VLAN on port 17 which is connected with the root server -> hypervisior -> virtual switch -> VM. In our current setup the assignment of the VLAN to a VM is working fine without any issue. In the new setup the internet connection is not working. My question, why I get no Internet connection with crated VLANs, how can I get the VM connected with VLAN only to the internet, this means without creating a new subnet?
- Can I create a VLAN and assign it to a VM, the VM should automatically understand the VLAN is from Subnet2 and get a IP addresse from Subnet2 192.168.0.XX but can not communicate with the other servers in Subnet2 only with the VMs which assigned the same VLAN.
Is this generally working with my idea or do I need create for each VM groupe a own subnet what would be a lot of work instead of using VLANs only? Sorry for the big input I hope you can follow my problem and understand now better my questions
Thank you very much!
I think I understand your requirement now, but I don't think it is possible on Controller mode. Basically what you want is similar as this example:
So VLAN 2 and VLAN 3 are in the same subnet, but cannot communicate with each other.
To reach this we have to configure the router in standalone mode, because we need to get VLAN1000 or VLAN2000 Untag from the router. In controller mode, we cannot modify the router port PVID, and it is always in VLAN1 default VLAN.
There is another solution, that is not use VLAN to stop communication between your devices, but use ACL. That means all VM devices will be in the same VLAN/subnet like VLAN2000. However you can limit the traffic according to devices' IP or MAC address.
