Knowledge Base Essence Posts Summary — Omada Configuration Videos (VPN, VLAN, ACL-Related)
This post is mainly from posts released by forum customer @Death_Metal, and I would like to thank @Death_Metal and others for the quality and professional Guide sharing you have contributed to the TP-Link forum for such a long time.
For some Forum users who have questions about Advanced features, such as VPN, VLAN, ACL, etc., if you need a detailed configuration video, here are some high-quality posts of Configuration and Installation Guide videos for many typical Topologies/Scenarios summarised for reference only.
Some use case for this scenario includes accessing another LAN across the internet, say a PLEX server. Also good for accessing LAN resources such as storage (private Cloud/NAS), across the public Internet
- Add a pseudo-perimeter network, which adds a layer of network security for Home Computing
- Fully isolate IoT network from Home VLAN
- Allow one-way full access to IoT devices without opening ports or creating elaborate ACLs
- Enjoy the flexibility and power of Omada SDN without compromising security
Blocking specific VLAN from accessing the Internet.
- Upgrade / Replace ER-605 with ER-7206 with Default IP
- Upgrade / Replace ER-7206 with ER-8411 with non-Default IP
- Admin - this is the Native/Default VLAN 1. Access to all VLANs
- Home - Access to all except Admin VLAN
- Guest - Access to Internet only, no access to same-VLAN devices. Wireless ONLY
- Cameras - Access to same-VLAN devices only, no Internet
- IoT - Access to same-VLAN devices with Internet
This Isolated VLAN is to complement the limitation of the "Guest" feature for Wireless, specifically, the end-device isolation (i.e. all wireless clients connected to Guest WiFi can't see each other). The Guest feature only works for Wireless Clients only so this Isolated VLAN do a similar thing: prevent other Wired Clients in the same VLAN to see each other (and also not see other Clients in other VLANs). The Isolated VLAN end devices must still be able to access the Internet.
The Secluded Wireless VLAN is to prevent wireless clients to see each peers/neighbors in the same VLAN but still have Internet Access and Granular Access to clients. For users that have implemented the Isolated VLAN design, they found out that using the same/similar ACLs and applying it to EAP didn't work as they expected it to be: the WiFi clients always sees each other in the same VLAN. In this revision, the solution is to simply "poke" a h0le to the Guest Feature functionality.
If you want to learn more about Omada-Related configuration videos, please check out here.