Can I setup a VLAN on Omada for a second network (router) and use it for a WiFi SSID?
Can I setup a VLAN on Omada for a second network (router) and use it for a WiFi SSID?
I am new to the Omada system... I use the Omada Switch TL-SG2210P V5 with the OC200 (2.0) Controller and an EAP 650 (all with latest firmware updates) on my network with a router from another brand.
Is it possible to directly connect another router with a different network/internet-connection to a switch-port and create a VLAN for this one, which is available on the EAP to set up a new SSID for the other network? The routers both don't support VLANs and provide DHCP etc.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Dennnis
Yes, you can.
The easiest way is port VLAN on switch, but VLAN topic is very deep, so red a lot of it and try to understand it first, then implement :)
- Copy Link
- Report Inappropriate Content
@DREEMus How can I do this basic setup? Simply creating a VLAN and assigning it to a port on the switch and then to the one wifi-network does not work...
- Copy Link
- Report Inappropriate Content
I will assume your OC200, switch, AP and users are all in subnet 1 (VLAN1?), which is an untagged network. Router 1 provides DHCP and is the gateway.
Now, you want to add a second SSID to your AP and assign it to a VLAN, say VLAN10. You need to make sure the port profile of the switch port that the AP connects to is modified so that it's PVID is the same as all the other ports, probably VLAN1 and so is untagged for VLAN1, BUT it also needs to be part of VLAN10 and VLAN10 should be tagged. The switch port that your new router (Router 2) plugs into, must ONLY belong to VLAN10 and MUST be untagged, so therefore it's PVID is set to 10. This should enable your switch to separate the traffic coming from the AP by SSID/VLAN and only the appropriate router will respond with DHCP info. Both routers will see their traffic as the ports they connect to are untagged.
- Copy Link
- Report Inappropriate Content
As @d0ugmac1 describe it's possible, but as you can see it's not easy to implement for non-tech people. The easy way is bought omada compatible router (gateway in tp-link naming).
Second, if you implement VLAN right now without omada router (gateway) and something happens, you are unable to fix it, because lack of knowledge.
- Copy Link
- Report Inappropriate Content
Router 1 is connects to a port assigned to the default network (VLAN1) in Omada.
In Wired Networks/LAN I created a new VLAN 10 and it automatically created a port profile for this with VLAN 10 as Native Network (PVID) and also VLAN 10 as Untagged Network. Now I activated it on the VLAN Interface in Switch Config.
The port connected to Router 2 is set to the VLAN 10 port profile.
I created the SSID assigned with VLAN 10. The port with the AP connected has a port profile with VLAN 1 as native network (and untagged network) and VLAN 10 as tagged network.
But a client still can't connect to the Router 2 network over the SSID...
Is that not right or are there any other settings to change?
- Copy Link
- Report Inappropriate Content
As above, adding a US$50 ER605V2 would be the easiest...but we can drill a little further here.
We assume you want:
The one mystery left is what kind of config the OC200 will push to your AP. I think you need to assume full fakery!
When you created your second LAN subnet, I hope you created it with the exact same settings as the LAN configuration of R2, same subnet, mask and gateway.
Also Omada assumes gateway based DHCP is always .1
You might want to try configuring the VLAN as below, and playing around with specifying Legal DHCP servers as well
Finally can you confirm if the client can join SSID2? Do they get a valid IP? Can they ping any other network device other than themselves?
- Copy Link
- Report Inappropriate Content
@d0ugmac1
Yes, does not work... I tried all possible settings, I could find...
A 20$ Managed Switch can do this, but Omada managed switches don't?
On a cheap ZyXel I can just set the VLAN and it works, used it on the EAP before getting the controller and switch...
- Copy Link
- Report Inappropriate Content
I think you mix-up some things what we are trying to explain.
Show us some diagram (with internet connection) what you expect from your stuff, we try to help you, but we need know more details ;)
I have basic PoE switch from TP-Link which is working as WAN switch (in VLAN2) and separate traffic from LAN (in VLAN1) are working perfectly fine, so don't blame us for your issue.
Your request can be made by few ways.
So you should look at this from "packet" perspective. After packet from you SSID2 passing EAP they are not tagged (pure traffic between EAP and mobile), after passing EAP they are tagged with VLAN10 and go to switch, on switch this packets are still tagged so you must tell the switch which port should/can work with this VLAN10 (and this features is PVID in TP-Link). So we back to my first post, first understand VLAN, then implement ...
PS. after reading carrefurly you should set-up your network as you expect, but some network basic are still required.
- Copy Link
- Report Inappropriate Content
d0ugmac1 wrote
As above, adding a US$50 ER605V2 would be the easiest...but we can drill a little further here.
We assume you want:
The one mystery left is what kind of config the OC200 will push to your AP. I think you need to assume full fakery!
When you created your second LAN subnet, I hope you created it with the exact same settings as the LAN configuration of R2, same subnet, mask and gateway.
Also Omada assumes gateway based DHCP is always .1
You might want to try configuring the VLAN as below, and playing around with specifying Legal DHCP servers as well
Finally can you confirm if the client can join SSID2? Do they get a valid IP? Can they ping any other network device other than themselves?
I did a quick test based on the drawing here for fun, it worked straight away, the only difference was that I didn't enable DHCP L2 relay.
so yes @Dennnis it works with TP-Link switches. I use a sg2428p
Port 2,4,6,8 WAN VLAN-999 (Vlan Only) To my internet provider
Port 10 mainrouter LAN Interface VLAN1
Port 14 Second router LAN interface VLAN-888 (Vlan Only)
- Copy Link
- Report Inappropriate Content
Were you using a Controller to do this test, and did you mock up the SSID-per-router bit on a controlled AP as well?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2005
Replies: 12
Voters 0
No one has voted for it yet.