Cant access to a higher IP of a VLAN
My hardware:
Omada Cloud - OC200 - 5.9.32
Router - ER506 V2.0 - 2.1.2 Build 20230210 Rel.6299
Switch POE - TL-SG2428P v2.0 - 2.0.6 Build 20221130 Rel.42340
AP - EAP235-Wall(US) v1.0 - 3.1.0 Build 20210721 Rel. 46004
Hi guys,I'm trying to implement a simple VLAN of my client network, I saw many videos for exaple this: https://www.youtube.com/watch?v=UBtPme0RQ2U. Making a resume of the video, he create many VLANs and he can access each other VLAN no matter in what VLAN is. And for that reason he create restriccions. So im stuck in the step 1, I just create 2 VLANs but i just access if I am in a higier IP. I do exactly in the same way, even I reset all my devices many times and probe everthing, the resume of my problem is:
VLAN1 192.168.1.x - Administrator - (Just can access the devices in the same VLAN)
VLAN30 192.168.30.x - Cameras - (Can access all devices in all VLANs)
The problem here is I can't access to VLAN30 (Cameras) if I am in the VLAN1 Administrator, I already try to make ACL Rule to permit Administrator to cameras but it does not work.
Please help guys.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
How was the IP camera assigned it's IP parameters? Did you manually configure them, or was it done via DHCP by the ER605? What you are describing could be the case if the gateway IP was not configured or misconfigured, or if the subnet mask was similarly wrong.
- Copy Link
- Report Inappropriate Content
SOLVED. Your right, The camera for a strange reason, has a gateway 192.168.0.1 and de VLAN gateway was 192.168.30.1, when ia change that setting the camera appears en all VLANs, thank you for you help guys
- Copy Link
- Report Inappropriate Content
The Omada system by default allows all VLANs to communicate with eachother, therefore if there is a block its likely something you have added via ACL
I would start with disabling / deactivate your current ACLs and give it a few mins, see if you can then connect the VLANs and work back from there. Had this myself one time and was a mis-config on my part.
You havent got Guest mode enabled on the Camera vlan or anything like that?
- Copy Link
- Report Inappropriate Content
That's the reason why I don't understand. When I restart everything by default, the two VLANS that I created can't communicate each other, just if I am in a higher VLAN. They are not restricted yet.
And they are not guest configuration any of them.
Thank you fou your help
- Copy Link
- Report Inappropriate Content
Try a factory reset of the switch and then re-push its configuration (so 'Forget' and 'ReAdopt'). If that doesn't work, try the same with the ER605.
- Copy Link
- Report Inappropriate Content
I already reset all devices several times, but not just that two devices. I'm gonna do it and I let you know.
Thank you
- Copy Link
- Report Inappropriate Content
I already see what is the problem, I can reach another VLAN if a connect another computer o cellphone, but in this case is a camera, i think i need permit some special ports for that kind of device. For the case of camera the problem persist.
If someone can help me for that case, please let mi know.
Hardware: Camera IP Dahua DH-IPC-HFW1439S1-LED-S4
Thank you
- Copy Link
- Report Inappropriate Content
Your difficulty accessing VLAN30 (Cameras) from VLAN1 (Administrator) appears to be caused by creating two VLANs but being restricted to only access devices within their respective VLANs. An Access Control List rule was attempted but did not work successfully to allow access from Administrator VLAN into Cameras VLAN, so far without success.
Here are a few steps you can try in order to solve this problem:
Keep a close watch over all VLAN configurations across devices (OC200, ER506, TL-SG2428P and EAP235-Wall). Check that VLAN IDs and IP addresses have been assigned properly for every one.
Make sure the VLAN interfaces on the ER506 router are configured properly so as to allow communication among VLANs and enable inter-VLAN routing if applicable.
Make sure that the ACL rule you created on the ER506 router is configured appropriately so as to permit traffic between Administrator VLAN and Camera VLAN, specifying all appropriate source/target IP addresses/subnets within its parameters.
Reducing communication delays between VLANs by temporarily disabling firewall settings or security features might help, so make sure these features on devices that could obstruct communication are temporarily turned off for testing purposes.
Assimilate connectivity by pinging devices from within the Cameras VLAN from within the Administrator VLAN. Use both IP addresses and hostnames to test if DNS resolution is working as expected.
- Copy Link
- Report Inappropriate Content
How was the IP camera assigned it's IP parameters? Did you manually configure them, or was it done via DHCP by the ER605? What you are describing could be the case if the gateway IP was not configured or misconfigured, or if the subnet mask was similarly wrong.
- Copy Link
- Report Inappropriate Content
SOLVED. Your right, The camera for a strange reason, has a gateway 192.168.0.1 and de VLAN gateway was 192.168.30.1, when ia change that setting the camera appears en all VLANs, thank you for you help guys
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1953
Replies: 8
Voters 0
No one has voted for it yet.