er7206 vlan without a switch
er7206 vlan without a switch
Reviving a closed thread: https://community.tp-link.com/en/business/forum/topic/265578
At the time it seems that it was determined that the er7206 could NOT support vlan itself when using the omada controller, and that an omada supported switch was required. However, there were also talks of firmware updates potentially adding this ability.
Can someone confirm whether or not the er7206 will support vlan isolation on it's ports when using the omada controller WITHOUT an omada managed switch?
I have multiple APs, but only a few wired connections, and the er7206 would suffice if this is now possible.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @dolhop
What you said "VLAN isolation" is solely the 802.1Q VLAN. VLAN interface is a set of functions that work together to make a different subnet.
If you want to isolate, then you should create an 802.1Q VLAN instead of VLAN interface. To isolate the connection, however, even if you create VLAN interface now, on the Controller you can set up ACL to block the communication by Gateway ACL now.
If you don't wanna follow the Gateway ACL and insist on creating the 802.1Q VLAN to isolate your network, you can create VLAN as PURPOSE. But all created VLAN on Controller will be set on to all the ports on the router and as tagged. You can only use the AP on this port. Then set up SSID VLAN.
But setting up 802.1Q VLAN may block access from your AP to the Controller. So, please set it up at your discretion.
- Copy Link
- Report Inappropriate Content
@Clive_A Thanks for the technical lesson I was merely trying to understand if the er7206 received any firmware updates to allow the omada controller to manage separated networks on the physical ports as it does with managed switches. In the thread I mentioned, it seems that from anecdotal evidence that this did not work, but that there was potential for a firmware update that might.
That said, I think I see what you're saying. eg. two APs on separate networks connected on two separate ports in the er7206 would mean that the controller (connected on a different port) would only be able to reach one of them (assuming it is on the same network as one of them).
- Copy Link
- Report Inappropriate Content
The above would be true if the *management vlan* set was different for the two APs and only one matched the management VLAN set on the controller.
- Copy Link
- Report Inappropriate Content
Hi @dolhop
That would be Management VLAN like d0ugmac1 said. Management VLAN is a term and you can find more in the User Guide of the Controller.
How to configure Management VLAN in Standalone mode for EAP
How to configure Management VLAN in Omada SDN Controller (4.4.4 or above)
In the second guide, you don't have to do certain switch config as you don't have one.
You can try them out and let me know if this helps you resolve your puzzle.
- Copy Link
- Report Inappropriate Content
@Clive_A your responses really have the feel of chatGPT. probably useful information, but not really....
- Copy Link
- Report Inappropriate Content
From your description, that feels like you need Management VLAN. That's isolation. But you said I am responding like a robot. That's offensive to me.
I think you should tell the difference between 802.1Q VLAN and VLAN interface before considering VLAN isolation. There are different ways to achieve isolation, ACL with VLAN interface, 802.1Q VLAN, and Management VLAN. That's all we have for the devices now. Which one do you want to use? What goal do you want to achieve?
Management VLAN can also achieve that if you want to isolate clients from AP, router, and router. But Management VLAN includes these core devices into the same network(VLAN) and makes them stay in the same subnet.
If you set AP to a different VLAN interface, you can still adopt it but requiring you to use Omada Discovery Utility or DHCP Option 138.
If you set AP to a different 802.1Q VLAN(Purpose = VLAN), then you don't have access at all. But I don't see anyone use this because you lose control to your devices.
What you revived is an old post asking for a feature to have the ability to set up PVID. Is that what you looking for? It was added several versions before.
- Copy Link
- Report Inappropriate Content
@Clive_A I didn't mean to be offensive. It's just the way it feels - your responses, while packed with useful information, still does not really answer my original question:
based on the other thread I mentioned, https://community.tp-link.com/en/business/forum/topic/265578, the OP is trying to use a er7206 router, with two separate networks and prevent these two networks from communicating with each other. The general consensus I glean from the responses is "no, this cannot be done simply with an er7206 and oc200 controller - an omada managed switch is required". Yet, there were mentions of new firmware that might support this.
So my simplified question is: yes or no, can this now, two year later, be done without a managed switch?
- Copy Link
- Report Inappropriate Content
dolhop wrote
Reviving a closed thread: https://community.tp-link.com/en/business/forum/topic/265578
At the time it seems that it was determined that the er7206 could NOT support vlan itself when using the omada controller, and that an omada supported switch was required. However, there were also talks of firmware updates potentially adding this ability.
Can someone confirm whether or not the er7206 will support vlan isolation on it's ports when using the omada controller WITHOUT an omada managed switch?
I have multiple APs, but only a few wired connections, and the er7206 would suffice if this is now possible.
Short answer is NO. the only option witch Omda controller is to change PVID. all the other vlan is still there tagged and cant be removed.
I think you can do what you want in stand alone.
- Copy Link
- Report Inappropriate Content
The answer is YES if your APs can send tagged frames.
The answer is NO if your APs cannot send tagged frames.
You would have more flexibility in this aspect if you use your router without Omada Controller.
- Copy Link
- Report Inappropriate Content
@KJK Thanks everyone. I am using two Omada APs, tagged frames will be in use because I need to support 3 different SSIDs on three different networks (for wired isolation as well). I have all of this working now with tagged frames etc on my current Asus routers. But the point of moving to Omada and using the controller is to allow for seamless handover when moving from one AP to the next...
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1613
Replies: 12
Voters 0
No one has voted for it yet.