Home

Forums

Stories

Knowledge Base

Business Community > Routers > Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

< Routers

Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-01 20:59:00 - last edited 2023-08-02 02:01:19

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-08-01

Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-01 20:59:00 - last edited 2023-08-02 02:01:19

Tags: #WAN Setup

Model: ER605 (TL-R605) OC200 TL-SG1210P

Hardware Version: V2

Firmware Version: 2.0.0 Build 20220106 Rel.56391

Hello,

Is it possible to great a segregated rest of my network from my IOT gateway using only the hardware above? With teh additional complication that access to the internet is via an external router connected over LAN (since the router does not support bridging) to the ER605.

Behold, my artwork - Current physical state

Desired Logical State

0

0

#1

6 Reply

2023-08-02 03:53:39

Posts: 6082

Helpful: 3000

Solutions: 1396

Stories: 0

Registered: 2023-06-09

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-02 03:53:39

Thanks for posting in our business forum.

I am not sure why you add an IoT gateway. Is there a reason for that? If you want, so be it. You should worry about if the VLAN can be effective since you are literally separating this VLAN 3 from the whole Omada network. Different Gateway means the NAT is not done by the Omada gateway. Configs and all other things will be done on that router.

VLAN 3 has to be configured on the IoT gateway. You cannot use ER605 for the creation of the VLAN 3. It's not gonna work because of NAT on the IoT gateway.

And your IoT gateway LAN should connect to the switch with the VLAN 3.

The Omada router is capable of ACL which you can use it for allow and deny. If you still keep Omada as the gateway, you can use the ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#3

LV1

2023-08-02 11:07:03

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-08-01

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-02 11:07:03

Thanls you for helping with this.

My first problem is i don't know how to set up the VLAN systems i drew out in the diagram - Where do i begin?

Re the gateway, it's not something i have control over. Iit's one of these, which only connects via ethernet. Runs a proprietary IOT RF based messaging sustem to my alarms. I can control where i plug it in, but are you saying teh route is unable to tag it based in (say) mac address or similar...does it have to go via switch? i need teh (All PoE) switch ports to power my EAPs.

0

0

#4

2023-08-03 07:18:04

Posts: 6082

Helpful: 3000

Solutions: 1396

Stories: 0

Registered: 2023-06-09

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-03 07:18:04

OK. Then you are referring to a product like an IoT controller. Not the Gateway(router) we usually say. Then it should be a lot easier. You don't have to change your plan or diagram if that's an IoT controller.

All you need to do is to refer to the setup guide to set up your VLAN interfaces and implement ACL to segregate the IoT.

Standalone guide How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode

Controller guide How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#5

LV1

2023-08-03 15:06:25

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-08-01

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-03 15:06:25

Thanks again for yoru helo Clive. This is where i'm getting stuck - I have an unmanaged switch and the Controller guide How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller seems to assume it is a managed switch.

On the stand-alone guide it seems to imply to can assign router ports to different VLAN Id's - so i guess that's an option somehow even when managing router via OC200? How would i do that?

If i had just one single network e.g. 192.168.1.0/24 and i bought a managed switch - will the switch be able to isolate devices using VLAN OR do i need to have a different subnet for each VLAN defined in the router to ensure devices cannot communicate with eachother?

0

0

#6

LV1

2023-08-04 01:40:00

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-08-01

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-04 01:40:00

Cheapsk8 wrote

If i had just one single network e.g. 192.168.1.0/24 and i bought a managed switch - will the switch be able to isolate devices using VLAN OR do i need to have a different subnet for each VLAN defined in the router to ensure devices cannot communicate with eachother?

So to answer my own question - the answer is yes. Because i'm cheap i'm sending the router back and will put money towards a managed switch,

0

0

#7

2023-08-04 01:59:04 - last edited 2023-08-04 02:01:44

Posts: 6082

Helpful: 3000

Solutions: 1396

Stories: 0

Registered: 2023-06-09

Re:Advanced VLAN Config: No WAN, Unmanaged Switch - How to segregate IOT gateway?

2023-08-04 01:59:04 - last edited 2023-08-04 02:01:44

Your picture was posted with a managed switch so I thought that you were an owner of a full Omada solution. Omada router, Omada switch(all manageable), and EAP.

If the switch is unmanaged, then you cannot implement what you need because you need to specify the ports on the switch with different VLAN IDs. Each port may contain one or more than one VLAN ID.

With an unmanaged switch, you cannot specify anything but plug-and-play. And all VLANs will flood into the port if you trunk the downlink of the router.

There isn't any better way to fix this. Unless you have multiple unmanaged switches, so for each switch it will have a dedicated VLAN. Because an unmanaged switch can only handle one untagged network and this does not fit your setup because you need some other devices to work on the switch.

If the setup isn't suitable for you and exceeds your budget, you can consider another solution. If you need to get a managed switch, and stick to this plan, you have to keep the Omada router. Get a managed switch from the Omada series, or any other VLAN-supported and configurable switch and implement this.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#8