Omada ACL configuration
Good morning, I am having difficulty in creating an ACL setting.
I have two subnets:
- 10.10.0.1/16 (VLAN 1)
- 192.168.18.1/24 (VLAN 18)
I have created two LANs (one for the default lan, the other for VLAN 18), two SSIDs (one for the default lan, the other for VLAN 18) and now I would like to create an ACL rule (switch ACL) to keep the two subnets from interacting.
In creating it, I get this error:
"This ACL rule cannot take effect because some switches did not respond to the configurations."
All devices are connected (green).
What can I do?
Thanks for anyone who would like to answer me
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Just tested: I removed the SG2008P switch but I still can't create the ACL rule. For now I solve with the "Guest VLAN"
TNX ;)
- Copy Link
- Report Inappropriate Content
Paste your network topology (Controller->Maps->Topology, click the Show Labels before taking the screen shot).
I suspect you have stacked switches and you've managed to lockout the lower switch with the ACL that was applied to the uppers switch. By lower and upper, I mean you have modem-->Router-->UpperSwitch-->LowerSwitch, as opposed to having both switches connected directly to router.
If this is the case, you just need to look at the order of priority of the ACLs you are applying and the PortConfigs applied to the switch ports that are connected to each other.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Ok, I believe the issue is due to the stacked switch architecture and the fact that VLAN1 is always untagged. Any chance all 4 of your switches can just plug directly into the ER707 (actually, just replace the wire+SG2008 with wire+ER707 and connect each of the 3 downstream switches directly to LAN ports on the ER707? If not, and this is a bit of a cheater move, just 'unmanage' the SG2008 (ie default it and don't re-adopt with controller and basically make it a dumb switch) things may just work at that.
If VLAN18 devices don't need to talk to each other, just make it a 'Guest VLAN', that will prevent those IP's from going anywhere but to the internet and you don't need ACLs.
- Copy Link
- Report Inappropriate Content
...the thing is that my house is made of 3 floors. Each floor has a switch (TL-SG2016P, TL-SG2428P and TL-SG3452P).
All three switches converge at the star center in the TL-SG2008P switch, to which perhaps I should attach the ER707-M2 and the OC300 controller.
Maybe this way the topology would be more correct?
- Copy Link
- Report Inappropriate Content
The ER707 has 7 ports, you are only using 1 for the WAN. I would relocate the ER707 to the physical centre of the 'star' configuration (where all cables terminate) and plug all switches directly into LAN ports on it. You can plug the controller into any available port on any device.
Worst case you have to run a new cable back to the ISP modem area to relocate the SG2008 there for any local wired clients....but I doubt that's a requirement.
- Copy Link
- Report Inappropriate Content
..for now by setting VLAN18 in "guest vlan" I have solved the problem temporarily... but it's strange that you can't do what I have in mind!
- Copy Link
- Report Inappropriate Content
I think the issue is that Omada is pretty simple, it expects 1 router - switch - APs - Meshed APs.
I would be interested to see if making the SG2008P a dumb switch by temporarily unmanaging it, if your solution then works. You can re-adopt after the test.
- Copy Link
- Report Inappropriate Content
Just tested: I removed the SG2008P switch but I still can't create the ACL rule. For now I solve with the "Guest VLAN"
TNX ;)
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1220
Replies: 8
Voters 0
No one has voted for it yet.