VLAN and DHCP issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VLAN and DHCP issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VLAN and DHCP issues
VLAN and DHCP issues
2024-01-10 15:52:11
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.3

Hi,

 

I have an SSID on VLAN 10.  I have created a VLAN 10 interface with DHCP enabled.  I have created switch ACL so that VLAN 10 cannot see other networks, and this is bidirectional.

 

I can connect to this SSID using my phone and my phone will get a DHCP IP address and i can access the WAN, but the other networks are not visible.

 

The SSID has a lot of smart devices connected previous to the VLAN and ACL setup and these devices used to get an IP from DHCP just fine.  Now, these devices do no connect to the network as the devices are not assigned an IP from the DHCP server.  I have tried using the client reconnect feature in Omada but no luck.  I have also tried to manually assign an IP from the specific VLAN but these doesn't seem to propagate to the device.

 

I thought i might have miss-configured something so i have followed this guide: https://www.tp-link.com/en/support/faq/3091/

 

I have also rebooted my switch and router with no change.

 

What am i doing wrong?

  0      
  0      
#1
Options
4 Reply
Re:VLAN and DHCP issues
2024-01-11 01:35:36

Hi @Jacko_ 

Thanks for posting in our business forum.

Use GW ACL. GW ACL is stateful while the SW ACL is stateless.

 

How to implement unidirectional VLAN access through ACL configuration on the Omada Gateway in Controller mode

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:VLAN and DHCP issues
2024-01-12 13:35:39

 Hi @Clive_A ,

 

I will give that guide a go.  Should i still create switch ACLs or just the Gateway ACLs?

 

Many thanks

 

  0  
  0  
#3
Options
Re:VLAN and DHCP issues
2024-01-12 14:29:51

  @Clive_A 

 

Ok i created the GW ACL rule for the IoT vlan and while it's blocking access to the rest of my vlans, but I can ping the other direction i still have 30 devices that do not get a new IP from DHCP.

 

I'm also having an issue where a server VM inside Proxmox on a separate vlan can access the internet and this VM can ping the web and all vlans - i have not created an ACL yet.  But what is strange is i can not ping the VM from another vLAN.  I do have the switch port configured for this vlan.  Strange, I'm just not sure what is going on with this.

 

Lastly, can you explain the difference between stateful and stateless when it comes to the ACL rule?  creating the rule at the Gateway level rather than switch i guess means the ACL rule will propagate all TP-Link devices on the network?

 

Thanks again

  0  
  0  
#4
Options
Re:VLAN and DHCP issues
2024-01-15 06:38:16

  @Jacko_ 

Jacko_ wrote

  @Clive_A 

 

Ok i created the GW ACL rule for the IoT vlan and while it's blocking access to the rest of my vlans, but I can ping the other direction i still have 30 devices that do not get a new IP from DHCP.

 

I'm also having an issue where a server VM inside Proxmox on a separate vlan can access the internet and this VM can ping the web and all vlans - i have not created an ACL yet.  But what is strange is i can not ping the VM from another vLAN.  I do have the switch port configured for this vlan.  Strange, I'm just not sure what is going on with this.

 

Lastly, can you explain the difference between stateful and stateless when it comes to the ACL rule?  creating the rule at the Gateway level rather than switch i guess means the ACL rule will propagate all TP-Link devices on the network?

 

Thanks again

It is not proprietary.

 

  1. ACL keeps track of the state of each network connection.
  2. It monitors and remembers the status, sequence numbers, and other parameters associated with a connection.
  3. This type of ACL allows traffic based on the context or history of previous packets in a session.
  4. Stateful firewalls use this approach to allow inbound traffic that is part of an established outbound connection while blocking all other incoming requests.

 

By default, VLAN interfaces allow access between each interface. If it can access other interfaces, you should check if you have properly configured it or is it under the config.

 

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options