Hi @EliteAustria 

Thanks for posting in our business forum.

EliteAustria wrote

 

Both sides can no longer reach each other.
Both sides are always blocked, not just one direction...
This used to work with the old version under Omada v5.12

Then try to downgrade your controller to V5.12. Be sure you have backup everything in any version.

EliteAustria wrote

 

Question 2:
Every traffic from 2 networks goes through the gateway

Is “inter-vlan routing” possible with the new L3 Omada switches?  Traffic/Routing only via the switch?
A lot of people ask and want inter-vlan-routing

Explain the concept from you on this "inter-vlan-routing".

Hi @EliteAustria 

Thanks for posting in our business forum.

EliteAustria wrote

  @Clive_A 

 

Thanks, I'll try it this weekend and then write the result here.

 

Clive_A wrote

Explain the concept from you on this "inter-vlan-routing".

 

I want L3 routing on the switch from network A to network B without routing via the gateway.
There are now new L3 switches from TP-Link Omada:
Example "SG6428X"
Is this possible with Omada or is all internal network traffic only routed via the gateway?

If you don't want it to go to the router, then don't set it up on the router. Do not use a VLAN interface on the router which will defaultly send the inter-VLAN to the router and route. Create the DHCP server on the switch instead. And use static routing.

FAQ 887 as an example. Don't need to go for the SG6428X.

Hi @EliteAustria 

Thanks for posting in our business forum.

EliteAustria wrote

  @Clive_A 

https://www.tp-link.com/us/support/faq/887/ 
is this also possible under Omada or only Standalone Mode?
In Omada this would be an incredible feature

 

Omada, then refer to this: https://www.tp-link.com/en/support/faq/3155/

You have to use the Omada router which supports multi-nets NAT.

Hi @EliteAustria 

Thanks for posting in our business forum.

EliteAustria wrote

  @Clive_A 

Thanks for the Link, it is working.

So here is my test that ACL doesn't work:
Test Setup:
Gateway ER605 v1
Switch SG2210P v5
OC200 v2

I reset all devices and created a fresh installation.
I create 2 networks (Interface):
HOME = 192.168.100.1/24 (VLAN100)
SERVER = 192.168.200.1/24 (VLAN200)
Switch Config: Port 1 = Home / Port 2 = Server

 

I Test with 2 PC on Port 1 + 2
Ping Test: Works
iPerf3 Test: Works

Now i create a ACL:
- Deny
- All Protocols
- Source: SERVER Net
- Destination: HOME Net
- Bind: Ports

So SERVER Client (Port 2) can no longer reach HOME (Port 1)
it is working

 

Now comes the bug:
HOME Client can no longer reach SERVER
that is wrong

Ping Test: not working
iPerf3 Test: not working

 

"Bi-Directional" Option is NOT set, but every ACL block every time BOATH SIDES.
I create also a Permit Rule vor Source HOME to SERVER, I put it as the 1st rule, not working.. ALL communication is blocked
I Downgrade the OC200 firmware, reset hardware and test again, and is also not working.
How to solve this (everything bi-directional) bug?

HOME requires access to the network SERVER. Simple DMZ rule.
Do ACL rules work in the TP-Link lab or is it just me who has the bug?

PS: It doesn't work with Switch SG2218 v1 either
I think the ACL for all may have a bug

Oh, that's normal in SW ACL. It is not stateful and of course, one block rule would block bidirectional.

Let me ask you this, in the GW ACL setup with your controller, do you have this option?

If you don't have this option, it is also expected that GW ACL does not work. As for ER605 V1 is not stateful ACL.

This "stateful" determines if you can achieve single-directional access.

Hi @EliteAustria 

Thanks for posting in our business forum.

EliteAustria wrote

  @Clive_A 

then switch ACL interface makes no sense?

1.
Permit and Deny - "Permit" does not exist. All is "Permit", you can only user "Deny"
2.
Source and Destination - sources doesn't work, why is a graphic arrow shown from source to destination? <- no effect
3.
Bi-directional Button - No effect, no function, all configs are "Bi-directional"

The entire Omada structure and settings are just fake...

very confusing when none of the settings are "true".

 

I want to make it clear that I have no interest in discussing or arguing with you if you continue to be negative and ignorant. You are free to stop using the products at any time, as it is your choice.

If you are not willing to engage in a constructive discussion and instead choose to complain, I will no longer respond to your posts. I would rather focus my energy on maintaining a positive environment with other users. Negativity is unproductive for both of us and reading such comments is a waste of my time.

I have already explained that stateful ACL is necessary for achieving single-directional communication. If you are unfamiliar with this concept, I suggest doing some research online.

Communication requires two-way interaction; if one party stops responding, the connection will be lost.

It is important to remove terms such as "fake" or "bug." Such terminology can come across as ignorant without due diligence and may lead to misunderstandings among others on the official channel. Please choose your words carefully when expressing yourself in this forum. Feel free to use whatever language you prefer outside of official channels.