Setting up Omada Network - Controller > Switch > Router > PfSense Firewall

Setting up Omada Network - Controller > Switch > Router > PfSense Firewall

Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
2024-10-26 00:23:59
Model: TL-SG3428XPP-M2  
Hardware Version: V1
Firmware Version: 1.20.3

I was hoping I could have the physical connections like in the table below and apply some network segregation rules at the Omada Router and apply the main firewall traffic rules at the PfSense.

 

When I have multiple connections from the Switch to the Router, I see that only one port shows as an uplink on the switch. The other ports usually log errors saying they are blocked.

 

With the switch, is there only one then one uplink port allowed?

Is there a way to have multiple connections where each connection support a Network?

 

Connecting the Router with multiple connections to the PfSense device does not cause errors. It registers that each one is WAN and has an outgoing connection.

 

The overall setup is:

 

AP/Controller>Switch>Router>PfSense>Modem

 

WLAN LAN Network LAN interface WAN interface for LAN Out to Firewall
Guest Guest Switch port 17 Router Port 8 Router Port 4
IoT IoT Switch port 19 Router Port 9 Router Port 5
IP Cameras IP Cameras Switch port 21 Router Port 10 Router Port 6
Home Lab Home Lab Switch Port 23 Router Port 11 Router Port 7
Secure Secure Switch port 25 (SPF+) Router Port 2 Router Port SFP+ WAN1
Work from Home Work from Home Switch port 26 (SPF+) Router Port 3 Router Port SFP+ WAN1
  0      
  0      
#1
Options
5 Reply
Re:Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
2024-10-28 02:51:26

Hi @HuntyBadger 

Thanks for posting in our business forum.

LAG is needed.

 

Or you should try to remove the ports from VLAN 1 because they are designed for other purposes(VLANs).

 

The blocked message means a loop is detected.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
2024-10-28 12:38:54

  @Clive_A 

I did attempt LAG but I believe the router does not support it. I can double check.

 

If I remove vlan 1 from ports 17, 19, 21, and 23, leaving just the intended vlan, that should allow them and stop the blocked port message?

 

Originally I wanted those to be a LAG for the specific vlans but it didn't seem to work.

 

I'm attempting to keep my secure & work from home vlans on a 10 G path through the system.

  0  
  0  
#3
Options
Re:Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
2024-10-29 00:42:45

Hi @HuntyBadger 

Thanks for posting in our business forum.

HuntyBadger wrote

  @Clive_A 

I did attempt LAG but I believe the router does not support it. I can double check.

 

If I remove vlan 1 from ports 17, 19, 21, and 23, leaving just the intended vlan, that should allow them and stop the blocked port message?

 

Originally I wanted those to be a LAG for the specific vlans but it didn't seem to work.

 

I'm attempting to keep my secure & work from home vlans on a 10 G path through the system.

Thought you were using the pfsense. If you place the router(which is Omada), you don't have the option to use LAG. And it is not possible to remove them from the VLAN 1 as well.

All of our routers are tagged with the VLANs. VLAN 1 is native and defaults to all the ports on the router.
 

It is possible if you do this from switch to switch, but not for the Omada router.

Think this is stuck.

 

SW---pfsense. Don't add another router in between and test if this works out for you. I think pfsense can do the VLAN removing.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
Yesterday

  @Clive_A 

My physical setup is:
Arius Modem>>Pfsense 6100 Netgate device>>Omada Router>>Omada Switch>>Omada Controller and an Omada AP connected to the switch.

After buying the Omada stack it didn't meet my privacy needs so I was attempting to put the Pfense as a Firewall/DNS Resolver. The idea of separating out functions to allow each device to focus on a task with it's computing power. My spouse and I also work from home and both use VPNs to get into our work systems. So separating out functions seems to help with speed, lag, and not flooding a multi-function device to it's limit.

  0  
  0  
#5
Options
Re:Setting up Omada Network - Controller > Switch > Router > PfSense Firewall
39 minutes ago - last edited 38 minutes ago

Hi @HuntyBadger

Thanks for posting in our business forum.

HuntyBadger wrote

  @Clive_A 

My physical setup is:
Arius Modem>>Pfsense 6100 Netgate device>>Omada Router>>Omada Switch>>Omada Controller and an Omada AP connected to the switch.

After buying the Omada stack it didn't meet my privacy needs so I was attempting to put the Pfense as a Firewall/DNS Resolver. The idea of separating out functions to allow each device to focus on a task with it's computing power. My spouse and I also work from home and both use VPNs to get into our work systems. So separating out functions seems to help with speed, lag, and not flooding a multi-function device to it's limit.

Regular router can handle and this is a business-level, for example, entry-level ER605, can carry around 50-70 devices. Fit most home or pro-users.

 

About what you need, DHCP or DNS, just consider disabling the DHCP server on the Omada router. Then, put the pfsense into the network and let it work as a DHCP/DNS server.

That requires some knowledge on configuration. I believe pfsense got guides on setting up it as the DHCP/DNS server and work as a secondary router in the LAN to handle firewall/IDS/DPI.

At least that's something I know that people do. Not sure how you do it on pfsense.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options