Business Community > Switches > Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
< Switches

Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch

Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch

Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
12 hours ago
Tags: #Configuration #ACL

I am looking for an affordable managed switch to go with my ER7212PC router and EAP245/225 access points which can be managed via Omada.

 

From what I have read, unless there have been firmware updates, I cannot create SW ACLs on my ER7212?

 

I am not looking for enterprise security, as I only have a home network albeit out of the norm, but I want to isolate my three Vlans from my default Vlan as below:

  1. Vlan 0 DEFAULT- 10.0.0.0/24 This will be my main secure network for my pc laptops and server
  2. Vlan1- GUEST  10.0.1.0/24 for Guests internet access. I know from reading the manual that selecting Guest in the setup that they are isolated from everything but the internet.
  3. Vlan2- IOT  10.0.2.0/24 IOT- For my wireless IOT devices
  4. Vlan 3-CCTV 10.0.3.0/24 CCTV – For all my CCTV camera

I need to be able to access and manage devices on Vlan2 and Vlan3 from Vlan0

Its the latter ethernet connected devices that need Vlan isolation on the switch ports as the WiFi devices are covered by the gateway/router and AP settings.

I am in no way an experienced network engineer. All that I know is from reading articles and watching videos online so please can I ask that if you are good enough to response you use easy to understand language.

 

Many thanks

  0      
 
  0      
 
#1
Options
3 Reply
Re:Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
10 hours ago - last edited 8 hours ago

  @Fozzie Bear 

 

In looking at the online emulator for the ER7212PC, it appears you can do switch ACLs. However, the ES220GMP may be incompatible as the ES series switches have limited capabilities and its emulator does not show any ACL support.  Depending on your PoE requirements, I would look into the Access Series switches.

 

I would not use VLANs 0 and 1 in my network planning.  VLAN 0 is a reserved VLAN ID and VLAN 1 is the default VLAN in the 802.1Q specification. Many users avoid VLAN 1 over security concerns. If you are planning to use VLAN 1, I would recommend that you make it the default VLAN in your setup.

 

In the latest Omada v6 controller packages, VLANs can be set up as isolated VLANs. You will then only need a gateway ACL to allow access to the isolated VLANs from your main secure network.

 

1x ER7406 1x OC300 4x SG2008 1x EAP610 3x EAP650-Desktop
  0  
  0  
#2
Options
Re:Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
4 hours ago - last edited 3 hours ago

  @jra11500 

 

 Many thanks for your reply. I used the Vlan numbering without referring to the actual device so thank you for correcting me. It was an easy way to remember the subnet with Vlan1 being 10.0.1.0 and Vlan2 being 10.0.2.0 etc but I can rethink that. 

jra11500 wrote

  @Fozzie Bear 

 In the latest Omada v6 controller packages, VLANs can be set up as isolated VLANs. You will then only need a gateway ACL to allow access to the isolated VLANs from your main secure network.

 

I believe the default for Vlans on prosumer devices was open access by default apart from Guest. Are you saying that you can create Vlan's in Omada v6.0 that are by default isolated and that this will mean I would have to set up an ACL on the ER7212 that gives access from Vlan1 to the others? 

If this is the case then all the control can be done in the gateway and I don't have to change my current unmanaged switch, as long as the CCTV cameras are connected to a port on the ER7212.

Thank you again for your help

  0  
  0  
#3
Options
Re:Can you configure SW ACL's on a ES220GMP 16 Port PoE Gigabit Switch
2 hours ago - last edited 2 hours ago

  @Fozzie Bear 

 

In Omada networks, inter-VLAN access is permitted by default.  With v6.x you can configure a VLAN as isolated and it will only have access to the internet. You can then create a gateway ACL to allow access to the isolated VLAN as ACLs take priority over the isolation setting.  All control can be done on the gateway.  If your CCTV cameras are the only devices connected to your unmanaged switch, then you only need to configure the gateway port's native VLAN for the CCTV network.  Otherwise the gateway port must be configured as a trunk port and you will need a managed switch for the other VLANs.  It can be an inexpensive Easy Smart switch but the drawback is that you will have a limited configuration capability with the controller.

1x ER7406 1x OC300 4x SG2008 1x EAP610 3x EAP650-Desktop
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 56

Replies: 3

Tags

Configuration ACL
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.