Implemented ER7212PC can't assign profiles to switch ports.
Hi,
I have decided to modernize my network with an ER7212PC, 2 additional switches and 2 APs. I already know Unifi, so due to the similarity I thought it shouldn't be a big problem, but already fail at simply assigning a VLAN to the switch port of the ER7212PC.
I already updated the firmware to ER7212PC(UN)_V1_1.0.1 Build 20221106 and did a factory reset.
The switches are still at the post office, so I can currently only test with the ER7212PC.
Under "Devices" I can't find a "Ports" tab on the ER7212PC to assign defined profiles to the individual ports.
So I thought that the profile is set automatically when defining the network via the check mark at the respective interface. I selected the correct ports in the new network "Test"..
..and tried to deselect the ports in the default "LAN" network, but got an error.
Maybe someone can put me on the right track to solve this problem.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@LordPayder Hi all!
I am using ER7212PC (sw: 1.0.3) and in fact it's possible to configure VLAN ID per port.
Still, I am wondering how ER7212PC -> SG2210P (switch in my setup) works as I've assigned one of the ports to VLAN ID 1 (which is my mgmt) and I have 2 additional networks with assigned VLANs. And the ER7212PC somehow manages to send tagged packages with all VLANs to SG2210P.
So I guess, the convention is that whenever you set VLAN ID on ER7212PC's port it sends it untagged and rest of VLANs are sent tagged. Making ER7212PC ports "Profile aware" is something I am looking for.
Additionally it has been pointed out - but I am not able to define ACL for ER7212PC as I can do for SG2210P. I.e. one network can/can't talk to second and vice-versa.
Dear tp-link, please make ER7212PC visible as a switch in Omada. I think you could actually make it easy by displaying the ER7212PC itself as 3 separate devices in Odama's "Device" tab.
I doubt you aim to confuse your customers with false-advertisement. The ER7212PC is in fact 3-in-1, but you should know what can be expected from "business" customers.
In my case I can't return the device. I am looking for improvements.
Thank you!
- Copy Link
- Report Inappropriate Content
I managed to assing a vlan to a Lan port, with this new firmware.
The behavior is like untagged vlan on Lan3.
Every device on this port now is in my Vlan 100.
But the question that remains:
How to I prevent traffic between this vlan and the default lan and/or a second Vlan.
I tried using the switch ACL, but this doesn't work.
In my opinion traffic between VLAN should be block by default and you should have a choise to allow it.
Forcing to add a managed omada with this product for this is a design failure. Otherwise this product is perfect for small envirements.
Regards Maikel
- Copy Link
- Report Inappropriate Content
Hello @Maikel-K,
The ER7212PC is an Omada 3-in-1 Gigabit VPN Router, not a switch. You may configure Gateway ACL instead to block the communication between VLAN interfaces if you don't have an Omada managed switch in your network.
- Copy Link
- Report Inappropriate Content
Hi Fae.
I tried this with no luck.
Can you give me an example on how to configure this?
Regards Maikel
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi Fae.
It is quit simple.
I want the default Vlan1 on Lan1 and Vlan2 on Lan2 and Vlan3 on Lan3 and want to block traffic between them.
Vlan1 = subnet 192.168.0.0/24
Vlan2 = subnet 192.168.20.0/24
Vlan3 = subnet 192.168.30.0/24
I managed to get working:
PC on Vlan1 - Port Lan1 gets dhcp address in of subnet 192.168.0.0/24
PC on Vlan2 - Port Lan2 gets dhcp address in of subnet 192.168.20.0/24
PC on Vlan3 - Port Lan3 gets dhcp address in of subnet 192.168.30.0/24
But they can all communicate with each other.
How can I configure this in the ER7212PC to block it.
With wireless clients on a omada EAP it is working great.
While wireless clients are connected to AP on Lan4 with wifi networks for all three Vlans I can prevent traffic with EAP ACL Rules.
But probably this is already blocked on the EAP itself?
Hope you can help.
Normally I would expect this to be configured at the switch ACL tab, but for some stupid reason this is not the case.
regards Maikel
- Copy Link
- Report Inappropriate Content
Hello @Fae,
I am sorry, but I believe there has been a mistake at TP-Link which migth explain these misunderstandings. Someone accedentially changed the description of the ER7212PC from being a "PoE switch" to now erroneously being shown as "PoE output". - To aid in the investigation, the mixup has happended at some point after 10-APR-2023.
All, being on the same page, please advice on how to utilize the switch and switch-ACL capabilities of the ER7212PC.
Thank you :o)
/3660
https://web.archive.org/web/20230410112519/https://www.tp-link.com/no/business-networking/omada-sdn-router/er7212pc/
- Copy Link
- Report Inappropriate Content
nice catch :D
in polish version it still says "Switch" (you have to trust me :)
BTW. because of all of the limitations I've returned the ER7212PC and I bought ER7206 + OC200 + TL-SG2210P instead
well, that's exactly what tp-link wants
however, this is my last SDN branded "tp-link"
- Copy Link
- Report Inappropriate Content
Hello @Maikel-K,
Maikel-K wrote
I want the default Vlan1 on Lan1 and Vlan2 on Lan2 and Vlan3 on Lan3 and want to block traffic between them.
EAP ACL rules will only be applied to clients whose traffic passes through the Omada managed EAP, similarly, Gateway ACL rules will be applied to clients whose traffic passes through the Omada managed Gateway.
For your case, you need to block the traffic that will pass through the gateway, so EAP ACL or Switch ACL could not fully help.
With Gateway ACL, you may block traffic between the VLAN1, VLAN2 and VLAN3 by creating Deny ACL rules with LAN->LAN direction.
See example below.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 18
Views: 11861
Replies: 48