Admin VLAN setup (router, controller and switches/EAP's)
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi!
I'm just getting to know Omada/TP-link products, just made a lab setup, using OC200, ER605v2, SG2008P and a couple of EAP's.
In my current production setup I have VLAN as this, looking to reproduce the same on Omada:
MGMT 10 – 192.168.10.0/24
OFFICE 20 – 192.168.20.0/24
GUEST 30 – 192.168.30.0/24
I've been reading a few of articles here (like this one) and seen a few videos, but I'm still not sure of the best way to setup the management VLAN.
There was also another article, a FAQ entry which seems to indicate I should/could change the default VLAN from 1 to the chosen management VLAN (or did I misread the article?).
Main question:
Should I keep the default VLAN untouched (at 1)? And then connect that to a switch port set to MGMT VLAN/PVID profile?
(Working with other vendors, I've learnt that some equipment really wants PVID 1 for trunks ports and whatever.)
The confusing part for me, then, is that I would usually configure my router/firewall to have the non WAN port(s) as trunk port (which is All in the switch configs if I have understood the Omada setup). But configuring the ER605 through Omada, it seems I can either:
A. Change just PVID for the port, or
B. Change the default VLAN
But the B option seems to change the meaning of the All profile for all switches (setting MGMT as PVID, instead of VLAN 1 PVID and the rest tagged).
I was kind of hoping I could set the desired switch profile for each WAN/LAN and LAN port, but I only see PVID option.
(All videos I've seen and articles I've read just use VLAN1 as management VLAN.)
Not sure if I'm missing something obvious, but I've struggled a bit getting stuff to work ...
On a side note (DHCP):
Setting DHCP reservations, it seems impossible to reserve IP's in different VLANs for the same mac address? (Getting an error that the mac address already exists, when I try to add the same mac address with a different IP in a different VLAN/IP range.)
d0ugmac1 wrote
I was hoping I was technically able to set it up.
My main struggle has been trying to figure out how to configure the ER605 router ports.
With the switches, it's easy, I just apply the profile I want. But for the Router I can only define PVID. (Unless I'm missing something.)
I guess that means that the other VLAN's (than the PVID I define) are added as tagged VLAN's?
Scenario so far: If I change the default VLAN1 to something else, then setting Management VLAN for EAP's and switches to this VLAN doesn't seem to work.
If I leave the default VLAN at 1, and add MGMT VLAN as Interface in LAN setup, and then try to change just PVID for some of the ports on the Router to the same VLAN, nothing seems to work (no DHCP is handed out).
Put differently, I only managed to have the DHCP server work on the Default VLAN, none of the others ...
I'm pretty sure I'm missing something obvious ... 
-
WAN/LAN1
-
WAN/LAN2
-
WAN/LAN3
-
LAN1
I believe you're just confirming what I had just found out when I stated:
"With the switches, it's easy, I just apply the profile I want. But for the Router I can only define PVID."
(if you meant Site->Settings->Wired Networks->LAN->Profile, if you meant something else, I can't find it) 
Seems I sort of wasted some time trying to get DHCP offers from other VLAN's from the ER605's ports.
Seems the router will only deliver DHCP offers on these ports for default VLAN, no matter which PVID is set/chosen.
(I guess that means setting PVID only effects ingress/inbound, and it's using default VLAN untagged egress/outbound.)
Connecting through a switch, everything works fine, though. So, all is well. Now I'll dig into firewalling ...
Yes, I'm used to defining a couple of admin ports, where I get DHCP for two different VLANs directly from different ports on the router. I'm making a note that in Omada routers this won't work, as I can't get untagged traffic from other VLAN's than the Default.