er7206 vlan without a switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

er7206 vlan without a switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
er7206 vlan without a switch
er7206 vlan without a switch
2023-07-11 20:49:53
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version:

Reviving a closed thread:  https://community.tp-link.com/en/business/forum/topic/265578

 

At the time it seems that it was determined that the er7206 could NOT support vlan itself when using the omada controller, and that an omada supported switch was required.  However, there were also talks of firmware updates potentially adding this ability.

 

Can someone confirm whether or not the er7206 will support vlan isolation on it's ports when using the omada controller WITHOUT an omada managed switch?

 

I have multiple APs, but only a few wired connections, and the er7206 would suffice if this is now possible.

  0      
  0      
#1
Options
12 Reply
Re:er7206 vlan without a switch
2023-07-12 03:40:13

 Hi @dolhop 

What you said "VLAN isolation" is solely the 802.1Q VLAN. VLAN interface is a set of functions that work together to make a different subnet.

 

If you want to isolate, then you should create an 802.1Q VLAN instead of VLAN interface. To isolate the connection, however, even if you create VLAN interface now, on the Controller you can set up ACL to block the communication by Gateway ACL now.

 

If you don't wanna follow the Gateway ACL and insist on creating the 802.1Q VLAN to isolate your network, you can create VLAN as PURPOSE. But all created VLAN on Controller will be set on to all the ports on the router and as tagged. You can only use the AP on this port. Then set up SSID VLAN.

 

But setting up 802.1Q VLAN may block access from your AP to the Controller. So, please set it up at your discretion.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:er7206 vlan without a switch
2023-07-12 14:29:58

  @Clive_A Thanks for the technical lesson wink  I was merely trying to understand if the er7206 received any firmware updates to allow the omada controller to manage separated networks on the physical ports as it does with managed switches.  In the thread I mentioned, it seems that from anecdotal evidence that this did not work, but that there was potential for a firmware update that might.

 

That said, I think I see what you're saying.  eg. two APs on separate networks connected on two separate ports in the er7206 would mean that the controller (connected on a different port) would only be able to reach one of them (assuming it is on the same network as one of them).

  1  
  1  
#3
Options
Re:er7206 vlan without a switch
2023-07-12 15:26:54

  @dolhop 

 

The above would be true if the *management vlan* set was different for the two APs and only one matched the management VLAN set on the controller.

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#4
Options
Re:er7206 vlan without a switch
2023-07-13 01:14:11

Hi @dolhop 

That would be Management VLAN like d0ugmac1 said. Management VLAN is a term and you can find more in the User Guide of the Controller.

How to configure Management VLAN in Standalone mode for EAP

How to configure Management VLAN in Omada SDN Controller (4.4.4 or above)

In the second guide, you don't have to do certain switch config as you don't have one.

You can try them out and let me know if this helps you resolve your puzzle.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:er7206 vlan without a switch
2023-07-13 17:50:24

  @Clive_A your responses really have the feel of chatGPT.  probably useful information, but not really....

  0  
  0  
#6
Options
Re:er7206 vlan without a switch
2023-07-14 01:25:03

  @dolhop 

From your description, that feels like you need Management VLAN. That's isolation. But you said I am responding like a robot. That's offensive to me.

 

I think you should tell the difference between 802.1Q VLAN and VLAN interface before considering VLAN isolation. There are different ways to achieve isolation, ACL with VLAN interface, 802.1Q VLAN, and Management VLAN. That's all we have for the devices now. Which one do you want to use? What goal do you want to achieve?

Management VLAN can also achieve that if you want to isolate clients from AP, router, and router. But Management VLAN includes these core devices into the same network(VLAN) and makes them stay in the same subnet.

 

If you set AP to a different VLAN interface, you can still adopt it but requiring you to use Omada Discovery Utility or DHCP Option 138.

If you set AP to a different 802.1Q VLAN(Purpose = VLAN), then you don't have access at all. But I don't see anyone use this because you lose control to your devices.

 

What you revived is an old post asking for a feature to have the ability to set up PVID. Is that what you looking for? It was added several versions before.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options
Re:er7206 vlan without a switch
2023-07-14 14:25:01

  @Clive_A  I didn't mean to be offensive. It's just the way it feels - your responses, while packed with useful information, still does not really answer my original question:

 

based on the other thread I mentioned, https://community.tp-link.com/en/business/forum/topic/265578, the OP is trying to use a er7206 router, with two separate networks and prevent these two networks from communicating with each other.  The general consensus I glean from the responses is "no, this cannot be done simply with an er7206 and oc200 controller - an omada managed switch is required".  Yet, there were mentions of new firmware that might support this.

 

So my simplified question is: yes or no, can this now, two year later, be done without a managed switch?  

  0  
  0  
#8
Options
Re:er7206 vlan without a switch
2023-07-14 17:16:33

dolhop wrote

Reviving a closed thread:  https://community.tp-link.com/en/business/forum/topic/265578

 

At the time it seems that it was determined that the er7206 could NOT support vlan itself when using the omada controller, and that an omada supported switch was required.  However, there were also talks of firmware updates potentially adding this ability.

 

Can someone confirm whether or not the er7206 will support vlan isolation on it's ports when using the omada controller WITHOUT an omada managed switch?

 

I have multiple APs, but only a few wired connections, and the er7206 would suffice if this is now possible.

  @dolhop 

 

Short answer is NO. the only option witch Omda controller is to change PVID. all the other vlan is still there tagged and cant be removed. 

I think you can do what you want in stand alone.

 

  0  
  0  
#9
Options
Re:er7206 vlan without a switch
2023-07-14 17:52:49

  @dolhop 

 

The answer is YES if your APs can send tagged frames.

The answer is NO if your APs cannot send tagged frames.

 

You would have more flexibility in this aspect if you use your router without Omada Controller.

Kris K
  0  
  0  
#10
Options
Re:er7206 vlan without a switch
2023-07-14 18:13:28

  @KJK Thanks everyone.  I am using two Omada APs, tagged frames will be in use because I need to support 3 different SSIDs on three different networks (for wired isolation as well). I have all of this working now with tagged frames etc on my current Asus routers.  But the point of moving to Omada and using the controller is to allow for  seamless handover when moving from one AP to the next...

  0  
  0  
#11
Options

Information

Helpful: 0

Views: 1614

Replies: 12

Related Articles