Configuration Guide How to Set Up VLAN Interface on the Omada Router
Background:
This post provides a configuration guide to set up the VLAN interface. The guide will show steps in Controller mode. For standalone, the steps are similar.
This Article Applies to:
All routers with VLAN Interface feature.
Application Scenario:
(PVID none means unmodified, on default. Default is 1)
Configuration Steps:
Before we start, in this setup, I am only using a router, one switch, and an AP to show you the steps to set up the VLAN interface.
1. Start your Controller and access the Organization, choose the site.
2. Go to Settings > Wired Networks > LAN > Create New LAN. Put the parameters as you need.
- As we need to set up the VLAN interface, Purpose will be set to Interface.
- LAN Interfaces will reflect the physical of the VLAN. In this guide, we use ER605, and the switch SG2210MP is connected to the WAN/LAN1(number two physically). Be sure you select the port correctly. If you did not select this port, VLAN 10 will not be available for the SG2210MP in this setup, which means you don't have this IP address assigned.
- VLAN Type: Single. If you need to use Multiple, be sure you know what it is for - How to Configure Bridge VLAN(MDUs) for Apartment or Hotel Scenarios
3. Wait for a second while the Controller syncs with the router with your changes. You should see its Status changed from Configuring to Connected.
4. Configure the SSID. Go to Wireless Networks > WLAN > Create New Wireless Network. Click Create after you finish your parameters.
- Guest Network will isolate devices in this network. Note 4.
- Only enable (SSID) VLAN when you need to configure a VLAN ID to it. Default VLAN 1 does not require VLAN to be enabled.
5. Now the SSID on the switch will work. You don't have to configure anything else because by default after you created the VLAN interfaces, these VLANs will be added to the port automatically. This is a benefit of the Controller.
(The AP is on port 5 and using All as Profile.) Note 5.
(Optional) 6. To connect a PC to the router and get a VLAN 20, click the router, and go to Ports > Action > Edit. Change the PVID and click Apply.
(Optional) 7. To get a PC to work on the switch and get VLAN 30, be sure you have followed step 2 carefully and select the port correctly.
Appendix:
1. There are three default profiles All, LAN, and Disable. With VLAN interface creation, there will be auto-generated profiles. If you are going to create a new profile and wish to set it to a port, please read their explanation carefully.
2. TP-Link unmanaged switch supports VLAN passthrough. Store and forward. It does not add or change any tag when it forwards.
Note:
1. The whole setup is based on the default VLAN-related parameters. If you are not starting from scratch and changed VLAN-related parameters, please revert your settings. To find out the default settings, create a new site for test purposes and compare the differences.
2. VLAN interface is a function for several features integrated. You have multi-net NAT, DHCP servers, and 802.1Q VLAN working together to form this feature.
3. Omada products support Multi-Net NAT natively. You don't have to configure it if you are using a non-TP-Link switch. Make sure the following other three features are configured properly in Note 4..
4. If your model is not the Omada one or the old Safestream routers, and you need to set up multiple networks or VLAN interfaces, please refer to the appropriate guide based on your device:
1. If you have an old TP-Link router with L2+/L3 switches, for example, T1600, or T2600 in standalone mode, follow the guide: How to build up a multi-nets network via Multi-Nets NAT feature on TP-Link router with L2+/L3 switches
2. If you have an Omada switch and want to use it as the VLAN interface to assign IP addresses(instead of Internet access), follow the guide: How to configure VLAN Interfaces and Static Routes on Omada Switches
Regardless of your router model, ensure it has the Multi-Net NAT function to achieve multiple networks(VLAN interfaces) with Internet access. Internet access relies on the Multi-Net NAT, not on features like Static Routing, DHCP, and 802.1Q VLAN (which mainly consists of the crippled VLAN interface without Internet access).
To make a fully working VLAN segment like what the VLAN interface does, you have to make sure four features are configured, DHCP server, Multi-net NAT, Static Routing, and 802.1Q VLAN. It DOES NOT work if you miss any one of them.
5. VLAN interface by default allows the inter-VLAN traffic. If you want to stop this, please set up the Gateway ACL accordingly. How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode
6. Guest Network(SSID Guest) does NOT guarantee the ARP discovery is stopped. Some network tools use ARP to discover network devices. If you block ARP, your device will stop getting Internet access. If you have any questions regarding this, please search them on Google.
7. EAP should be using a tagged network. Trunk also means the port should be tagged. Do NOT set the PVID to the router port your EAP is using. Same to the switch port.
Update Log:
Jul 31st, 2024:
Optimize the note for clarity.
Mar 27th, 2024:
Add notes.
Mar 18th, 2024:
Add further explanation in the Note.
Feb 21st, 2024:
Release of this guide.
Recommended Threads:
An alternative to Gateway Stateful ACL using Switch ACL
Implementing Auto VLAN Blocking (Current and Future VLANs) with Switch ACL
Howto - A Guide to Use Forum Effectively. Read Before You Post.
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.