OC200 can't assign VLAN to Wireless Network
Hello!
I have a problem with the VLAN configuration for Wireless Networks.
My setup:
1) I have a Switch (SW-01) which is connected to a firewall and behind that firewall I have a DHCP-Server (via DHCP-Relay configuration on the firewall)
2) SW-01 is connected to an Accesspoint (AP-01) on Port-02 and gets the IP settings from the DHCP-Server = 192.168.100.50
3) SW-01 is connected to the Omada Controller (OC200) on Port-04 and gets the IP settings from the DHCP-Server = 192.168.100.240
> The assignment of the IPs works as expected!
4) SW-01 is connected to the Firewall on Port-07 IP = 192.168.100.254. Firewall acts as the Gateway for my environment.
5) I configured two Wired Networks (LANs)
5.1) VLAN254 as VLAN with VLAN-ID = 254
5.2) VLAN253 as VLAN with VLAN-ID = 253
6) I configured three Wireless Networks
6.1) WLAN-Gast
- VLAN = default
6.2) WLAN-Radius
- VLAN = default
6.3) WLAN-Devices
- VLAN = 253
7) I created Switch-Profiles
7.1) APUplink with the following settings:
---
Native Network = VLAN254(254)
Tagged Networks = VLAN253(253), Default(1)
Untagged Networks = VLAN254(254)
---
> APUplink profile is active on Port-02 on SW-01 (where the AP is connected to)
7.2) FWUplink with the following settings:
---
Native Network = Default(1)
Tagged Networks = VLAN253(253),VLAN254(254)
Untagged Networks = Default(1)
---
> FWUplink ist active on Port-07 on SW-01 (where the FW is connected to)
What I want to do/achieve:
1. I want the Omada Controller, Switch along with several NBs within the LAN(Default) with VLAN-ID = 1 and IP addresses 192.168.100.0/24 (via DHCP as explained above) --> This works so far
2. I want the Accesspoint to be in a different Network! That's why I created the Switch-Profile "APUplink" and put the Accesspoint into the Native Network = VLAN254.
> It is crucial to understand that the Accesspoints Native Network is now VLAN254 with VLAN-ID=254
> With the active profile the Accesspoint now gets the IP = 10.254.100.50 from the DHCP-Server (works as expected!!!)
3. ATTENTION! Now comes the part where I have this huge problem!
- When I connect to WLAN-Radius via the Accesspoint, I want to have access to the LAN(default) (VLAN ID = 1)!
- When I go to Wireless Networks > WLAN-Radius > Advanced Settings > VLAN and set VLAN = default one should think that WLAN-Radius is now within the LAN(default). BUT this setting means that WLAN-Radius ADOPTS the NATIVE NETWORK FROM THE ACCESSPOINT which is VLAN254(254)
- So when I try to set a custom VLAN via Wireless Networks > WLAN-Radius > Advanced Settings > VLAN > Custom > By VLAN ID = 1, I get the error message "This SSID VLAN ID can not be same as the exist default LanNetwork profile."
>> So how can I achieve that when I connect to WLAN-Radius via Accesspoint which is in the native network VLAN254(254) that I have access to the LAN(default) with VLAN-ID=1 ??? My only condition would be that the native network from the Accesspoint CAN NOT be the Default(1)-LAN. It needs to be in a different network. But via profile APUplink it can transfer frames from Default(1) as tagged.
If you have any solutions I would be very happy.
Kind regards,
JaSa1
Thank you for your answer!
The devices I am using are:
SW-01 = TL-SG2008P (ver3.0)
EAP-01 = EAP245(EU)(ver3.0)
OC = Omada Controller 200 (ver1.0)
But I think I need to be more precise what my requirements are.
I have the Accesspoint configured via a profile on the switch:
- Port Connection to SW-01 = Port-04
- Profilname = APUplink
- Native Network = VLAN(254)
- Tagged Networks = VLAN253(253), Default(1)
- Untagged Networks = VLAN254(254)
>> With this setting the Accesspoints native Network is VLAN254(254). And when I connect to the Wireless Network "WLAN-Gast" through the AP I get an IP from my DHCP-Server = "10.254.20.x/24". This works perfectly fine.
>> When I set the VLAN-ID from "WLAN-Gast" to "253" I get a IP form my DHCP-Server = "10.253.20.x/24". This works also perfectly fine.
The problem:
>> When I want to set the VLAN-ID from my Wireless Network "WLAN-Gast" to "1" so that I would get an IP from my Default-LAN then I can not do that because the Omada Controller won't let me do that.
>> So basically I get stuck within Native Network VLAN254(254) and can not access the LAN from the Accesspoint.
What I want to do:
1) I want the Accesspoint to be in Native Network VLAN254(254)
2) I want the Accesspoint to transfer Network Default(1) as tagged, same with VLAN253(253)
3) I want the Wireless Network "WLAN-Gast" to be in LAN Default(1) so when I connect to this Wireless Network that I have access to the LAN.
-> Important: I don't want to change the Native Network from the Access Point to Default(1) in order to gain access to the LAN. It must be in another Network!
(4) DHCP-Server is external behind a Firewall and gets tunneled through DHCP-Relay.
A few firmware-versions in the past it was possible to set the custom VLAN-ID within Advanced settings from Wireless Networks to "1".