ER7206 isolated VLAN networks with Omada Controller interface??
ER7206 isolated VLAN networks with Omada Controller interface??
Hi,
Referencing this older post about a similar topic:
https://community.tp-link.com/en/business/forum/topic/265578
And this FAQ mentioning that FW v1.1 provided the capability in the standalone interface:
https://www.tp-link.com/us/support/faq/3061/
Is there any hope this multi network feature will be available through the Omada controller interface?
There's already a Switch ACLs section in the Omada controller interface that looks like it could work for the rules but nothing entered there has an effect. :(
Nor are the gateway ports available for further configuration.
Would love to see this feature available in the Controller...most of what I need is in the Controller, including email alerts. The Standalone interface is decent but there are no email alerts and the gateway is not unified with the rest of my devices.
G
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @GopS ,
GopS wrote
Is there any hope this multi network feature will be available through the Omada controller interface?
There's already a Switch ACLs section in the Omada controller interface that looks like it could work for the rules but nothing entered there has an effect. :(
Nor are the gateway ports available for further configuration.
Multi-network settings are supported on the Controller and are isolated using switch ACLs, see the following FAQ and video:
How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller
https://www.youtube.com/watch?v=Xv5d-wYs2Yk
Best Regards!
- Copy Link
- Report Inappropriate Content
Dear @Hank21,
Yes, I'm aware of that FAQ and how to create such a topology but I do not have a TP-Link switch. I have a Layer2 Cisco switch that I am happy with.
Fortunately the TP-Link router/gateway is capable of isolating VLANs without an L3 switch, as one might expect from a professional router/gateway. After firmware 1.1.1 this configuration is available through the standalone interface. (Please see my previous links.) Furthermore, I have verified that configuration via the standalone interface does provide for isolated VLANs on my own network.
I am asking here if we can have this functionality through the Omada Controller. That would unify all my configuration while also providing email alert notifications. (I don't see a way of getting email alerts through the standalone interface. )
Hope someone from TP-Link support can advise.
G
- Copy Link
- Report Inappropriate Content
@GopS I can't believe that it's not possible in controller mode.
I was planning to migrate all of my ER7206/ER605 to be controller mode, but it's awfully critical if it's true.
I have to do test if these really do like that.
- Copy Link
- Report Inappropriate Content
That link is a full SDN setup with the controller, router and the switch. They're all adopted to the controller and managed by the controller.
If you miss the switch from the Omada SDN series, that's totally fine. All you have to do is the VLAN config after you create the VLAN interface on the Controller.
Multi-nets(VLAN interface) is created on the Omada router. ACL is a function based on the router too. So, if you don't own a Omada switch, just configure the port on the router with VLAN and then set up the switch with corresponding VLAN on the ports. Then the VLAN can pass to the switch and get other ports matching VLAN if you set up the port right on your Cisco switch.
Email information is not available on router because the email alerts are sent by the controller. You need to set up the mail server on the controller.
Why we need to configure mail server on Omada SDN controller before adding cloud user and email log
Similarly, the Cloud access from https://omada.tplinkcloud.com/ is based on the controller added to the cloud platform and staying on the cloud and then you log in and launch the remote session.
- Copy Link
- Report Inappropriate Content
Hello. You can check out the emulator before you migrat them. Or you can download from that page, the latest Omada controller V5.
Step 2 can be regarded as a VLAN config. If you have Omada switch, you do the second step. If not, you set up the VLAN tag/untag with ID on your switch.
How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller
- Copy Link
- Report Inappropriate Content
Hello @Hank21,
I'm already using Omada Controller v5 for EAPs and your answer is exactly what I thought so. That's why I coudn't easily believe the symptoms.
I think that should be so and your confirmation is a good news to me.
However, @GopS seems properly configured the switch but succeeded only in standalone mode only. Maybe I didn't catch exact symptoms, though.
- Copy Link
- Report Inappropriate Content
@Quidn AFAICT, the isolated VLAN is possible with the controller mode if and only if you have a TP-Link switch
@Hank21 Yes, I'm aware that the link that you referenced is for a full configuration that includes a switch. See my previous post (#3) where I acknowledge that I do not have a switch.
> Just configure the port on the router with VLAN and then set up the switch with corresponding VLAN on the ports. Then the VLAN can pass to the switch and get other ports matching VLAN if you set up the port right on your Cisco switch.
Yes, this was successful but the VLANs are not isolated. This is the original problem I am trying to solve.
OTOH, if I use the standalone interface, I am able to isolate the VLANs (even without a TP-Link switch). The isolation capability is possible with the router, just not through the controller interface. In the controller interface, the switch ACLs are not being applied to the router, even though it's entirely possible to do so. After all, the router is not only a gateway, but also acting as a switch on the LAN ports.
TP-Link support -- can you please give a timeline when your controller / router firmware will be able to support this relatively straightforward isolated VLAN capability with the controller interface? Thank you!
G
p.s. The email alerts are a separate issue so I don't want to mix it here. For your reference, I have already resolved my needs (albeit suboptimally) in this thread:
https://community.tp-link.com/en/business/forum/topic/538712?replyId=1055088
- Copy Link
- Report Inappropriate Content
OK. I think that we are on the same page now. Instead of referring to the whole steps of the FAQ, did you notice that ACL rule was defined by ports? Do you try ACL binding type as VLAN? Same steps but when it comes to binding type, choose VLAN.
- Copy Link
- Report Inappropriate Content
I'm sorry but I can't easily believe both because you and @Hank21 are telling too different story.
In general happen like this would be caused by misconfiguration or misunderstanding, but as I already mentioned you definitely don't seem like a beginner with continuous mistaking. And even you succeeded in standalone mode.
If you could share your ACL settings in the controller and VLAN settings in the switch, it would be helpful to all of us.
I want to make sure whether it's works or not without Omada SDN Switches, and will request to TP-Link to make it works if it doesn't.
I don't care about email alert from standalone mode and already using external syslogd with standalone mode ER7206s, but numbers of routers is increasing so I want to make the managing process simple.
Currently I'm using tens of 24-52 port switches from Netgear, mixed stackable and standalone, so this issue is crucial.
I may purchase TP-Link Omada SDN switches next time but tens of existing units wouldn't be replaced so easily.
There's one more point to consider about standalone mode.
Web service port for admin interface is always opened at every LAN interfaces, and there's no option to prevent brute-forcing.
If ACL is your priority then you may consider this too.
- Copy Link
- Report Inappropriate Content
@Hank21 I did notice the VLAN option but it wasn't very clear what that meant. I may have tried it but at this point but I have since moved on with the setup in standalone mode. I do not want to reset my gateway to run more experiments. From the references I have cited above, including the explicit/dedicated callout in the firmware release notes, it certainly seems like the isolation capability (through port-to-port filtering on the LAN side) is only available in standalone mode.
@Quidn See above.
> If you could share your ACL settings in the controller and VLAN settings in the switch, it would be helpful to all of us.
Sadly, there is nothing special about my ACL settings. The most simple approach was to duplicate what is done in the FAQ (which includes a TP-Link switch). I did something quite similar to this in the standalone interface and had no issues achieving my desired setup.
@Fae Can you please advise?
Thanks,
G
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4794
Replies: 14
Voters 0
No one has voted for it yet.