ER7212PC
Good morning.
Is it normal that in the ER7212PC router I can't choose the profile of the ports?
Thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Pas7o
Profile feature is only available on the Omada switch.
Unfortunately, this model is not a switch.
You can only set the PVID on the ports. By default, the VLAN you created on the ports are tagged by default except for the VLAN 1.
Please do not select unrelated tag for the topic. Thank you.
- Copy Link
- Report Inappropriate Content
Hi @Pas7o
Profile feature is only available on the Omada switch.
Unfortunately, this model is not a switch.
You can only set the PVID on the ports. By default, the VLAN you created on the ports are tagged by default except for the VLAN 1.
Please do not select unrelated tag for the topic. Thank you.
- Copy Link
- Report Inappropriate Content
@Clive_A Hi, thank you for your answer.
I would like to explain my case: it is a network system for a hotel divided into 2 VLAN: one for guests and one for staff.
Since the AP have been installed inside the rooms, there is a concern that guests can disconnect them and connect directly with the cable to the LAN port.
The problem is that by setting the PVID on VLAN guests on ER7212PC port, if it sets the VLAN to Wi-Fi, it won’t work.
How can I set the ports on the guest VLAN without having problems with Wi-Fi?
Thanks.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@MR.S It's the only way. I understand.
And if I create a rule that controls the MAC address of each port?
- Copy Link
- Report Inappropriate Content
i'm not sure how to do it, you almost have to look in the documentation of Omada and try.
I would probably use vlan and not mac authentication,
for example
vlan 1 access points and switches
vlan 2 staff
vlan 3 guests.
- Copy Link
- Report Inappropriate Content
@MR.S I think I could do it with function Bandwitch controll?
- Copy Link
- Report Inappropriate Content
Hi @Pas7o
Thanks for posting in our business forum.
Pas7o wrote
@MR.S It's the only way. I understand.
And if I create a rule that controls the MAC address of each port?
Yes, but you can try it.
What I can think of is to set up the VLAN on the EAP-wall to a blackhole VLAN which is non-existent. So, they cannot use the port.
But looks like you have regular EAP. Or you should set up the VLAN accordingly and create the ACL to block them.
The best move for this is to use the switch we have, set up the MAC learning, and learn only one MAC address which is the MAC address of the EAP. But if they can copy the MAC address of the EAP, it still doesn't work.
All in all, ACL seems to be the thing once for all addressing the issue if you are worried about their access to your core networking devices.
- Copy Link
- Report Inappropriate Content
@Clive_A I want to take your advice and use ACL.
Can you advise me how, please?
- Copy Link
- Report Inappropriate Content
Hi @Pas7o
Thanks for posting in our business forum.
Pas7o wrote
@Clive_A I want to take your advice and use ACL.
Can you advise me how, please?
ACL should be designed based on your needs. You should set ACL up based on what you expect to achieve. You may refer to the User Guide which shows some examples. As well as the forum posts where other users post examples and common use cases.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 553
Replies: 9
Voters 0
No one has voted for it yet.