3
Votes

Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which

  This repeated request has been merged into the main thread Guest wlan to VLAN in AP mode in Deco M9+. Please vote on the main thread.

 
3
Votes

Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which

  This repeated request has been merged into the main thread Guest wlan to VLAN in AP mode in Deco M9+. Please vote on the main thread.
Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which
Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which
2024-10-09 08:46:05 - last edited 2024-10-23 08:16:11
Model: Deco X50  
Hardware Version: V1
Firmware Version: Irrelevant - it's a feature request

Forget the hardware listed.  I have Some Deco X20's and an X50 but this feature request is for all Decos.

 

Background:

1. Many users like myself have a NAS/Server/Anything that they don't want to introduce security risks to.  However apps on these often need to initiate access to the clients.

2. We wish to allow guest access to our WiFi but not our private stuff as most people have a shockingly lax attitude to security.

3. We wish to make our homes smarter using IoT devices but are aware that the quality of their code is generally utterly, utterly shoddy and updates are often abandoned.

 

An example consumer use case:  Home security IoT cameras with controls to move the cameras.  DVR software on the NAS.  Many NASes have DVR apps.  The NAS needs to be kept away from guest/IoT but needs to access IoT directly to control cameras from NAS app (e.g. on mobile phone)

 

Additionally:

Many ISP's supply a preconfigured router that you cannot modify anything on.  With Deco in router mode, uPnP does not work, preventing services such as online gaming from working reliably.

 

To achieve these, we can either use one VLAN per SSID and use our own firewall hardware/software OR We could use Deco in router mode but with No NATting and rules on the Decos for firewalling.

 

To be clear, I have seen suggestions that DHCP, NAT and security such as parental controls are linked and that you can't have one without the other.  This is simply not true.  However, if the code these devices run is such a mess that these features are linked, that is OK.  Let us disable everything but routing to several subnets, each with their own SSID and a stateful firewall with either DHCP served by the Deco or via DHCP relay.

 

#1
Options
2 Reply
Re:Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which
2024-10-09 08:56:37

I forgot, these features have multiple requests.  Some examples:

https://community.tp-link.com/en/home/forum/topic/587006

https://community.tp-link.com/en/home/forum/topic/703800

https://community.tp-link.com/en/home/forum/topic/622724

https://community.tp-link.com/en/home/forum/topic/614128

https://community.tp-link.com/en/home/forum/topic/651226

 

#2
Options
Re:Either allow VLAN tagging in AP mode or allow disable NAT in router mode. Don't care which
Friday
Not good but they don't seem to care...
#4
Options