Dear TP-Link Support Team,

I am writing to formally request the implementation of several critical networking features on the Deco XE75 Pro (and the Deco product line in general), which are currently absent and represent a significant limitation for any user who takes network security seriously.

---

1. VLAN TAGGING PER SSID

The Deco XE75 Pro does not support VLAN tagging on individual SSIDs. This makes it impossible to properly segment a home or small office network into isolated security zones — for example:

- VLAN 10: Trusted devices (PCs, laptops, phones)
- VLAN 20: IoT devices (smart plugs, lights, hubs)
- VLAN 30: IP cameras (isolated, no access to other segments)
- VLAN 40: Media devices (Smart TVs, AV receivers)

Without VLAN per SSID support, the Deco system cannot be meaningfully integrated into any managed network environment with proper L2 segmentation. Every competing enterprise-grade access point (Ubiquiti UniFi, TP-Link Omada, Cisco) supports this as a basic feature.

I would like to point out an additional irony here: TP-Link's own Tapo camera lineup (C325WB, C520WS, C425, etc.) cannot be properly isolated from trusted devices when using Deco as the wireless infrastructure. A user who purchases both Deco and Tapo products expecting them to work together securely will find that the two product lines are fundamentally incompatible from a network security standpoint. The cameras end up on the same flat network as PCs and personal data — directly contradicting every piece of security advice TP-Link publishes.

---

2. ADVANCED ADMINISTRATION INTERFACE

The Deco mobile app, while user-friendly, is severely limited for any user with intermediate or advanced networking knowledge. It lacks:

- VLAN configuration
- Per-SSID band steering control
- Manual radio channel assignment (not just optimization)
- Detailed client association data
- Traffic monitoring per SSID or VLAN
- ACL / firewall rules at the AP level

A web-based administration interface (similar to what TP-Link already provides on the Omada EAP series) would be a significant step forward. The Deco hardware is clearly capable — the limitation is entirely software-driven.

---

3. SSH ACCESS OR ADVANCED CLI

For technically proficient users, SSH access to the Deco units would allow direct configuration, scripting, and integration with network management tools. This is standard practice on enterprise access points and even on many consumer routers. Locking down the platform entirely to a mobile app alienates the exact users who would deploy Deco in more complex environments — and who are most vocal in communities and reviews.

I understand there are valid reasons to restrict this for average consumers. A reasonable middle ground would be an "Advanced Mode" toggle in the Deco app or web interface, accessible after explicit user confirmation, which unlocks VLAN, SSH, and advanced radio settings.

---

CONCLUSION

TP-Link regularly publishes security guidance recommending network segmentation, IoT isolation, and VLAN-based architecture. It is contradictory to publish this guidance while simultaneously selling mesh access points that are architecturally incapable of implementing it.

The Deco XE75 Pro is an excellent product in terms of RF performance, seamless roaming, and ease of setup. It deserves an administration layer that matches its hardware capabilities. Competitors — including TP-Link's own Omada line — already provide this.

I would appreciate a formal response regarding:
1. Whether VLAN per SSID is on the product roadmap for the Deco XE75 Pro
2. Whether a web-based or advanced administration interface is planned
3. Whether SSH or any form of advanced CLI access is under consideration

Thank you for your time and I hope this feedback contributes to the improvement of the Deco platform.

Best regards