ER703WP-4G-Outdoor (US) Configuration NIGHTMARE!
I recently bought the new US version of the ER703WP-4G-Outdoor to use as an automated cellular backup link for my main network, while simultaneously utilizing its wireless radios as a standard outdoor Access Point.
To put it mildly: deploying this unit into an existing, sophisticated multi-VLAN enterprise fabric is a complete nightmare due to rigid constraints in the Omada SDN Controller software (v6.2.x).
Because the controller prohibits having two gateways in a single site, I had to resort to the workaround of duplicating my main site profile over to a secondary "Backyard" site just to adopt the hardware.
Once inside the standalone interface, I disabled the default DHCP server, assigned a static IP out of my Management subnet (VLAN 254), kept it untagged, and successfully completed the adoption handshake. However, I have hit two massive software limitations that completely break standard networking logic:
- The "Default" LAN Network Refuses to Tag 802.1Q Management Traffic In the SDN controller for the secondary site, I changed the "Default" network's VLAN ID from 1 to 254. In any standard enterprise ecosystem, modifying a management VLAN implies transitioning that traffic to an 802.1Q tagged state. However, the ER703WP continues to blast its primary management traffic untagged on the physical wire, merely shifting its internal native PVID.
- The moment I flip my upstream switch port (SX3206HPP) to a standard production profile—where the Native PVID is set to a non-routing black hole (VLAN 4000) and VLAN 254 is explicitly Tagged—the gateway instantly drops offline. The gateway firmware apparently lacks the capability to tag its own primary management interface.
- "VLAN-Only" Networks Completely Hide Gateway Ports To get my existing wireless SSIDs to pass traffic cleanly back to my core L3 switch fabric (a Celestica running SONiC), those networks are provisioned in the controller as "VLAN-Only."
My Topology & Core Question:
-
Primary Path: Wireless Client -> ER703WP (SSID Tagged) -> SX3206HPP -> Celestica DX010 (Core L3 SVI) -> ER8411 SFP+ WAN1
-
Backup WAN Path: ER703WP (Cellular Engine) -> SX3206HPP (Trunk) -> Celestica (Trunk)-> Brocade VDX6740 (Trunk) -> ER8411 WAN/LAN8 (VLAN 99)
My management plane is VLAN 254. My cellular backup handoff needs to ride down to my main router on an isolated, point-to-point VLAN 99.
How does TP-Link expect engineers to cleanly isolate cellular WAN packets from local LAN/Wireless traffic on this hardware when the controller prevents us from building a standard 802.1Q trunk on the gateway faceplate?
This unit drastically needs a dedicated software toggle for "AP Mode with Cellular IP Passthrough." This would disable the rogue internal L3 routing engine on the LAN side, allow the management plane to tag itself properly like a standard EAP series Access Point, and deliver the raw cellular connection down a dedicated, user-defined tagged VLAN interface.
