How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2020-12-20 11:10:22 - last edited 2020-12-20 12:40:59
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.0.0

Hello,

 

some days ago I received my TL-R605 to complete my system.

I'm using two VLANs one for main usage and one only for internet access (guest and IOT devices).

 

The only way to get 2 subnets incl. DHCP is to set two interfaces in the LAN configuration settings on the controller (SC200)

 

Both of the subnets are running including the DHCPs.

But both subnets are "connected" which means that the inter VLAN routing is enabled.
As I couldn't find an option to disable it I set a Gateway ACL to deny any traffic between this two subnets - but you can still access the devices on the primary VLAN from the Internet only VLAN. I also created IP group profiles to setup the ACL policy. 

 

I'm not really sure how to get this working on the system. Hopefully someone can help me to solve this problem

 

best regards,
Thomas

 

Update: It seems that I found the solutions for this issue!
If you also have Access points in use - set this ACL policy for every group (Router, Switches and EAP) - then it will work.
It seems that the access points does this routing. After configuring the ACL on the EAP the communication stops as requested.

But anyway maybe it will be good to include an overall inter VLAN routing option on the controller  

 

  0      
  0      
#1
Options
6 Reply
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2020-12-22 10:48:13

Dear @Stony,

 

Glad to know that your concern was resolved finally. But I would like to add some additional info for you, hope it helps to some extent.

 

As I couldn't find an option to disable it I set a Gateway ACL to deny any traffic between this two subnets - but you can still access the devices on the primary VLAN from the Internet only VLAN. I also created IP group profiles to setup the ACL policy. 

 

Actually, the Gateway ACL can only deny the traffic between LAN and WAN but cannot deny traffic between the LAN networks.

 

If you also have Access points in use - set this ACL policy for every group (Router, Switches and EAP) - then it will work.
It seems that the access points does this routing. After configuring the ACL on the EAP the communication stops as requested

 

If you have Omada Switch, you can also configure the Switch ACL to deny the traffic between the two subnets, thus the wired devices connected to different subnets will be isolated as well. 

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2021-01-15 20:55:46

@Fae 

Fae wrote

If you have Omada Switch, you can also configure the Switch ACL to deny the traffic between the two subnets, thus the wired devices connected to different subnets will be isolated as well. 

 

If you set the ACL on the switch does this also affect traffic from the access points as well as wired devices, thus eliminating the need to set the rules twice?

  0  
  0  
#3
Options
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2021-01-16 07:12:13

Dear @jamesg013,

 

If you set the ACL on the switch does this also affect traffic from the access points as well as wired devices, thus eliminating the need to set the rules twice?

 

If the switch is the uplink device for the APs and wired devices, then I think YES.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2021-01-30 19:47:17 - last edited 2021-01-30 19:49:06

@Stony 

I have the latest Controller running on a VM.   i have an access point.  I have just added a TL-605   and im stuck with intervlan routing always on. 

 

I do not have a TP-Link switch I have a Cisco SG-300.  I do not have access to apply ACL's on the SWITCH section of the controller.   but i have applied them on the ROuter and EAP sections.

I cannot connect across vlans over WIFI,  but i have alot of hardwired devices that have no problems passing traffic between the vlans.  

 

The cisco switch is set correctly and was restricting intervlan traffic with an RV320 router.  I am wanting to move more to the TP-Link ecosystem. but this may be a deal breaker.

 

 

is there somewhere else i should look or is there a way to better manager the switchports on the TL-605

  1  
  1  
#5
Options
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2021-04-27 15:55:05

@ScottB.ca 

 

I have the same issue. Inter vlan routing is blocked for wifi devices but not for wired devices. I have set ACL's at Gateway and EAP. I dont have tplink switch in between but use a Dlink managed switch. Did you ever found a workaround ?

  0  
  0  
#6
Options
Re:How to stop inter VLAN routing on TL-R605 using OC200 controller (solved)
2021-04-27 16:51:09

@nbali   Im sorry ,  my work around was to go back to my Cisco RV320 .   Im waiting for a solution from TP-Link.   so for now my TP-link router is sitting colletcing dust.   the worst part is have sold a half a dozen Cisco RV's whil I wait for  this feature with TP-Link.

 

Scottb.ca

  1  
  1  
#7
Options