Inter-vlan routing always on with TL-R605
Inter-vlan routing always on with TL-R605
I have the latest SDN Controller running on a VM. i have an access point. I have just added a TL-605 and im stuck with intervlan routing always on.
I have vlan 1 with DHCP and DNS running on a windows server
I have VLan 31 with DHCP on the R605
I do not have a TP-Link switch I have a Cisco SG-300. I do not have access to apply ACL's on the SWITCH section of the controller. but i have applied them on the Router and EAP sections.
I cannot connect across vlans over WIFI, but i have alot of hardwired devices that have no problems passing traffic between the vlans.
The cisco switch is set correctly and was restricting intervlan traffic with an RV320 router. I am wanting to move more to the TP-Link ecosystem. but this may be a deal breaker.
A trace route clearly shows a HOP at the router
Is there somewhere else i should look or is there a way to better manager the switchports on the TL-605
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
deny all protocols, source: network interface for VLAN 30 to destination: other network interfaces/VLANS" - This is at the bottom of the ACL stack. With only this enabled I can't ping/connect to HA on anything other than VLAN 30
Why are you using a deny here?
- Copy Link
- Report Inappropriate Content
VLAN 30 is for IoT devices that I want to prevent from accessing the rest of the network, and from accessing the internet. I could not get VLAN routing working such that my IoT devices could talk to the HA server while on VLAN 10, so I moved the HA server to VLAN 30 while I continued troubleshooting.
- Copy Link
- Report Inappropriate Content
Hello @Fae , do you perhaps have an ETA of when the ACL between VLANs/LANs feature will be available? thanks
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
To block all inter-vlan traffic on R605 create a phantom vlan, tag it to any LAN port of the router and add an ACL rule to block all service type of traffic, choosing that phantom vlan with the exclamation mark at the beginning as both Source and Destination network.
Here is the thread where I explained it.
If you only have a few vlans, you can try without creating a phantom vlan but you will have to add multiple rules:
blocking vlanX to !vlanX
blocking vlanY to !vlanY
etc.
The ACL rules are not bidirectional. You have to add them for each vlan for both directions if you don't want to do the phantom vlan work-around.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 12077
Replies: 15