TL-R605: use WAN DHCP in LAN VLAN? And where to set Port profiles for TL-R605?
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Our TV settop boxes require an (external) WAN DHCP assigned IP-address. So was trying to get this working straight from the TL-R605 by creating a VLAN that uses the WAN DHCP. But it's not possible, I think? (Also, why can't I assign port profiles to the TL-R605 ports and configure them as my other omada switches?)
I was hoping to configure the following on my OC-200:
- Modem to TL-R605 WAN-Port (Dynamic IP)
- Set up a new LAN VLAN interface (example: 10) that uses the WAN DHCP instead of the R605 or any other local network DHCP server (But it is not possible to have a VLAN use the WAN DHCP. )
- Set up a new LAN VLAN interface (example: 20) for all local network devices, using the TL-R605 DHCP server
- Create a Port Profile "Only-10" that only allows VLAN 10
- Create a Port Profile "Only-20" that only allows VLAN 20
- Create a Port Profile "10+20" that allows VLAN 10 and 20
- Assign Port profile "10+20" to WAN/LAN port 2 on the TL-R605 (but I can't seem to find where to assign a port profile for the R605 ports in the Omada Controller?)
- Assign Port profile "10+20" to Port 1 of TL-SG2008P switch
- Assign Port Profile "Only-10" to port 2 of TL-SG2008P switch (so the device connected to that port gets an external WAN DHCP IP and cannot access the local network)
- Assign Port Profile "Only-20" to port 3 of TL-SG2008P switch (so the device connected to this port gets an IP from the TL-R605 and has access to the local network
The reason for the above config would be to save a few ports.
I currently created the following workaround but I'm unsure if it's ok interVLAN-wise/security-wise (isolate? Spanning tree? Are the CLANs tagged/untagged correctly?):
- Modem to SG2008P#1 port 1 (Port profile only-10)
- SG2008P#1 port 2 (Port profile only-10) to TL-R605 WAN for internet access for the LAN network
- SG2008P#1 port 3 (Port profile only-20) to TL-R605 Port 2 (Cannot assign a port profile in Omada controller for the TL-R605?)
- SG2008P#1 port 4 (Port profile 10+20) to SG2008P#2 Port 1 (Port Profile 10+20)
- SG2008P#2 port 2 (Port profile only-10) to settop box 1 to have a WAN DHCP assigned IP
- SG2008P#2 port 3-8 (Port profile only-20) for all local devices to have TL-R605 DHCP IP's
I can currently see other devices connected to my modem, so it's fair to say alle those devices can see my local network too? I don't think my workaround is shielding off my local network enough?
I'm open to suggestions/remarks.
And not sure if something like passing through WAN DHCP over well-configured LAN VLAN's can be a future option in the software or not (or even possible network/security-wise)?
It's very quiet here in my little thread 
For the moment I've abandoned my efforts to use the WAN DHCP for a certain VLAN, and I'm trying to replicate my current network setup (simple Netgear managed switches that allow me to mix WAN and LAN DHCP) with my new TP-Link hardware but I'm running into the issue of not being able to assign/tag/trunk multiple VLAN's on one port 
As a reference, my current (working!) switch config that I want to replace with my TP-Link gear:
VLAN 10: WAN DHCP
VLAN 20: Router DHCP
(VLAN1: admin)
| From | Port | VLAN | PVID | Tagged/ Untagged |
To | Port | VLAN | PVID | Tagged/ Untagged | Comment |
|---|---|---|---|---|---|---|---|---|---|---|
| Modem | N/A | N/A | N/A | Switch 1 | Port 1 | 10 | 10 | Untagged 10 | ||
| Switch 1 | Port 2 | 10 | 10 | Untagged 10 | Router | WAN | N/A | N/A | N/A | Router WAN receives DHCP IP from modem! |
| Router | LAN 1 | N/A | N/A | N/A | Switch 1 | Port 4 | 10 + 20 | 20 | Untagged 20 | |
| Switch 1 | Port 3 | 10 + 20 | 10 | Tagged 10 + 20 | Switch 2 | Port 1 | 10 + 20 |
10 | Tagged 10 + 20 | |
| Switch 2 | Port 2 | 10 | 10 | Untagged 10 | TV Settop box | N/A | N/A | N/A | N/A | Device receives DHCP IP from Modem! |
| Switch 2 | Port 3-7 | 20 | 20 | Untagged 20 | Devices on these ports get IP from LAN DHCP | |||||
| Switch 1 | Port 5-7 | 20 | 20 | Untagged 20 | Devices on these ports get IP from LAN DHCP |
Some additional info on these simple managed switches for reference:
Switch 1:
Switch 2:
I'd still like to see a solution where I can just say for a VLAN to use the WAN DHCP. it would save me some switchports!
I did try that, it didn't work in my specific setup as I need to be able to set multiple VLANS on one single port and the Omada software doesn't allow this:
- port 1 of Switch #1: VLAN 10 (from modem)
- port 2 of Swtich #1: VLAN 10 (to R605 router WAN1)
- port 3 of Switch # 1: VLAN 20 (from R605 router LAN1)
- port 4 of Switch #1: needs both VLAN10+20 (to Switch#2 port 1) but am unable to set this? Only accepts 1 tagged vlan, need more)
- other ports of Switch #1 are VLAN 20 for LAN access
- port 1 of Switch #2: needs both VLAN10+20 (to Switch#2 port 1) but am unable to set this? Only accepts 1 tagged vlan, need more)
- port 2 of Switch #2 VLAN 10 (to settop box that requires external IP but I could never let it have an external IP)
- other ports of Switch #2 are VLAN 20 for LAN access
I can't run another ethernet cable to the second switch (so one for VLAN10 and one for VLAN 20, that would solve it too), but besides: it's possible in other hardware to carry multiple VLANs to one port over one cable so why shouldn't the TP-Link hardware/software do that? 
Or maybe I'm missing something here..
(In my tests, I could see in my local network all external devices (the modem, settop box, and even other modems from neighbours on the cable network. didn't give me much confidence, that's why I tried to shield everything in ACL, but that didn't work either as ACL ony works on Interfaces, not VLANs)
Thanks! I did that in the past (but on the previous Omada version, maybe it's better in the newer one (that is currently installed? Or I just did it wrong )
I'll have a look when our home network is not needed for homeworking this weekend or so. I already made profiles like that, I'm looking at them right now but was always unable to tag/untag the vlans I needed. The wrong ones were highlighted by default and unchangeable. But again, it was probably just me.. lost OC200 connections and R605 connections too, had to restart multiple times.. was a pain :D
I'll give it another go, thanks.