TL-R605: use WAN DHCP in LAN VLAN? And where to set Port profiles for TL-R605?
Our TV settop boxes require an (external) WAN DHCP assigned IP-address. So was trying to get this working straight from the TL-R605 by creating a VLAN that uses the WAN DHCP. But it's not possible, I think? (Also, why can't I assign port profiles to the TL-R605 ports and configure them as my other omada switches?)
I was hoping to configure the following on my OC-200:
- Modem to TL-R605 WAN-Port (Dynamic IP)
- Set up a new LAN VLAN interface (example: 10) that uses the WAN DHCP instead of the R605 or any other local network DHCP server (But it is not possible to have a VLAN use the WAN DHCP. )
- Set up a new LAN VLAN interface (example: 20) for all local network devices, using the TL-R605 DHCP server
- Create a Port Profile "Only-10" that only allows VLAN 10
- Create a Port Profile "Only-20" that only allows VLAN 20
- Create a Port Profile "10+20" that allows VLAN 10 and 20
- Assign Port profile "10+20" to WAN/LAN port 2 on the TL-R605 (but I can't seem to find where to assign a port profile for the R605 ports in the Omada Controller?)
- Assign Port profile "10+20" to Port 1 of TL-SG2008P switch
- Assign Port Profile "Only-10" to port 2 of TL-SG2008P switch (so the device connected to that port gets an external WAN DHCP IP and cannot access the local network)
- Assign Port Profile "Only-20" to port 3 of TL-SG2008P switch (so the device connected to this port gets an IP from the TL-R605 and has access to the local network
The reason for the above config would be to save a few ports.
I currently created the following workaround but I'm unsure if it's ok interVLAN-wise/security-wise (isolate? Spanning tree? Are the CLANs tagged/untagged correctly?):
- Modem to SG2008P#1 port 1 (Port profile only-10)
- SG2008P#1 port 2 (Port profile only-10) to TL-R605 WAN for internet access for the LAN network
- SG2008P#1 port 3 (Port profile only-20) to TL-R605 Port 2 (Cannot assign a port profile in Omada controller for the TL-R605?)
- SG2008P#1 port 4 (Port profile 10+20) to SG2008P#2 Port 1 (Port Profile 10+20)
- SG2008P#2 port 2 (Port profile only-10) to settop box 1 to have a WAN DHCP assigned IP
- SG2008P#2 port 3-8 (Port profile only-20) for all local devices to have TL-R605 DHCP IP's
I can currently see other devices connected to my modem, so it's fair to say alle those devices can see my local network too? I don't think my workaround is shielding off my local network enough?
I'm open to suggestions/remarks.
And not sure if something like passing through WAN DHCP over well-configured LAN VLAN's can be a future option in the software or not (or even possible network/security-wise)?