Building a vlans with the same network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Building a vlans with the same network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Building a vlans with the same network
Building a vlans with the same network
2021-05-25 16:39:32 - last edited 2021-05-25 17:09:09
Model: TL-R470T+  
Hardware Version: V6
Firmware Version: 6.0.4 Build 20200313 Rel.32850

Hi all, I got some doubts with this appliance.

 

I have been successful configuring bandwidth control and controlling the network. Right now we have no VLANS and we are planning to start implementing them.

 

Here is the network so far today:

 

 

As you can see, nothing fancy, all mixed up. Now, what I want is to use the available lan ports on the R470T+ to separate de network in a few VLANS like this in the near future:

 

 

I know that the model I have does not have multi-nat, so all the network would be inside (for example) 192.168.1.0/23; so there's nothing else I can do with the budget I have so far. Knowing that I would have just one network,

  • can the R470T+ control VLAN communication? (yes I know I can let some VLANS communicate via the switches, but that is for later) Like allowing vlan10 to communicate with vlan20, or like, whoever is in port 3 can talk to port 4 but not port 5, or do some kind of control of "who gets to talk to who".
  • since I will have just one network, I assume all the current bandwith, firewall and routing controls will still work, right?

 

Regarding internet access, I'm still confused by the tag and untag settings for the wans, is there any place to find a more detailed manual about it? so far I know that would need to "untag" or "tag" at the port configuration, right? 

 

 

  0      
  0      
#1
Options
2 Reply
Re:Building a vlans with the same network
2021-05-26 07:26:32

@Cuda 

hi there, tag means when internet data outflow the router/switch, the data still obtain the VLAN tag in the data. Untag means when data outflow a router/ switch, the tag will be deleted and there has no tag on data. The PC can only deal with the data without a tag.

 

The function "control VLAN communication" of this model cannot work. The VLAN function of this router can only work as the network isolation.

 

But the "control VLAN communication" seems can work on the model ER605 and ER7206, here is the instruction for it:  https://www.tp-link.com/en/support/faq/3061/

 

You can set up the VLAN and the ACL to manage the communication. By default, if there has no ACL, all the VLANs on the router's LAN port can talk to each other .

And this needs to wait for the latest firmware version coming up in few days.

 

  0  
  0  
#2
Options
Re:Building a vlans with the same network
2021-05-27 22:26:13

@John1234 Thanks, now before continuing with the topic, can you tell me something about the lan groups, specifically:

IPGROUP_ANY

IPGROUP_LAN

 

And one that is named: Me

 

I think that the ! before the name means "not" like not IPGROUP_ANY and so for, but I'm having doubts about my firewall rules and bandwith controls.

 

For example, if I want to block all outbound traffic and only allow certain groups, how should I word the rule?

 

This are some of the rules I have so far:

ID Name Source Destination Policy Service Type Interface Effective Time Operation
  1 DNS SpecialAccess_group IPGROUP_ANY Allow DNS LAN,WAN1 Any  
  2 Only_ping SpecialAccess_group IPGROUP_ANY Allow ICMP_ALL LAN,WAN1 Any  
  3 Time SpecialAccess_group IPGROUP_ANY Allow SNTP LAN,WAN1 Any  
  4 ImagenesMedicas_Block ImagenesMedicas_group IPGROUP_ANY Block ALL ALL Any  
  5 No_way_out Blocked IPGROUP_ANY Block ALL ALL Any  

 

Sorry about the table, I tried to fix it but seems broken when pasting.

  0  
  0  
#3
Options