Omada SDN and SNAT \ Masquerading

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN and SNAT \ Masquerading

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada SDN and SNAT \ Masquerading
Omada SDN and SNAT \ Masquerading
2022-03-05 12:32:18
Model: OC200  
Hardware Version: V1
Firmware Version: 1.14.3 Build 20220112 Rel.64116

Hi all,

sorry for my bad English in first!

 

I’m new omada SDN user, and I need help to understand how the system works.

 

My environment is:

OC200 1.0 (firmware version 1.14.3 Build 20220112 Rel.64116 , controller version 5.0.30);

TL-R605 v1.0 (firmware version 1.2.0);

TL-SG2008P v1.0 (firmware version 1.0.2);

EAP265 HD(EU) v1.0 (firmware version 5.0.4).

 

Network topology is:

FFTH 1000/300Mbps -> R605 -> SG2008P -> EAP265

                                                                      |-> OC200

 

 

I’ve created N network interface (I will describe only few in this scenario):

 

“Client” – Interface - 10.10.101.1/24 (VLAN 101);

“Server” – Interface - 10.10.10.1/24 (VLAN 10);

“Guest” – Interface - 10.10.200.1/24 (VLAN 200);

“Network” – Interface - 10.10.2.1/24 (VLAN 2)  <-this subnet is used for all the network environment previously described.

 

Each of this interface has DHCP enabled and DHCP range defined.

 

The system automatically creates a port profile for each interface:

“Client”: native network Client, Tagged network Client, untagged network Client;

“Server”: native network Server, Tagged network Server, untagged network Device;

“Guest”: native network Guest, Tagged network Guest, untagged network Guest;

“Network”: native network Network, Tagged network Network, untagged network Network;

“ALL”: native network Network, Tagged network All, untagged network Network;

“DISABLE”: native network None, Tagged network Network, untagged network Network;

 

I’ve defined 2 WLAN:

SSID1 – VLAN 101;

SSID2 – VLAN 200 – guest network.

 

The AP is connected to a switch port with “ALL” profile defined.

 

 

I have a home assistant installation on server network with ip 10.10.10.100, and a dreame vacuum connected via wifi on SSID1 with ip 10.10.101.166.

 

i would integrate the vacuum on home assistant, but discovery across different network are not working cause the device won't respond to packet outside of his network.

 

I found a workaround as described here: https://github.com/rytilahti/python-miio/issues/422#issuecomment-455824152

and here: https://python-miio.readthedocs.io/en/latest/troubleshooting.html#discover-devices-across-subnets

But i don't understand how i can implement on omada platform.

On the first link there are some example of configuration on different router, SDN infrastructure or iptables.

 

As i can understand, i need to implement a nat masquerade between the 2 vlan, but i do'nt understand how to do that, cause i can nat only on wan interface in my Omada Controller.

the corresponding in iptable should be:   iptables -t nat -A POSTROUTING -s 10.10.10.100/32 -d 10.10.101.166/32 -p UDP -j MASQUERADE --to-ports 54321

 

There's a way to do this in Omada?

Thanks in advice,

S.

  0      
  0      
#1
Options
3 Reply
Re:Omada SDN and SNAT \ Masquerading
2022-03-07 13:16:16

  @Gersio 

 

In short, you want the two segments/VLANs to communicate with each other, right?
In fact, you just need to enable the corresponding VLAN interface on the switch.

By default, different Interfaces can communicate with each other if you only set the VLAN Interface and not the ACL.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Omada SDN and SNAT \ Masquerading
2022-03-07 17:22:05

  @Virgo 

Hi Virgo,

no, i haven't prolbem to communicate between VLAN, as per default the traffic between vlan are not filtered in omada!

i've not ACL set on gateway\switch ATM.

What i need to do it's nat masquerading or 1to1 nat between internal interface.

In the links in my previous post are explained the exact scenario i need to reprouce!

the 1to1 NAT can be configured in standalone mode on tl-r605 if i remember correcty, but this option is not present in the omada SDN

  0  
  0  
#3
Options
Re:Omada SDN and SNAT \ Masquerading
2022-03-09 06:06:05

  @Gersio 

 

Yes, one-to-one NAT is not yet supported on the controller, so we'll have to wait for an update in a later version.wink

Just striving to develop myself while helping others.
  0  
  0  
#4
Options