ER7206 isolated VLAN networks with Omada Controller interface??

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER7206 isolated VLAN networks with Omada Controller interface??

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER7206 isolated VLAN networks with Omada Controller interface??
ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-08 09:31:08 - last edited 2022-03-18 16:12:31
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: ER7206(UN)_V1.6_1.2.0 Build 20220117

Hi,

 

Referencing this older post about a similar topic:

https://community.tp-link.com/en/business/forum/topic/265578

 

And this FAQ mentioning that FW v1.1 provided the capability in the standalone interface:

https://www.tp-link.com/us/support/faq/3061/

 

Is there any hope this multi network feature will be available through the Omada controller interface?

 

There's already a Switch ACLs section in the Omada controller interface that looks like it could work for the rules but nothing entered there has an effect. :(

 

Nor are the gateway ports available for further configuration.

 

Would love to see this feature available in the Controller...most of what I need is in the Controller, including email alerts.  The Standalone interface is decent but there are no email alerts and the gateway is not unified with the rest of my devices.

 

G

  0      
  0      
#1
Options
14 Reply
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-09 09:36:43

Dear @GopS

 

GopS wrote

Is there any hope this multi network feature will be available through the Omada controller interface?

There's already a Switch ACLs section in the Omada controller interface that looks like it could work for the rules but nothing entered there has an effect. :(

Nor are the gateway ports available for further configuration.

 

Multi-network settings are supported on the Controller and are isolated using switch ACLs, see the following FAQ and video:

How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller

https://www.youtube.com/watch?v=Xv5d-wYs2Yk

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-09 23:44:54

Dear  @Hank21,

 

Yes, I'm aware of that FAQ and how to create such a topology but I do not have a TP-Link switch.  I have a Layer2 Cisco switch that I am happy with.

 

Fortunately the TP-Link router/gateway is capable of isolating VLANs without an L3 switch, as one might expect from a professional router/gateway.  After firmware 1.1.1 this configuration is available through the standalone interface.  (Please see my previous links.)  Furthermore, I have verified that configuration via the standalone interface does provide for isolated VLANs on my own network.

 

I am asking here if we can have this functionality through the Omada Controller.  That would unify all my configuration while also providing email alert notifications.  (I don't see a way of getting email alerts through the standalone interface. sad)

 

Hope someone from TP-Link support can advise.


G

 

  2  
  2  
#3
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-15 21:33:26

  @GopS I can't believe that it's not possible in controller mode.

 

I was planning to migrate all of my ER7206/ER605 to be controller mode, but it's awfully critical if it's true.

 

I have to do test if these really do like that.

Thank you :)
  0  
  0  
#4
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-16 07:25:50

  @GopS 

That link is a full SDN setup with the controller, router and the switch. They're all adopted to the controller and managed by the controller.

If you miss the switch from the Omada SDN series, that's totally fine. All you have to do is the VLAN config after you create the VLAN interface on the Controller.

Multi-nets(VLAN interface) is created on the Omada router. ACL is a function based on the router too. So, if you don't own a Omada switch, just configure the port on the router with VLAN and then set up the switch with corresponding VLAN on the ports. Then the VLAN can pass to the switch and get other ports matching VLAN if you set up the port right on your Cisco switch.

Email information is not available on router because the email alerts are sent by the controller. You need to set up the mail server on the controller.

Why we need to configure mail server on Omada SDN controller before adding cloud user and email log

 

Similarly, the Cloud access from https://omada.tplinkcloud.com/ is based on the controller added to the cloud platform and staying on the cloud and then you log in and launch the remote session.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#5
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-16 07:37:38

  @Quidn 

Hello. You can check out the emulator before you migrat them. Or you can download from that page, the latest Omada controller V5.

Emulators

Step 2 can be regarded as a VLAN config. If you have Omada switch,  you do the second step. If not, you set up the VLAN tag/untag with ID on your switch.

How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-16 13:03:44

Hello @Hank21,
I'm already using Omada Controller v5 for EAPs and your answer is exactly what I thought so. That's why I coudn't easily believe the symptoms.

 

I think that should be so and your confirmation is a good news to me. smiley

 

However, @GopS seems properly configured the switch but succeeded only in standalone mode only. Maybe I didn't catch exact symptoms, though.

Thank you :)
  0  
  0  
#7
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-16 15:49:28 - last edited 2022-03-16 16:20:31

@Quidn AFAICT, the isolated VLAN is possible with the controller mode if and only if you have a TP-Link switch

 

@Hank21 Yes, I'm aware that the link that you referenced is for a full configuration that includes a switch.  See my previous post (#3) where I acknowledge that I do not have a switch.

 

> Just configure the port on the router with VLAN and then set up the switch with corresponding VLAN on the ports. Then the VLAN can pass to the switch and get other ports matching VLAN if you set up the port right on your Cisco switch.

 

Yes, this was successful but the VLANs are not isolated.  This is the original problem I am trying to solve.

 

OTOH, if I use the standalone interface, I am able to isolate the VLANs (even without a TP-Link switch).  The isolation capability is possible with the router, just not through the controller interface.  In the controller interface, the switch ACLs are not being applied to the router, even though it's entirely possible to do so.  After all, the router is not only a gateway, but also acting as a switch on the LAN ports.

 

TP-Link support -- can you please give a timeline when your controller / router firmware will be able to support this relatively straightforward isolated VLAN capability with the controller interface?  Thank you!

 

G

 

p.s. The email alerts are a separate issue so I don't want to mix it here.  For your reference, I have already resolved my needs (albeit suboptimally) in this thread:

https://community.tp-link.com/en/business/forum/topic/538712?replyId=1055088

  0  
  0  
#8
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-17 04:03:24

  @GopS 

OK. I think that we are on the same page now. Instead of referring to the whole steps of the FAQ, did you notice that ACL rule was defined by ports? Do you try ACL binding type as VLAN? Same steps but when it comes to binding type, choose VLAN.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#9
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-17 08:17:18 - last edited 2022-03-17 08:21:02

@GopS

I'm sorry but I can't easily believe both because you and @Hank21 are telling too different story.

In general happen like this would be caused by misconfiguration or misunderstanding, but as I already mentioned you definitely don't seem like a beginner with continuous mistaking. And even you succeeded in standalone mode.

 

If you could share your ACL settings in the controller and VLAN settings in the switch, it would be helpful to all of us.

I want to make sure whether it's works or not without Omada SDN Switches, and will request to TP-Link to make it works if it doesn't.

 

I don't care about email alert from standalone mode and already using external syslogd with standalone mode ER7206s, but numbers of routers is increasing so I want to make the managing process simple.

Currently I'm using tens of 24-52 port switches from Netgear, mixed stackable and standalone, so this issue is crucial.

I may purchase TP-Link Omada SDN switches next time but tens of existing units wouldn't be replaced so easily.

 

There's one more point to consider about standalone mode.

Web service port for admin interface is always opened at every LAN interfaces, and there's no option to prevent brute-forcing.

If ACL is your priority then you may consider this too.

Thank you :)
  0  
  0  
#10
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-17 19:58:43 - last edited 2022-03-18 18:54:52

@Hank21 I did notice the VLAN option but it wasn't very clear what that meant.  I may have tried it but at this point but I have since moved on with the setup in standalone mode.  I do not want to reset my gateway to run more experiments.  From the references I have cited above, including the explicit/dedicated callout in the firmware release notes, it certainly seems like the isolation capability (through port-to-port filtering on the LAN side) is only available in standalone mode.

 

@Quidn See above.

 

> If you could share your ACL settings in the controller and VLAN settings in the switch, it would be helpful to all of us.

 

Sadly, there is nothing special about my ACL settings.  The most simple approach was to duplicate what is done in the FAQ (which includes a TP-Link switch).  I did something quite similar to this in the standalone interface and had no issues achieving my desired setup.

 

@Fae Can you please advise?

 

Thanks,

G

 

  0  
  0  
#11
Options