ER7206 isolated VLAN networks with Omada Controller interface??

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER7206 isolated VLAN networks with Omada Controller interface??

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
14 Reply
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-18 03:34:24 - last edited 2022-03-18 06:45:17

@GopS The reason that the release note mentioned about standalone mode only, controller mode was already capable.

 

All I could know is these:

  • You are keep insisting that the Omada controller doesn't capable to network segmentation by VLANs, if using third-party switches.
  • Because you were failed to configure with your unknown Cisco switch with unknown configuration, and read the release note which mentions about the function added in standalone mode.
  • And you "seems"(even this isn't clear) just followed an FAQ for controller with Omada SDN switches.

 

Since you had refused to provide any proper information to figure out, so I believe you have misconfigured if you relied on a FAQ for Omada SDN switches only, for now.

 

Personally I don't like nor easily believe people who doesn't provide proper information and keep just insisting, because of following reasons.

  • It's very hard to find what was wrong exactly.
  • Most of cases like that are caused by just their mistakes, misunderstandings, unknowledge, mix-ups, environments, or anything similar, in my plenty of experience.

 

However,
I always suspect from every possible aspects and that's why I interested in this topic and asked to you something, and never underestimate anyone before something is be certainly confirmed.

 

But, as you know, there's no clue to backs you anymore, for now. It's way more reasonable to believe official TP-Link documents and @Hank21. The document and the controller UI state that it is capable, and here's only one user's opposite claiming. Hmm.

 

I would not care about this issue anymore because this doesn't seems meaningful to me.

Thank you :)
  0  
  0  
#12
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-18 07:59:25

  @GopS 

GopS wrote

@Quidn AFAICT, the isolated VLAN is possible with the controller mode if and only if you have a TP-Link switch

 

@Hank21 Yes, I'm aware that the link that you referenced is for a full configuration that includes a switch.  See my previous post (#3) where I acknowledge that I do not have a switch.

 

> Just configure the port on the router with VLAN and then set up the switch with corresponding VLAN on the ports. Then the VLAN can pass to the switch and get other ports matching VLAN if you set up the port right on your Cisco switch.

 

Yes, this was successful but the VLANs are not isolated.  This is the original problem I am trying to solve.

 

OTOH, if I use the standalone interface, I am able to isolate the VLANs (even without a TP-Link switch).  The isolation capability is possible with the router, just not through the controller interface.  In the controller interface, the switch ACLs are not being applied to the router, even though it's entirely possible to do so.  After all, the router is not only a gateway, but also acting as a switch on the LAN ports.

 

TP-Link support -- can you please give a timeline when your controller / router firmware will be able to support this relatively straightforward isolated VLAN capability with the controller interface?  Thank you!

 

G

 

p.s. The email alerts are a separate issue so I don't want to mix it here.  For your reference, I have already resolved my needs (albeit suboptimally) in this thread:

https://community.tp-link.com/en/business/forum/topic/538712?replyId=1055088

 

It will be supported but I do not have a timeline for this. There are a lot functions will be added to the Controller this year.

If you have any suggestions, you can start a thread in the suggestion/feedbakc section. Will log the request and send to the R&D for evaluation.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#13
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-18 19:12:18 - last edited 2022-03-19 16:34:11

@Hank21 

> It will be supported but I do not have a timeline for this. There are a lot functions will be added to the Controller this year.

> If you have any suggestions, you can start a thread in the suggestion/feedbakc section. Will log the request and send to the R&D for evaluation.

 

Thank you for confirming multi-networks are not fully supported in the Controller-only without TP-Link switches.  It is good to know that there are plans for eventual support.  Can you confirm with R&D whether the workaround you mention in post #9 (using VLAN binding) is expected to work?  I believe I tried that setting, and I don't think it works, but would appreciate double checking with you if that is the case.

 

As for the suggestion/feedback section, I can post a quick note there as per your request.

 

///

 

@Quidn I'm surprised by your aggressive and accusatory tone.  I believe my communications on this thread have been pretty straightforward.  The key issue is not whether VLAN setups are supported through the Omada Controller configuration.  The issue is whether the VLANs can be isolated for true multi-network configuration.  Maybe I wasn't clear about the distinction, although the word isolated does appear in the title of this thread.

 

FWIW, I was reluctant to share my ACL settings because it would have required me to take down my network by re-adopting the ER7206 with my OC200 controller.  This wasn't worth it to me.  I've already spent tons of time on this, and I am fairly confident that I have thoroughly explored the Omada Controller configuration the first time around.  And no, I did not blindly follow the instructions in the FAQ you keep referencing.  While I was familiar of those instructions when @Hank21 referenced them, I was also acutely aware of the differences versus my own network topology (mainly no TP-Link switches).

 

Since you are throwing shade at my "unknown Cisco switch with unknown configuration," I can assure you that there's nothing complciated about my Cisco configuration.  It's Layer2 without much complexity.  Here's a simple example of how I configure it:

  Port 1 ==> VLAN 100 & VLAN 1 => ER7206

  Port 2 ==> VLAN 100

  Port 3 ==> VLAN 1

Without VLAN isolation, a device on Port 2 can talk to a device on Port 3 due to the ER7206 routing packets between the VLANs.

 

Throughout all of this, keep in mind that the standalone interface works with no problems (just follow instructions from https://www.tp-link.com/us/support/faq/3061/), so I am able to observe the desired isolation when it is configured properly.  This doesn't preclude a mistake on my end.  Network configuration is complicated!  Still, all experiments and clues have been pointing to the fact that TP-Link does not support fully support isolated multi-network using the Controller interface with just the ER7206.

 

I had two main objectives in this thread:

(a) get an official confirmation from TP-Link whether or not their Controller interface provides the necessary isolation support (sans TP-Link switches),

(b) if not, find out whether there were plans to add to add this functionality soon.

 

> It's way more reasonable to believe official TP-Link documents and @Hank21. The document and the controller UI state that it is capable, and here's only one user's opposite claiming. Hmm.

 

I'm not sure what official TP-Link documentation you are referencing.  AFAIU, there is only a FAQ showing how to configure a proper multi-network setup using the ER7206 and non-TP-Link switches with the standalone configuration interface.  If you know any other documentation, please share!  Plus, @Hank21 from TP-Link now appears to be confirming that my desired setup is unsupported with the Controller Interface. :(

 

> I would not care about this issue anymore because this doesn't seems meaningful to me.

 

I'm confused.  From one of your previous posts, it sounded like you too would like the multi-network VLAN functioniality in the controller interface without TP-Link siwtches.  You wrote:

"I can't believe that it's not possible in controller mode. ... I was planning to migrate all of my ER7206/ER605 to be controller mode, but it's awfully critical if it's true.". 

But maybe you don't care about VLAN isolation?  Lack of isolation would be rather undesirable in my opinion.

 

In any case, if you're sure it's possible, please try it.  Let us know if it works.  More likely than not you will be frustrated like I was. :(

 

Regards,

G

 

  0  
  0  
#14
Options
Re:ER7206 isolated VLAN networks with Omada Controller interface??
2022-03-21 04:01:14

Dear @GopS ,

 

Maybe I didn't express myself clearly before, for a detailed reply you can refer to this thread.

As an alternative, you can implement VLAN isolation on your own switch with the appropriate VLAN settings or, if you have the EAP, you can implement wireless isolation on the EAP by using EAP ACL.

 

@Quidn

To sum up @GopS  problem and requirement is: gateway does not support isolating VLANs by ACL in controller mode.
Currently there is no way to implement this on the controller, but it can be done in standalone mode with the gateway.

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#15
Options