Vlan Internet
HI Guys
i recently got my oc200 hardware and this is my first experience with TP link cloud, i'm using it to my home network. unfortunately, i setup different Vlans and SSID,but i'm not able to get internet on Vlans, i can only apply the Vlan1 the main one.
I notice that on the map view from controller showing internet disconnected. is this could be the reason ?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Amds wrote
HI Guys
i recently got my oc200 hardware and this is my first experience with TP link cloud, i'm using it to my home network. unfortunately, i setup different Vlans and SSID,but i'm not able to get internet on Vlans, i can only apply the Vlan1 the main one.
I notice that on the map view from controller showing internet disconnected. is this could be the reason ?
@Amds What gateway router are you using ?
- Copy Link
- Report Inappropriate Content
Hi Gael Thanks for your reply. The router is the one prided by ISP, i think it's huwaei or linksys. @GaelForce
Amds wrote
- Copy Link
- Report Inappropriate Content
You will need a managed Omada router (ER605 most likely for you) before you can manage multiple SSIDs/VLANs to work in conjunction with the OC200 and the APs (or monitor the gateway to internet connection). Further, if you wish to isolate users on one SSID from users on another SSID, you will will need to add an Omada switch, such as the SG20008(P). I know this because that's exactly how I started, first the OC200 and a few EAP225-outdoors for meshing, then the gateway, then the switch. Now that I have all the pieces, the solution works quite nicely (and I'm less grumbly about having to spend the extra cash).
- Copy Link
- Report Inappropriate Content
Hello
Many thanks for your response, you got exactly to the point, got it
I already have the TL-SG2008P switch and OC 200 controller with EAP 225 and 235 Wall. but it seems the i still need the ER605 to isolate the VLAN's.
However, happy to manage now without the Vlan subnet.
Thanks
- Copy Link
- Report Inappropriate Content
Out of the box there is no segregation between the vLANs. That's fundamentally different form the most common solutions, where anything is denied until you permit the traffic.
I'm not sure if I did it the way TP-Link recommends, but I blocked the traffic with some switch ACL.
- Gateway: configure your vLAN as interface and bind it too at least one port (LAN). Don't forget the vLAN ID
- I recommend to use DHCP from the gateway
- Configure the uplink port from the switch to the gateway with the default LAN as native and the vLANs as tagged networks (on the switch)
- Configure the port the OC200 is connected to as native default LAN or keep it as it is (on the switch)
- Configure the EAP ports the same way like the gateway uplink port (on the switch)
- Configure client ports with the desired vLAN as native network without tagged networks
- Configure your Wireless LAN / SSID with the desired vLAN
Now you should be able to access the internet from all of your clients. But you also can access devices across the vLAN.
BACKUP NOW! Seriously.
You can use switch ACL to block this traffic:
- Configure switch ACL rule (pairs) for all unwanted connections. Be careful when you group networks, this can lead into a fully locked system.
- Don't forget to block the connection between vLAN's and the defaul LAN (be sure to configure a management port first or use the second port of the OC200)
- Don't forget to block the direct access into WAN/DMZ and vice versa if you want to use the firewall of the gateway. Since WAN is not a network from the ACL perspective, you can safely create an IP group with the WAN subnet
- If you need any connection direct from internal to the WAN/DMZ configure individual premit rules and place them above the deny roles.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1082
Replies: 5
Voters 0
No one has voted for it yet.