ER605 Setup with Multiple VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 Setup with Multiple VLANs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 Setup with Multiple VLANs
ER605 Setup with Multiple VLANs
2022-12-05 23:22:06
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

I am struggling with the setup of my network.

I desire to have different subnets or VLANs to seperate guest traffic from trusted device traffic on my network.

Topology is:

        ISP > ER605 Router > TL-SG1024DE Switch
                 V
             POE Switch > EAP650 WAP
             
ISP comes into the ER605.  I have a TL-SG1024DE for wired traffic and a POE switch for wireless, to which is connected the EAP650 WAP.  

 

I want to have trusted devices such as laptops connected to one subnet (10.0.1.x) from whereever they connect, be it wired or through the WAP.

 

I want to have all other devices connect to a different subnet (172.30.1.x) from wherever they connect, be it wired or through the WAP.

 

Any thoughts?

  0      
  0      
#1
Options
3 Reply
Re:ER605 Setup with Multiple VLANs
2022-12-06 01:16:21

  @djhobbes Your POE switch will need to be VLAN capable, since you don't give a brand/model number for it, it's hard to tell.  When the switch is VLAN capable, you have a couple of options.  The ER605 will have a default LAN on the port to the POE switch, this is the PVID, if this is a VLAN for managing devices (that is nether "trusted" or "other") then pass that VLAN out as untagged through the switch to the EAP650.  Then add the other two VLANs (trusted & others) to the same ER605 port as tagged, through the POE switch to the EAP650, and set the EAP650 with two SSIDs having VLAN settings to correspond to the respective VLANs.

If you have network device management on the same VLAN as "trusted", set that VLAN as the PVID (and untagged) out of the ER605 through the POE switch to the EAP650.  On the EAP650, set the "trusted" SSID to have no VLAN.  The second VLAN will be set in the ER605 has tagged out the port to the POE switch and on to the EAP650, and the second SSID for "other" will be set to have a VLAN to match "other".

When setting these VLANs in the ER605, set them to "Interface", to use the ER605 for DHCP.

It this is not clear, also tell us if you are using Omada for management or using the devices in standalone (through their IP web GUI), and someone can tell you what pages to go to.

 

Without knowing the make and model it's hard to know how to pass your VLANs through the POE switch.

  2  
  2  
#2
Options
Re:ER605 Setup with Multiple VLANs
2022-12-07 00:00:55 - last edited 2022-12-07 00:02:29

  @JoeSea 

 

The switch I plan on using for the POE devices is the TL-SG105PE.  I was also not intending to use Omada (unless it would simplify the setup).

  0  
  0  
#3
Options
Re:ER605 Setup with Multiple VLANs
2022-12-07 00:41:02

  @djhobbes Ok, so that switch is managed, so you should set the uplink port (I think port 5) as a trunk matching the settings from the ER605.  The port that may have an AP will need the proper PVID and untagged VLAN for the AP's base network, along with any additional VLANs tagged, in a trunk.  And any nonVLAN aware devices (such as a laptop) should have the port PVID and untagged VLAN set for the network they are to be on.

 

With the switches you have Omada wouldn't help.

 

The manuals for the ER605 and the switches are long, but they have examples of how to set up the VLANs, get the pdfs from the support pages (sometimes you have to put in a hardware version that is a little different to get the manuals).  Use the 802.1Q VLANs that the switch manuals show, this will probably make it easier.

  2  
  2  
#4
Options