netlabguy wrote

I am running an Omada system with router, controller, and a L2+ and L2 switch and a few EAPs. The router is directly connected to my modem.

I want to add a pfsense firewall to have more control over the network flow and add more complex policies. How can I do this? Can I add the pfsense in "non-router" mode (without DHCP) between the Omadam router and L2+ switch? 

Or can I replace the router with pfsense and use pfsense DHCP instead of Omada's? 

  @netlabguy Originally we used the Omada system with an ER7206 router but quickly discovered many limitations. Now we use an OPNsense (pfSense) running in full mode to provide routing, intrusion detection & a good firewall as well as full choice of VPN operations. We still use the OC200, TP-Link switches & EAP's - just not the TP-Link router.  

You could run the pfsense box in firewall only mode, but better to run it as is intended.

  @GaelForce  Where do you define the VLANs? Can the Omada L2+ switch (TL-SG3428X) be used to define the VLANs? Because all my EAPs and other Omada switches are connected to this L2+ switch.

netlabguy wrote

  @GaelForce  Where do you define the VLANs? Can the Omada L2+ switch (TL-SG3428X) be used to define the VLANs? Because all my EAPs and other Omada switches are connected to this L2+ switch.

  @netlabguy The OPNsense / pfSense box is used to define the vlans, DHCP servers, firewall rules, etc etc.  The Omada controller is used to configure the switch(s) and EAP's as well as WLAN's.

This setup requires some greater effort in setting up than just using a TP Link off-the-shelf router, but has considerably greater control & features for the effort expended.

  @netlabguy 

You need to select as "VLANS only", instead of interface, and just provide "VLAN ID".

Everything else will be controlled by pfsnse.

  @kumarullal I am sorry to but in, but you stated that pfsense will be handle everything else, however that doesn't seem to be the case for me.I could be missing a step.

I am unable to isolate my vlans via my pfsesne box. Instead I have to add an ACL rule on the omada switch (TL-SG2218 v1. ) to deny communication between Vlans.

I think its because the switch is an L3 switch as well?

MysterB wrote

  @kumarullal I am sorry to but in, but you stated that pfsense will be handle everything else, however that doesn't seem to be the case for me.I could be missing a step.

 

I am unable to isolate my vlans via my pfsesne box. Instead I have to add an ACL rule on the omada switch (TL-SG2218 v1. ) to deny communication between Vlans.

 

I think its because the switch is an L3 switch as well?

  @MysterB All VLAN control & manipulation would be carried out within the pfSense /OPNsense box using the firewall rules as normal.  There should be no need to start introducing ACL rules on the switches.