Declined Treat ER7212PC as a Switch in ACL (ability to deny communication from one network to another)
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Dear tp-link!
I'd like to ask to support ACL configuration for ER7212PC as it's done for Omada Switches.
In fact ER7212PC manages networks, and it's strange that I can't create an ACL rule to prevent communication from one network to another.
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @mimi234
mimi234 wrote
You (TP-Link) advertise it as a 3-in-1 device, incl a quote: "With a single compact box, users can replace their router, hardware controller, and PoE+ switch setup."
I've bought it as I wanted a 3 in one device, so please make it a 'switch' with all the switch functionality. If I wanted a gateway, I would have bought a gateway and unfortunately that you (TP-Link) see the device as a gateway is of no interest to me.
I think you have a serious misunderstanding of the networking products.
Yes, of course it is replacing three devices and make them into a single one as integration. But it does not change it essence of being a router.
Second, you can return it becuase it is not a switch in our eyes. And you should really know that if a device with multiple ports, except for a WAN and a LAN port for upstream and downstream, the rest of ports as LAN can be regarded as the switching ports. Is that making a device a switch? Not really. The port is for switching but the system does not function like a switch.
It is NOT switching based on the MAC address table instead of on the layer 3 switching.
So, what makes you think it is a switch then? (We commonly distinguish them by the OSI model. We have not released any fully capable layer 3 switch until not long ago.)
Third, if it is of no interest to you, get a classic setup, router+switch+controller. Or return it timely.
P.S. The model was classified as a gateway from the moment it was released on the official website and do some research yourself and see how it is classified. I think I have explained enough here.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
+1.
I need proper switch capability in ER7212PC to create network for guests where clients connected to the AP are isolated BUT they have access to some other LAN devices outside AP (e.g. different subnet or even same subnet, but wired connection directly to the ER7212PC).
But this use case is pretty broad, some examples:
- Office/Guest networks with access to printer or internal website, but isolation between wifi clients connected to the same SSID and the same AP.
- Smart house with WiFi IoT devices (need to isolate them between each other, but still having access to the main smart home server.
This feature was available some time ago, it was named "SSID Isolation" but it was unfortunately replaced with "Guest network", which isolates too much. With "SSID Isolation" it was possible to achieve the same functionality as "Guest network" with proper ACLs. It doesn't work the other way around though, which is bad and limiting. These 2 things could co-exist if needed for backward compatibility.
And no, this FAQ does NOT solve the issue: https://www.tp-link.com/pl/support/faq/1060/
More details in this post: https://community.tp-link.com/en/business/forum/topic/639208.
I explain there in details that there is no such way to achieve that currently with ER7212PC and EAP.
I made a decision to buy Omada because it looked like "SSID Isolation" is still available (plenty old threads advertising that), while it is not. This is critical feature for me and many people in in the tp-link community (smart homes, hotels, offices, etc..) - some examples with different flavours of this problem:
1. https://community.tp-link.com/en/business/forum/topic/175382
2. https://community.tp-link.com/en/business/forum/topic/159499
3. https://community.tp-link.com/en/business/forum/topic/519046
4. https://community.tp-link.com/en/business/forum/topic/506332?replyId=1026014
and few more.
Similar: https://community.tp-link.com/en/business/forum/topic/594680
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
You (TP-Link) advertise it as a 3-in-1 device, incl a quote: "With a single compact box, users can replace their router, hardware controller, and PoE+ switch setup."
I've bought it as I wanted a 3 in one device, so please make it a 'switch' with all the switch functionality. If I wanted a gateway, I would have bought a gateway and unfortunately that you (TP-Link) see the device as a gateway is of no interest to me.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
(...) SW ACL will stay the same and require an additional Omada switch. (...)
So I bought the omada switch TL-SG2210P and I still fail to create a setup, where I can have wifi network for guests where clients connected to the EAP610 are isolated between each other BUT they have access to some other LAN devices outside this Access Points (e.g. different subnet or even same subnet, but wired connection directly to the ER7212PC, e.g. printer, but I provided more usecases in my another post in this thread).
My EAP610 is connected to the omada switch TL-SG2210P which is then connected to ER7212PC. I tried several setups and I failed, but you're saying it should be possible?
- Copy Link
- Report Inappropriate Content
Hi @mimi234
mimi234 wrote
You (TP-Link) advertise it as a 3-in-1 device, incl a quote: "With a single compact box, users can replace their router, hardware controller, and PoE+ switch setup."
I've bought it as I wanted a 3 in one device, so please make it a 'switch' with all the switch functionality. If I wanted a gateway, I would have bought a gateway and unfortunately that you (TP-Link) see the device as a gateway is of no interest to me.
I think you have a serious misunderstanding of the networking products.
Yes, of course it is replacing three devices and make them into a single one as integration. But it does not change it essence of being a router.
Second, you can return it becuase it is not a switch in our eyes. And you should really know that if a device with multiple ports, except for a WAN and a LAN port for upstream and downstream, the rest of ports as LAN can be regarded as the switching ports. Is that making a device a switch? Not really. The port is for switching but the system does not function like a switch.
It is NOT switching based on the MAC address table instead of on the layer 3 switching.
So, what makes you think it is a switch then? (We commonly distinguish them by the OSI model. We have not released any fully capable layer 3 switch until not long ago.)
Third, if it is of no interest to you, get a classic setup, router+switch+controller. Or return it timely.
P.S. The model was classified as a gateway from the moment it was released on the official website and do some research yourself and see how it is classified. I think I have explained enough here.
- Copy Link
- Report Inappropriate Content
wosiu wrote
Clive_A wrote
(...) SW ACL will stay the same and require an additional Omada switch. (...)
So I bought the omada switch TL-SG2210P and I still fail to create a setup, where I can have wifi network for guests where clients connected to the EAP610 are isolated between each other BUT they have access to some other LAN devices outside this Access Points (e.g. different subnet or even same subnet, but wired connection directly to the ER7212PC, e.g. printer, but I provided more usecases in my another post in this thread).
My EAP610 is connected to the omada switch TL-SG2210P which is then connected to ER7212PC. I tried several setups and I failed, but you're saying it should be possible?
Got several questions for you.
1. Have you ever read the FAQ about the multi-nets setup like what you are doing now? If you say that you have followed the guide, I don't think you should/could ask a question like this.
2. Have you set up the GW ACL and LAN to LAN to block the guest VLAN interface to others?
3. Guest network is only blocking the clients that are connected to the SSID, but it does not block this VLAN interface. As the literal meaning of the description in SSID creation. Do you have any time to read the description in that?
4. Get a clear conception and understanding of VLAN interface and SSID - Guest Network by reading either the User Guide or calling the technical support and have a conversation with the support. See if you can get them understood?
We can continue this with your config screenshots and other details. Try not to have this conversation with your plain words.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 14
Views: 1173
Replies: 8
Voters 13
