SDN: assigning vlan to other end of mesh
Hi all,
I have a Ac1200 that's meshed with an AX5400. On the other end of the AC1200, I have a camera plugged into the ethernet port. The camera is assigned a wired lan ip address under port 2, which is the switch port my AX5400 is plugged into and is also my regular LAN, not the surviellance LAN I use for cameras. I'm trying to figure out how to assign the camera to a vlan under my surviellence lan. It would be simple enough if it was wireless, but it's only wired.
Can I tag the camera's mac address to a specific vlan for example?
Thanks,
RP
P.S. tried attaching a network map but keep getting the error "image url missing". The basic layout is an ER605 -> SG2008 -> OC200 -> AX5400 meshed to AC1200, Camera plugged into port of AC1200.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The nature of the mesh combined with the architecture of the AP means that portX->AP >> << meshedAP-portX is always the case.
I haven't done it, but in theory, you could move the APs to a different management VLAN ID, set the PVID of port X to the Surveillance VLAN (but also include the Management VLAN and any SSID VLANs on that port as tagged) and then the camera would be natively assigned an iP from the Surveillance VLAN since the remote meshed AP's port would also be bridged to it. Your SSID's and their respective VLAN's will still be respected and not impacted.
Also, don't use both ports of the OC200. They are 100M only with limited VLAN support. Connect your AX5400 direct to the 2008 if it isn't already.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 thanks for your reply. The think I understand. I will try in morning.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 I'm not sure I follow your train of thought here. I'm new to tagging and vlans so I need a little more detail if at all possible. I'm not sure how to accomplish your idea with SDN.
Thanks,
RP
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
First things first, you need to rebuild your solution with a tagged management VLAN:
https://www.tp-link.com/us/support/faq/2814/
VLANs allow network traffic to transit the same physical port/cable without being able to see/interact with each other (ships in the night). The idea here is to move all your network nodes (controller, aps, router etc onto a VLAN so that the control traffic is tagged). The concept of VLANs is that each physical port has a native VLAN ID assigned, and optionally one or more VLAN IDs may be assigned as tagged traffic. The native VLAN ID will then 'mark' any untagged traffic at that port inbound, or 'unmark' any outbound traffic. My concept is that you make the native VLAN or PVID of the port that the root AP is attached to the VLAN for your IOT/Security subnet, but also allow the Management VLAN on the same port as tagged, and also any VLAN's associated with SSIDs configured on the root AP or any subtending meshed AP. This should mean that when the physical ethernet port of the remote meshed AP is 'bridged' to the physical ethernet port of the root AP once meshed, that the remote AP port should take on the same properties as the switchport feeding the root AP (which in this case will have a native VLAN/PVID belonging to the IOT/Security subnet...and so your camera's untagged traffic will appear at the router as belonging to that subnet).
- Copy Link
- Report Inappropriate Content
@d0ugmac1 Thanks for your reply and taking the time for the detail. It all seems to make sense. I need. to go through the vlan doc and give it a try. Thanks for your help and will advise how it goes.
RP
- Copy Link
- Report Inappropriate Content
@d0ugmac1 My managemfent vlan is already defaulted to LAN1. Can I not just use that or do I need to set a new one? The link you sent me assumes there is no management vlan enabled to start. This stuff is really confusing for me so I don't want to lock myself out and have to restart from scratch.
RP
- Copy Link
- Report Inappropriate Content
If you take a backup you don't have to rebuild from scratch, you just restore. That said, it's not impossible for it to work...
The problem is that VLAN1 is special on the TPLink routers, so I was trying to avoid any issues with that specific VLAN. However, as long as you are using an Omada managed switch to feed the meshed pair, you should be able to leave the VLAN on 1, but you'll need to test and see if when you tick the 'Management VLAN' option for the AP, if it truly starts accepting its management traffic via tagged VLAN1 frames or not. The switch port feeding the root node should then be configured as native to VLAN10, and tagged for VLAN1 traffic...assuming VLAN10 is your camera VLAN.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 Thanks for your reply. I have some other issues I'm trying to figure out first but will give this a try. Your help is very much appreciated.
RP
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 742
Replies: 9
Voters 0
No one has voted for it yet.