Business Community > Controllers > Port Profiles and vlans
< Controllers

Port Profiles and vlans

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Port Profiles and vlans

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Port Profiles and vlans
Port Profiles and vlans
2023-08-22 18:50:24

Hi all, so I'm a Ubiquiti man and have been for many years. Due to how hard it is to get the Ubiquiti gear I'm moving to TPLink which is honestly fantastic. 

 

I am however having an issue. I've got the cloud controller a router loafs of Access Points 2 48 port switches and 3 8port switches. All connected find to the controller and I can access them. The problem I've got is I've setup multiple lan's ad interfaces and set the port profiles with a view to setting switch ports to the profile needed and expecting no access possible to the other LANS.

 

I set the switch ports to the right profile and it gives me the correct subnet but I can still ping other subnets. 100% in the port profile I have not got any other Lan but the ones I want.

 

Same with the wifi networks, I setup multiple SSID set each to the Vlan number I want them to access but it doesn't work. The Access Points are plugged into switch ports with the All profile configured because I want each AP to give out multiple SSID's but the SSID to only be able to access one particular LAN.

 

I hope I've explained myself well enough. Ask any questions if not.

 

Thanks in advance.

  0      
 
  0      
 
#1
Options
3 Reply
Re:Port Profiles and vlans
2023-08-23 05:30:59 - last edited 2023-08-23 05:37:10

  @FarmTech 

Hello. when it comes to unifi and tp-link, they are quite similar.
You want to block between vlans if I understand you correctly? this is done on the router as it is also done on unifi :-) what kind of router do you have?


Unlike unifi, on  Omada system you can also set ACL on Switch but that is not something I would recommend.
Switch ACLs aren't stateful so it's easy to block everything and thus lose connection to controllers, so be careful.

There is also ACL for the Access Point for ACL on Wifi.

 

go to settings, network security and acl

 

  0  
  0  
#2
Options
Re:Port Profiles and vlans
2023-08-23 07:13:18

  @MR.S Thanks for the reply. To be honest I thought I had. The router is a TL-ER7206 

 

I setup the new Lan as an interface, with a vlan as number 2. I called this lan unit 8.

 

I went to port profiles and created a profile called unit 8 lan, I inly added the unit 8 lan I had created too it. 

 

I then set a port on the switch to this profile. When I plug my laptop into that port I get an address on the correct subnet but I can still ping the default LAN addresses. On unfi that wouldn't happen. 

 

Also on the AP, I setup a WiFi network, tick vlan put number 2 in. (Access Point is plugged into a port with profile All on it so I can broadcast multiple ssid's) when I connect to the ssid I created I get the correct address but can still ping the main lan.

 

So I'm doing all of this from within Omada Controller like I have with unfi. Should I be logging into the router direct? 

 

I dont really like the idea of ACL as you say. 

 

Thank you again for your help. Much appreciated 

  0  
  0  
#3
Options
Re:Port Profiles and vlans
2023-08-23 07:31:47

  @FarmTech 

 

to stop respond from gateway try create a gateway acl and deny gateway management. i have not tested this so at your own risk smiley

 

  0  
  0  
#4
Options

Information

Helpful: 0

Views: 760

Replies: 3

Related Articles
One phisical port on multiple VLANs and profiles
2187 0
 Vlans and Profiles
442 0
Cannot change Port Profiles
661 0
 ER605 and port profiles
716 0
Port-Profiles can not be changed on Wired Networks | Loopback-Detection |
272 0
Vlans tag IPTV on lan port
1442 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.