Omada Controller Offloading Static Routing to Switches
Enabling IPv4 Static Routing in compatible switches to reducing unnecessary traffic routed through routers and increase bandwidth to 10Gbit port capabilities,
Currently I have an ER707-m2 router with 2.5Gbe ports and a SG3428XPP-M2 switch. My switch has four 10Gbit ports and I'm looking to add a SX3016 aggregation switch for 10Gbit traffic between server (NAS and VMs) and desktops clients. However my network is using VLAN to separate networks for personal devices, TV and streaming, IoT devices, Computers (Office/Work) and security cameras.
The switch is creating dynamic routes for VLANS and I can add static routes to switch configuration, however all traffic is routed via the ER707-M2 switch.
All my routed 10G traffic between VLANs is bandwidth limited by the single 2.5Gbe connection, significant limitation in file transfer speed to Server NAS and Bandwidth sharing between all devices communicating across VLANs.
Example, All the security cameras, streaming Plex clients, Virtual Machine clients, NAS file transfers across VLAN a limited to single 2.5Gbe link between ER707-M2 and switch, while the switch is capable of static routing in Standalone mode.
Also, TP-link recently announces new Layer 3 switches like SG6654X, if switch routing is not enabled in Omada Controlller Layer 3 functionality of new switches will be disables and useless, meaning people will need to continue to operate Omada switches in standalone modes to utilize layer 3 functionality and IP routing.
If it is currently possible to use switch IP routing with Omada Controller, please create a guide or tutorial, as after 2weeks of testing and searching it appears not possible.
Death_Metal post and guide for using your Omada Switch as Layer 3 Switch (intervlan routing) is not Layer 3 switch routing as using tracert in command prompt all traffic is still routed via the ER707 router. https://community.tp-link.com/en/business/forum/topic/650966
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @mstamp
Thanks for posting in our business forum.
1. We now support Static Routing in controller mode. If you take a look?
2. If you are looking forward to using the L3 routing, refer to FAQ 887. We added the VLAN interface to satisfy most home users who don't have L2+ or L3 switches. That was a history of bulk complaints.
3. We now officially release L3 switches. https://www.tp-link.com/en/business-networking/omada-switch-l3-l2-managed/?filterby=6384
Their firmware would definitely support Static Routing and additional L3 routings in the coming Controller updates.
- Copy Link
- Report Inappropriate Content
Thanks for the reply, but static routing is not working.
Omada Controller 5.13.23 (Windows 11)
Devices Below
I'm aware for swtich the static routes can be added through the config and confirm that they are added through application results show running configuration.
Orignally, I was running VLAN with DHCP server on switch, however changed to interface with DHCP server (because I resitrict DHCP range to 200-50 and use static assignement for all known devices).
My LAN networks are.
LAN 192.168.0.0/24 (Interface)
VLAN11 192.168.0.11/24 (Interface)
VLAN22 192.168.0.22/24 (Interface)
VLAN33 192.168.0.33/24 (Interface)
VLAN44 192.168.0.44/24 (Interface)
VLAN55 192.168.0.55/24 (Interface)
VLAN66 192.168.0.6624 (Interface)
VLAN77 192.168.0.77/24 (Interface)
VLAN88 192.168.0.88/24 (Interface)
VLAN99 192.168.0.99/24 (Interface)
currently only using default LAN (192.168.0.0/24) and VLAN11 (192.168.11.0/22) as I have two internet WAN connections and use the second one for Work due to issues with VPN's on my primary ISP that uses IPv6. Use routing policy for WAN port assignment for VLAN11
So currently I have,
home compuiter on LAN (192.168.0.21) on port 7 of the Switch
Work Laptop on VLAN11 (192.168.11.200) on port 17 of the Swith
(Swtich port configuration is ALL for all ports and VLAN11 for ports 17-20.)
- Copy Link
- Report Inappropriate Content
Gateway Routing Table.below. I noticed the next hope for every VLAN is 0.0.0.0 instead of the default gateway i.e. VLAN11 dynamic route should be destination -192.168.11.0/24/ Next hop 192.168.11.1
- Copy Link
- Report Inappropriate Content
Switch Routing Table
Currently from 192.168.0.21, I can only ping the switch VLAN static address 192.168.11.3 and not the work laptop at 192.168.11.200
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @mstamp
Thanks for posting in our business forum.
mstamp wrote
Gateway Routing Table.below. I noticed the next hope for every VLAN is 0.0.0.0 instead of the default gateway i.e. VLAN11 dynamic route should be destination -192.168.11.0/24/ Next hop 192.168.11.1
Based on the picture, you should learn that the default VLAN interfaces would route them to 0.0.0.0, and then 0.0.0.0 would route to the gateway(default) in VLAN 1. In your case, it seems to be 192.168.127.1.
Still, as #1, you should try this. But you should know what you are doing or you will experience issues.
And next, this has nothing to do with the switch static routing.
You are doing VLAN interfaces created on the router. I don't see any correlation between them.
- Copy Link
- Report Inappropriate Content
Hi @mstamp
Thanks for posting in our business forum.
mstamp wrote
Switch Routing Table
Currently from 192.168.0.21, I can only ping the switch VLAN static address 192.168.11.3 and not the work laptop at 192.168.11.200
Do you consider a thing called Windows Firewall? Have you ruled that out?
And consider if you have ACL.
I am so far not knowing what you are doing with the static routing and VLAN interfaces. I don't know what kind of VLAN interfaces you want to achieve. The old-fashioned way is the switch hosting the DHCP servers. Refer to the FAQ 887.
- Copy Link
- Report Inappropriate Content
@Clive_A, I believe you my be correct with Windows Firewall being an issue, and furthermore I believe my WAN ISP was contributing to issues with IPv6 connections.
I'm in Australia, with two ISPs, primary WAN Pentanet Nexus (Fixed Wireless using IPv6) and secondary WAN Telstra Mobile Broadband. Pentanet Nexus is IPv6, and I must use their router (Bridgemode is not supported) and on Monday Telstra Mobile (running in IP passthrough) switched from IPv4 to IPv4v6. when Telstra switched to IPv4v6, I lost my internet. After investigation and disabling IPv6 on both WAN ports to resolve the issue.
Furthermore, I have switched my VLAN networks to VLAN (switch only) and configured DHCP server on switch, e.g
VLAN11, 192.168.11.0/24, Gateway 192.168.11.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Work Network) policy routed to WAN 2 for VPN passthrough.
VLAN22, 192.168.11.0/24, Gateway 192.168.22.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Future)
VLAN33, 192.168.11.0/24, Gateway 192.168.33.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Future)
VLAN44, 192.168.11.0/24, Gateway 192.168.44.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Future)
VLAN55, 192.168.11.0/24, Gateway 192.168.55.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Future)
VLAN66, 192.168.11.0/24, Gateway 192.168.66.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Future)
VLAN77, 192.168.11.0/24, Gateway 192.168.77.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (IoT, PLC Network) Isolated no internet.
VLAN88, 192.168.11.0/24, Gateway 192.168.88.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Security Camera Network) restricted access
VLAN99, 192.168.11.0/24, Gateway 192.168.99.3 (Switch Static Address), Pri DNS 1.1.1.1, Sec DNS 1.0.0.1 (Guest Network, WLAN Only) internet access only
I have no ACL's defined and removed all static routes on the gateway and switch.
From my work laptop on VLAN11, I can ping desktops, raspberry Pi, and printers on LAN (192.168.0.0/24) network.
Tracert works intermittently, can tracert to raspberry Pi and Printer, but not desktop computers. Confirm Switch was routing traffic
From Desktop (192.168.0.21) on LAN network, I can't ping or tracert to work laptop (192.168.11.00) on VLAN11. (this may be Windows Firewall related), I have two Raspberry Pi 5 being delivered this week so will test more and between VLAN's i.e. VLAN22 to VLAN11.
Originally I was running VLAN's as interfaces for two reasons, first for restricting DHCP range to 200-250, and Secondly for DHCP reservations (only supported for Networks).
I always assign static IP address to known devices by location on network, i.e. 192.168.0.20 through to 192.168.0.29 are all located in Office or by Individual for Wifi, i.e. 192.168.0.160 through to 192.168.0.169 are my personal devices (phone, ipad, laptop). the location/personal static assignment would follow VLAN's so my work laptop would be 192.168.11.164 for example.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 1015
Replies: 8