Hi @Mikett 

Do you have any chance to test MAC Filtering?

The switch can configure Port Security and you can use CLI to configure it. Features not listed in the Omada Controller can still be accessed by CLI.

Try that out? The router is not gonna do much of the filtering as you cascade the switch. Basic hierarchy of the network. So try to configure that on the switch.

Hi @Mikett 

Thanks for posting in our business forum.

Mikett wrote

  @Clive_A 

 

When I go to the MAC Filtering page you described, this appears to want me to create an allow list or deny list for the entire network, not a port by port basis.

 

Can you provide more instructions on how to accomplish this through the command line interface? This really should be something that is configurable through the Omada Controller for the switches. You can create MAC lists for the access points and it works perfectly, but this does not stop someone from plugging into a switch port.

 

Please provide instructions for the CLI interface, and please see what you can do about getting this feature added for the wired clients just like you already have for the wireless clients.

The feature is called Port Security. You can look it up in the switch CLI guide and use the commands. That is the only feature that can do a MAC based authentication. The router does not support it.

https://static.tp-link.com/2020/202011/20201103/1910012904_T16_T26_CLI.pdf

Hi @Mikett

Mikett wrote

  @Clive_A 

 

So basically I have to find a cable to plug into the switch, then enable the command line interface, then I have to figure out the correct syntax for the command I need to enter the configure the port security. This is majorly inconvenient and not user friendly at all.

 

I get this is not a router feature. I am talking about port security on the switches at a minimum. If the switches have not been adopted into the Omada Controller, then the web interface for the switch that is accessible makes port security settings very simple. The fact that adopting the switch into the Omada Controller locks out the switch and FORCES us to use this very unfriendly and inconvenient command line interface in order to configure very BASIC features is unacceptable.

 

Again I ask, when is this going to be resolved and added to the Omada Controller as a Switch configuration option? Currently this only exists for wireless clients.

Port Security has been there for years. And the Omada has been 5 years old. This feature was never added.

This MAC-based auth is switch-based. If you really need authentication, other types would work as well.

But if you need core devices to be authenticated by MAC, setting up the CLI one time is easy. You can also create the template from the controller. Controller mode can access the CLI easily in Tools.

No. There is not gonna be a quick solution for this. I submitted this request years ago, unfortunately, but as stated, certain features not available in Controller mode can be still accessed and configured via CLI, it doesn't seem to fit the overall goal of the Omada Controller. You can return the product if it does not meet your expectation.

Hi @Mikett 

Thanks for posting in our business forum.

Mikett wrote

  @Clive_A 

 

I appreciate your time. If you could do me the favor of resubmitting the request again, seeing as you submitted it years ago maybe they will revisit it. As far as being able to configure switch port settings not fitting the overall goal of the Omada Controller, then I am not sure what the goal of the Omada Controller is exactly. I thought the goal of the Omada Controller was to have a centralized network management controller instead of having to go to each device and manually configure them via the web portal of each device.

 

I will look further into getting into the CLI. I guess I'll have to find a cable and figure out where to plug it in. I never had to do that before. Thanks. I just figured something as simple as this would already be a feature much like Unifi already has.

Will do.

Port Security is a great feature, TBH. I submitted it during the work but I found this option nowhere in the controller.

I do hope they can revisit and place this in the request pool.