Inter-vlan routing always on with TL-R605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Inter-vlan routing always on with TL-R605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
15 Reply
Re:Inter-vlan routing always on with TL-R605
2021-02-26 02:58:52 - last edited 2021-02-26 02:59:37

deny all protocols, source: network interface for VLAN 30 to destination: other network interfaces/VLANS" - This is at the bottom of the ACL stack. With only this enabled I can't ping/connect to HA on anything other than VLAN 30

 

Why are you using a deny here?

  0  
  0  
#12
Options
Re:Inter-vlan routing always on with TL-R605
2021-02-26 03:16:26

@ScottB.ca

 

VLAN 30 is for IoT devices that I want to prevent from accessing the rest of the network, and from accessing the internet.  I could not get VLAN routing working such that my IoT devices could talk to the HA server while on VLAN 10, so I moved the HA server to VLAN 30 while I continued troubleshooting.   

  0  
  0  
#13
Options
Re:Inter-vlan routing always on with TL-R605
2021-04-16 10:50:40 - last edited 2021-04-16 10:53:18

Hello @Fae , do you perhaps have an ETA of when the ACL between VLANs/LANs  feature will be available? thanks

  0  
  0  
#14
Options
Re:Inter-vlan routing always on with TL-R605
2021-04-23 02:34:01

Dear @Jars,

 

Jars wrote

do you perhaps have an ETA of when the ACL between VLANs/LANs  feature will be available? thanks

 

As I know, it will be developed after controller v4.3, might be available on controller v5 (sorry that I'm not for sure).

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#15
Options
Re:Inter-vlan routing always on with TL-R605
2021-09-29 18:02:26 - last edited 2021-09-29 20:27:08

To block all inter-vlan traffic on R605 create a phantom vlan, tag it to any LAN port of the router and add an ACL rule to block all service type of traffic, choosing that phantom vlan with the exclamation mark at the beginning as both Source and Destination network.

Here is the thread where I explained it.

 

If you only have a few vlans, you can try without creating a phantom vlan but you will have to add multiple rules:

blocking vlanX to !vlanX

blocking vlanY to !vlanY

etc.

The ACL rules are not bidirectional. You have to add them for each vlan for both directions if you don't want to do the phantom vlan work-around.

  0  
  0  
#16
Options