TPLINK Omada - Switch network assignment on FWP
I'll ask this of the Firewalla community because of the apparent common usage of TPLINK Omada kit. In short, what determines which Firewalla network the switches themselves are assigned to?
I've spent several weeks teaching myself all about VLANs, I've learned the hard way (the best way!) but I now have a working set up here at home, and I believe that I know why it's working :D The last gap in my knowledge is that I cannot figure out what determines which network on my FWP the switches themselves are assigned to. I'll try and summarise my setup
I have an FWP that has 5 networks defined. 4 are VLANs: Personal- 10, Guest - 20, Things - 30, Work - 40, and a plain LAN which I regard as the Management LAN (seems to be the common term for the network that the APs, switches etc are on)
The FWP is plugged into a TPLINK TL-SG108PE switch (8 port, managed, VLAN aware). In the switch VLAN '2' is used to refer to the Management LAN. So the switch is setup like so:
1. Port 1 - An Omada OC200. Untagged as VLAN 2
2. Port 2 - EAP Access Point. Tagged with 10, 20, 30, 40. Untagged as 2.
3. Port 5 - FWP. Tagged with 10, 20, 30, 40. Untagged as 2.
I also have 2 satellite switches (TL-SG105PE) that are connected to EAPs with very simple setups because they only carry CCTV cameras. On those switches the camera ports are untagged for VLAN 30 (Things) and the port that the EAP is connected to is tagged for VLAN 30 (Things).
Everything works fine (all devices are assigned to the expected network and all rules work ok) with exception of the switch IP/network assignments which appears to be random. Sometime it can be the Management LAN, sometimes the Work VLAN etc. Typically it's mixed up so one switch is assigned to 'Work' and another to 'Personal'. It seems that they're assigned to the network that 'got their first'. The problem affects all switches: Not just the main switch.
I can't see anything in the FWP or switch configs that relates to this. I understand how devices that are plugged into a switch get assigned to a network, but what about the switches themselves?
-
So that depends on what you do. ;)
Let's use my network as an example. A simplistic view of my network is:
FWG > unifi 16 port switch > 4 APs.The connection from FWG > Switch is a trunk port allowing several vlans to communicate over the LAG between them.
When I first set things up, I just let the switch and APs work on the default VLAN. After a time, I decided to move the switch and APs to a management VLAN.
If I recall, I did a couple of things:- Configured a new management VLAN on Firewalla.
- Adjusted the trunk port to allow the Management VLAN to be included.
- I told the switch and APs that the management VLAN was a specific number.
- I gave the switch and APs reserved IP addresses in the IP range of the management VLAN.
Now those devices happy work on the management VLAN and I can control which devices have access to the management layer.
-
Hi Michael,
Thanks for your response :D I managed to get back to looking at this yesterday and got the switches to repeatedly (after multiple hard boots of the main switch and FWP) associate themselves with the management LAN by setting static management IPs on the switches themselves. I assume that the FWP associates a device with the FWP network with the subnet of the requested static IP. Not sure what would if a device was on a tagged VLAN and had a static IP for a different VLAN. Anyway it's working for now!
Robby
Please sign in to leave a comment.
Comments
2 comments