jorgemarmo
Occasional Visitor
Hi, I'm (slowly) setting up my home network,
I got full omada system:
-OC220 controller
- ER605 gateway/router
- 24p switch non PoE SG3428
- 24p switch PoE SG2428LP
- 3x WAP EAP650-desktop
ant I set up some VLANs
- Guest //w/ associated SSID
- IoT //w/ associated SSID
- Home //w/ associated SSID
- Cameras (cams and NVR)
- Management (default)
the thing is that for the moment my segmentation is worth nothing... since all inter VLAN communication is allowed,
I saw I could "fix" this with ACLs, but, been a newbie, I have some questions.
1) imagine that I block all inter-VLAN communication, still, all devices should be able to reach the router (for DHCP and WAN) cuz it exists on each VLAN, right?
2) should I use a Gateway ACL OR Switch ACL? I guess the latter, since is a LAN-LAN rule (not a WAN-LAN)
3) this might be very newbie question, but: reading some stuff I got the impression that I could block anything originating from Cameras VLAN, but still I could access that VLAN from Home VLAN... is this possible? I thought that either you block or you allowed, regardless of from where the communication "started"
4) depending on previous question, how can I add some security to Cameras VLAN, still being able to access them from Home VLAN / same as for IoT and Home (most of my IoT devices are local AND internet controllable / in the future they should all be local and controllable by HomeAssistant....)
5) on the Omada controller when in Gateway ACL, every network type appears 2 times, for instance "Network" and "! Network", what is this?
6) what are "IP Group" and "IP-port group"?
Thank you!
I got full omada system:
-OC220 controller
- ER605 gateway/router
- 24p switch non PoE SG3428
- 24p switch PoE SG2428LP
- 3x WAP EAP650-desktop
ant I set up some VLANs
- Guest //w/ associated SSID
- IoT //w/ associated SSID
- Home //w/ associated SSID
- Cameras (cams and NVR)
- Management (default)
the thing is that for the moment my segmentation is worth nothing... since all inter VLAN communication is allowed,
I saw I could "fix" this with ACLs, but, been a newbie, I have some questions.
1) imagine that I block all inter-VLAN communication, still, all devices should be able to reach the router (for DHCP and WAN) cuz it exists on each VLAN, right?
2) should I use a Gateway ACL OR Switch ACL? I guess the latter, since is a LAN-LAN rule (not a WAN-LAN)
3) this might be very newbie question, but: reading some stuff I got the impression that I could block anything originating from Cameras VLAN, but still I could access that VLAN from Home VLAN... is this possible? I thought that either you block or you allowed, regardless of from where the communication "started"
4) depending on previous question, how can I add some security to Cameras VLAN, still being able to access them from Home VLAN / same as for IoT and Home (most of my IoT devices are local AND internet controllable / in the future they should all be local and controllable by HomeAssistant....)
5) on the Omada controller when in Gateway ACL, every network type appears 2 times, for instance "Network" and "! Network", what is this?
6) what are "IP Group" and "IP-port group"?
Thank you!
