How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller
Companies usually restrict departments to visit each other for security reasons. Thus the company will divide the network into different VLANs to isolate the network devices in different departments. Each VLAN (Virtual Local Area Network) will be assigned to the different wired and wireless networks to meet these office needs. Omada SDN solution can help you easily complete the configuration for multi-VLANs and multi-SSIDs.
A company wants to provide two departments with wired and wireless networks, and the two departments are in different subnets. It is required that the two departments cannot access each other, but they can both access the internet. Take the following topology as an example.
Step 1. Create Network – Set VLAN Interface , VLAN, and DHCP Server
1) Go to Settings > Wired Networks > LAN Networks, and click +Create New LAN to create VLAN interfaces for the two departments.
Here we take LAN PE_Department as the configuration example, and the settings for RD_Department are similar.
2) Follow the steps above to create the LAN for RD_Department. Then, two LANs are created.
Step 2. Apply Profile to Switch Port
1) Go to Settings > Wired Networks > Profiles, and each network will automatically create a corresponding profile.
The automatically generated profile uses its own network as native network (PVID) and it is untagged.
2) Go to Settings > Wired Networks > Switch Settings, click of the switch to open the following sidebar.
3) Click of the port to which you want to apply the profile. Apply the profile PE_Department to port 3 and profile RD_Department to port 4.
1. Do not apply the profiles to ports with EAP connected. Otherwise, the wireless clients of the EAP will fail to connect to the internet.
2. Do not apply the profiles to the port with your PC (running the Omada Software Controller) connected. Otherwise, the software controller on the PC will fail to work properly.
Step 3. Create SSIDs
1) Go to Settings > Wireless Networks. Click +Create New Wireless Network. Specify the network name, band and password for the new SSID.
2) Click Advanced Settings, and set the VLAN ID as 200 for PE_Department. Click Apply.
3) Follow the steps above to create a SSID for RD_Department, and set the VLAN ID as 100 for RD_Department.
Step 4. ACL Settings
1) Go to Settings > Network Security > ACL > Switch ACL. Click +Create New Rule.
2) Specify the rule name, choose Deny as Policy, and select All for Protocols.
3) Then enable Bi-Directional to set a reverse rule. Choose Network-> PE_Department as source and Network -> RD_Department as destination.
4) Click ACL Binding, apply the rule to all switch ports. Click Apply.
Two rules will be created simultaneously.
Step 5. Verification
Wired network: A PC in RD_Department connects to the wired network and obtains IP address 192.168.100.234. A PC in PE_Department connects to the wired network and obtains IP address 192.168.200.145. They cannot ping each other, but they can access the internet.
Wireless network: The two PC connect to the wireless network of their department. They cannot ping each other, but they can access the internet.
¿Es útil esta pregunta frecuente?
Sus comentarios nos ayudan a mejorar este sitio.