Dude..... ACLs are a layer2 function. You need to use Layer3 (Firewall). Block the subnets and be done. This video just shows a lack of basic knowledge.
@@JasonsLabVideos yes... however, the second packets have a destination header to go to a different subnet, they go to the firewall for processing.... DERP
@@JasonsLabVideosI saw another video on UA-cam complaining about that integrated device. Avoid at all costs. You should have gotten separate Router, Switch and Controller. I think those Will do what you want.
From manual for the device: Interface: Create the network with a Layer 3 interface, which is required for inter-VLAN routing. VLAN: Create the network as a Layer 2 VLAN It is on page 55
@JasonsLabVideos have you updated the firmware to the latest version for the ER7212PC and rechecked to see if it is any better? I just updated my hardware and the Gateway ACL has LAN-LAN permit and blocking now.
Recently I updated the ER7212PC to version : 1.1.0 Build 20230803 Rel.83667 with controller version 5.8.31 and I am happy to inform you that the Gateway ACL is now containing LAN-LAN option. I tried this ACL and it seems to be doing the job. So Finally this router looks ready for deployement.
On my ER706w setup with the controller separate on my network I can setup the networks as needed. Not sure if you just meant the standalone hardware or tplink Omada full setup? Still thanks for making the video, always good to educate each other
100% they are !! They startup for 3 seconds then ramp down. BTW they are built like tanks and will last a very long time. Inside PSU"S are built VERY VERY well !!
You can’t vlan tag the ports on that router. I learned the hard way too with a customer install I did but luckily they only required a guest network over wifi so I was good. I usually just get the er7206 or the er707-m2 and use a switch to vlan tag the ports. Much neater when you have all your ports in the house going to a 24 port port switch. Aps, printers, cameras all in one place. Then vlan tag the ports as needed.
@JasonsLabVideos a new firmware has been released on 2024-01-15 . The description says it fixes some known security vulnerabilities. Can you test if the problem is still there?
The TPLink ER7212 is a layer 2 switch and a router, because of that you can´t deny communication trough the Vlans, for that you need a switch layer 3. It is not a problem of security, is a matter of kind of switch you are using.
It's specific to this router because TP-Link markets this as a Router, Controller, and Switch. However, the ACLs and other options that are normally available to a Omada Switch are not available here. So if you want the fully functionality of a traditional stack like a ER605 + Switch + AP, then this is not for you. If you just use WiFi then this could be for you since you can still create VLANs, ACLs, ect for APs.
I shall stick to my er605, sg2008p set up then. Thanks for the video! At least now i can block inter vlans via ACL as well as my IoT devices are on a separate vlan, and i have a acl to block these devices from accessing my internal network for security measures just in case they got hacked
I need a wireless controller and a newer router for a simple home network - I'll probably get this yoke as the sw omada seems to work well to facilitate fast roaming.
Należy ustawić Gateway ACL żeby router blokował ruch. Nie działało jakiś czas temu, ale już zostało poprawione. Na tym filmie masz pewnie jeszcze nieaktualny firmware.
I understand your complaint, but maybe this router is just not designed for that kind of task? I bought it just for a SOHO use without any guests and in this scenario it should be just right..... But once again it is good, that for users who might need a lan guest access, you presented what this router lacks!
@JasonsLabVideos Recently I updated the ER7212PC to version : 1.1.0 Build 20230803 Rel.83667 with controller version 5.8.31 and I am happy to inform you that the Gateway ACL is now containing LAN-LAN option. I tried this ACL and it seems to be doing the job. So Finally this router looks ready for deployement. Please give us a followup to this video
But I think you said you can block the wifi traffic from the hard wired lan traffic. Is that correct? Just don't provide a cable to the devices you don't want on your sensitive (accounting, HR systems) maybe.
The point was to have a so called device like a wired printer accessible from another wireless network BUT only by the printing port & block everything else !
Running tplink omada switches and APs and opnsense protectli For firewall/router. Been rock solid. I knew going into it the tplink routers sucked thats why i went opnsense.
Man my setup exactly like yours but I am not sure if I set it up right. I wish you were my neighbor so you can give it a look and see if it’s all good 😅
I have managed TP-Link switches with OPNsense as the router/firewall and it works great. I have a couple of older UniFi APs as well. I’m planning on getting some other switches to try in the future to meet my needs/wants.
@@JasonsLabVideos Yeah, I have my eyes on one of the Engenious switches. Also a cheaper brand managed 48 port switch with 10G SFP+ interfaces. TP-Link managed switches do work ok for budget home network usage, but I definitely would never use any of their routers as you have mentioned in your video.
Both my TP-Link mesh systems I've installed (one a few years ago and one just this past year) work great but I have had issues with other older TP-Link products such as WiFi extenders.
It all depends on how serious you want/need to go. Anyway, the issue was only on this specific device and even this was solved with a new firmware in short time. Generalising statements like "this is $hit" is just as dumb as saying any some brand as "super safe" (especially at TP-Link price points).
Dude..... ACLs are a layer2 function. You need to use Layer3 (Firewall). Block the subnets and be done. This video just shows a lack of basic knowledge.
The built in switch IS L2, DERP ! Try again.
@@JasonsLabVideos yes... however, the second packets have a destination header to go to a different subnet, they go to the firewall for processing.... DERP
Correct, but the features to block things properly is missing in this device. Its a switch & router & controller all in one! @@seantellsit1431
@@JasonsLabVideosI saw another video on UA-cam complaining about that integrated device. Avoid at all costs. You should have gotten separate Router, Switch and Controller. I think those Will do what you want.
The new firmware fixes the issue, I just haven't had time to do the video. @@jorgemtds
From manual for the device:
Interface: Create the network with a Layer 3 interface, which is required for inter-VLAN
routing.
VLAN: Create the network as a Layer 2 VLAN
It is on page 55
@JasonsLabVideos have you updated the firmware to the latest version for the ER7212PC and rechecked to see if it is any better? I just updated my hardware and the Gateway ACL has LAN-LAN permit and blocking now.
I did update it, and it works properly now :)
@@JasonsLabVideos Shouldnt you be pinning a comment or editing your description? Seems like clickbate at this point.
@@apresutt The original Firmware was POOH! The new one improved everything and the unit is rock solid !
Recently I updated the ER7212PC to version : 1.1.0 Build 20230803 Rel.83667 with controller version 5.8.31 and I am happy to inform you that the Gateway ACL is now containing LAN-LAN option.
I tried this ACL and it seems to be doing the job.
So Finally this router looks ready for deployement.
I'll be trying this very soon, thanks for letting me know sir !
On my ER706w setup with the controller separate on my network I can setup the networks as needed.
Not sure if you just meant the standalone hardware or tplink Omada full setup?
Still thanks for making the video, always good to educate each other
The Er7212 was what I’m referring to.. but new firmware was released so, we shall see
jason off topic, are any of those new grandstream switches silent like the ubiquti’s?
100% they are !! They startup for 3 seconds then ramp down. BTW they are built like tanks and will last a very long time. Inside PSU"S are built VERY VERY well !!
@@JasonsLabVideos rapid reply, thank you you’re the man
You can’t vlan tag the ports on that router. I learned the hard way too with a customer install I did but luckily they only required a guest network over wifi so I was good. I usually just get the er7206 or the er707-m2 and use a switch to vlan tag the ports. Much neater when you have all your ports in the house going to a 24 port port switch. Aps, printers, cameras all in one place. Then vlan tag the ports as needed.
The new update might fix this, i need to try it..
When it comes to routers these days, I'm in the "pfSense/OPNSense or bust" camp.
Great video BTW.
Me with HUAWEI WIFI AX3 No problem / And it have a Guest mode(^~^)
@JasonsLabVideos a new firmware has been released on 2024-01-15 . The description says it fixes some known security vulnerabilities. Can you test if the problem is still there?
I sure can, ill do that tonight, Thanks for letting me know about the new firmware !
@@JasonsLabVideos thanks! That would be great.
Hi Jason, Do you know if the controller in the device communicate well with Tp-link VIGI cameras and NVR?
I don't think so, but i'm not 100% sure.
@@JasonsLabVideos Thanks Jason
The TPLink ER7212 is a layer 2 switch and a router, because of that you can´t deny communication trough the Vlans, for that you need a switch layer 3. It is not a problem of security, is a matter of kind of switch you are using.
The newest firmware fixed the issue.
@@JasonsLabVideos What version is?
Is this problem only in the ER7212-PC or a general omada issue ?
It's specific to this router because TP-Link markets this as a Router, Controller, and Switch. However, the ACLs and other options that are normally available to a Omada Switch are not available here. So if you want the fully functionality of a traditional stack like a ER605 + Switch + AP, then this is not for you. If you just use WiFi then this could be for you since you can still create VLANs, ACLs, ect for APs.
@@SPXLabs I see. Its not a huge price difference. Since you mentioned it. What is the point of creating VLANs when you can not segregate them ?
@@Net-Extension Yeah the pricing is odd too. Beats the heck out of me.
@@SPXLabs Thanks for this video and reply
@@SPXLabs Thanks for this, was almost going to consider this as my mini network rack is full. I'm sticking to the ER605 + Switch + APs setup
I shall stick to my er605, sg2008p set up then. Thanks for the video!
At least now i can block inter vlans via ACL as well as my IoT devices are on a separate vlan, and i have a acl to block these devices from accessing my internal network for security measures just in case they got hacked
Yep, maybe one day they will fix it for now PASS on Tp-link.
Do you have a.dedicated controller?
@@MrDuka25 yes i do
It's built into the ER7212.@@MrDuka25
Are you taking a pass on tplink in general or a pass on the er7212pc (which appears to be a one off device with specific limits)?
Is this issue fixed after all those Firmware updates ??
Yup sure are
I need a wireless controller and a newer router for a simple home network - I'll probably get this yoke as the sw omada seems to work well to facilitate fast roaming.
The er7212 with a few WAP's will be perfect. I have about 28 of them out in the filed and all rock sold and working with VPN.
Należy ustawić Gateway ACL żeby router blokował ruch. Nie działało jakiś czas temu, ale już zostało poprawione. Na tym filmie masz pewnie jeszcze nieaktualny firmware.
I understand your complaint, but maybe this router is just not designed for that kind of task? I bought it just for a SOHO use without any guests and in this scenario it should be just right.....
But once again it is good, that for users who might need a lan guest access, you presented what this router lacks!
Does the issue happen only when using this specific device? What if I use a dedicated tplink router and a dedicated switch?
ON this device yes,
That's wild, defeats the entire purpose VLANs!
Yup, so no security LOL ! Pretty dumb right ?
A courageous video Jason - Great 🙂
Thanks sir !
@@JasonsLabVideos You are very welcome.
@JasonsLabVideos
Recently I updated the ER7212PC to version : 1.1.0 Build 20230803 Rel.83667 with controller version 5.8.31 and I am happy to inform you that the Gateway ACL is now containing LAN-LAN option.
I tried this ACL and it seems to be doing the job.
So Finally this router looks ready for deployement.
Please give us a followup to this video
Piles of steaming doodoo
its a good thing i saw this video as i was considering putting up one... went for another brand instead
Grandstream ? IMO tey fixed the main issue in the new firmware, I have applied it to all 18 units i manage and all is now good.
But I think you said you can block the wifi traffic from the hard wired lan traffic. Is that correct? Just don't provide a cable to the devices you don't want on your sensitive (accounting, HR systems) maybe.
The point was to have a so called device like a wired printer accessible from another wireless network BUT only by the printing port & block everything else !
Ok. Since there crap for you. would you donete theme to mjeear in Jamaica. I'd like to use them for a school set up
Sure give me $500 for shipping.
Running tplink omada switches and APs and opnsense protectli For firewall/router. Been rock solid. I knew going into it the tplink routers sucked thats why i went opnsense.
Man my setup exactly like yours but I am not sure if I set it up right. I wish you were my neighbor so you can give it a look and see if it’s all good 😅
Yup, that will work well. Their ap's are decent & switches not sure. BUT this ER7212 & other firewalls = garbage..
I have managed TP-Link switches with OPNsense as the router/firewall and it works great. I have a couple of older UniFi APs as well. I’m planning on getting some other switches to try in the future to meet my needs/wants.
Try Alta Labs or Grandstream stuff. Ditch the Tp-link.@@homenetworkguy
@@JasonsLabVideos Yeah, I have my eyes on one of the Engenious switches. Also a cheaper brand managed 48 port switch with 10G SFP+ interfaces. TP-Link managed switches do work ok for budget home network usage, but I definitely would never use any of their routers as you have mentioned in your video.
Great video. If you run a tplink 605 by itself without Omada it works. Omada is the problem here for sure. Let's do a collab!
Works fine on a 605 with Omada too.
I like the logo.
Both my TP-Link mesh systems I've installed (one a few years ago and one just this past year) work great but I have had issues with other older TP-Link products such as WiFi extenders.
to be fair, wifi extenders as a whole are a lotto bet. I avoid them unless I have zero other choice
I see you have1.0.3 on the router, I do have LAN->LAN on ER7212 with v1.1.1
I'm going to be doing a new video after i get 1.1.1 downloaded and tested ! Crossing fingers they fixed this !
Thank you for sharing !!!
i found if you want to do anything serious, then TP-link isn't the best
It all depends on how serious you want/need to go. Anyway, the issue was only on this specific device and even this was solved with a new firmware in short time.
Generalising statements like "this is $hit" is just as dumb as saying any some brand as "super safe" (especially at TP-Link price points).
Do you know if this security issue has been fixed?
It's still not fixed ! Tried it last week actually.
@@JasonsLabVideos Wow I wonder if they are atleast aware of the issue?
ua-cam.com/video/piRKAKj1AxQ/v-deo.html
@@ericyost5287 This has been fixed :)
@@JasonsLabVideos nice. When was it fixed?
FACTS!
Their switches and APs are awesome. Routers not so much
.... u get paid? ... L3...
What ?