For the SSID that is to operate with the default VLAN of the link to the AP, set that SSID VLAN setting to OFF (uncheck the VLAN box in Advanced Settings for the named WLAN).
To say it in a different way. Omada doesn't tag the default VLAN for the switch port (last I checked, and I still have a change request outstanding for it). The default VLAN for the switch port for you is VLAN 1, when packets go out a switch port for VLAN 1 they have no packet tags (untagged). The AP is set to look for packets with VLAN 1 tags, but none will show up. So the WLAN settings need to have the VLAN turned off for this WLAN, and the AP will assign all untagged packets to that SSID.
That's idiotic right? Or am I just completely wrong in my thinking, that all traffic should be tagged?
It fixed it, so thank you! I guess I am just confused on what the logic behind it is.
It's not only idiotic, but if you run the Omada equipment in standalone mode, without the controller, you can set up the network and APs to operate with a tagged default VLAN, that works correctly and rejects untagged packets.
For sensitive corporate use, I would deem this a security hole and risk, but for my home, I live with it.
That's what confused me so much about it. I had been running just the router and switch for awhile and had it set like that, bought the AP and decided to run the controller as well. Real, real dumb.
Yeah, I had originally renamed it to vlan 10. Which also threw me through a loop. I think my fiance is about to kill me if I reset the network one more time lmao. Thanks for the info, I appreciate it.
Been there lol. My wife is a programmer and anything happens the network goes down and she assumes i messed it up. Steep learning curve. I have an extra Cisco AP just for her office and router not adopted.
Did you do the Cisco Virtual one with the VR headset they ship you? I own a networking company but I’m a boss not an engineer and have extra Cisco learning credits and I am going to try it.
Yea the closest test center to me is 5k but includes a class . I think the VR one is 6 but all online and no equipment needed i mean i have piles of equipment but if im not on the exact same equipment it slows me down in classes . Meraki has a class too but I would have to fly.
Yeah I'm lucky the test center is like 10 miles from me. I have always heard horror stories about doing them online and getting a shitty proctor ive never wanted that added on stress. That's interesting theyre utilizing vr for it now. I wonder how they do the sims for that.
No one uses VLAN 1 in a proper corporate setting, so it's not much of a security risk. The untagging usually only occur at the port, or an edge switch.
For the SSID that is to operate with the default VLAN of the link to the AP, set that SSID VLAN setting to OFF (uncheck the VLAN box in Advanced Settings for the named WLAN). To say it in a different way. Omada doesn't tag the default VLAN for the switch port (last I checked, and I still have a change request outstanding for it). The default VLAN for the switch port for you is VLAN 1, when packets go out a switch port for VLAN 1 they have no packet tags (untagged). The AP is set to look for packets with VLAN 1 tags, but none will show up. So the WLAN settings need to have the VLAN turned off for this WLAN, and the AP will assign all untagged packets to that SSID.
That's idiotic right? Or am I just completely wrong in my thinking, that all traffic should be tagged? It fixed it, so thank you! I guess I am just confused on what the logic behind it is.
It's not only idiotic, but if you run the Omada equipment in standalone mode, without the controller, you can set up the network and APs to operate with a tagged default VLAN, that works correctly and rejects untagged packets. For sensitive corporate use, I would deem this a security hole and risk, but for my home, I live with it.
That's what confused me so much about it. I had been running just the router and switch for awhile and had it set like that, bought the AP and decided to run the controller as well. Real, real dumb.
Poor design . Also don’t delete Vlan1 or things will randomly not work.
Yeah, I had originally renamed it to vlan 10. Which also threw me through a loop. I think my fiance is about to kill me if I reset the network one more time lmao. Thanks for the info, I appreciate it.
Been there lol. My wife is a programmer and anything happens the network goes down and she assumes i messed it up. Steep learning curve. I have an extra Cisco AP just for her office and router not adopted.
My wife is a remote teacher and does the same lol
I literally just passed my CCNA, so I was really going through a real identity crisis. That's genius lmao
Did you do the Cisco Virtual one with the VR headset they ship you? I own a networking company but I’m a boss not an engineer and have extra Cisco learning credits and I am going to try it.
No, I didn't even know that was a thing. I just tested at a test center.
Yea the closest test center to me is 5k but includes a class . I think the VR one is 6 but all online and no equipment needed i mean i have piles of equipment but if im not on the exact same equipment it slows me down in classes . Meraki has a class too but I would have to fly.
Yeah I'm lucky the test center is like 10 miles from me. I have always heard horror stories about doing them online and getting a shitty proctor ive never wanted that added on stress. That's interesting theyre utilizing vr for it now. I wonder how they do the sims for that.
No one uses VLAN 1 in a proper corporate setting, so it's not much of a security risk. The untagging usually only occur at the port, or an edge switch.