You can create multi networks on the Omada Gateway and manage the access between networks via the Access Control Lists (ACL).

This article will share how to use these features. We focus on how to realize the settings on the Omada Gateway, refer to the simple network topology shown below, there are two departments connected to an Omada Gateway with unmanaged switches, the computers need access to the Internet, but not to the computers in different departments.

If you are using a managed switch supporting the VLAN feature, you can change the VLAN settings of the Omada Gateway and switch according to your network topology.

1. Create multi networks

Log in to the Omada Gateway page, go to Network – LAN, click Add button to create a new network, and fill in the configuration according to your network. Here we set the IP address/subnet mask as 192.168.1.1/255.255.255.0, assign VLAN 10 to the network, and enable the DHCP server.

After saving, the network settings on the Omada Gateway are shown below.

2. Change the VLAN settings

Go to Network – VLAN to change the VLAN settings.

Normally, after creating a new network, all LAN ports of Omada Gateway will remain UNTAG in the default network and will be automatically added to the TAG VLAN of the new network. You can change the VLAN settings of the LAN ports according to your network topology.

Here, since we are using an unmanaged switch, we need to change the Marketing LAN port (Port 5 in the figure below) to UNTAG VLAN 10 and set the PVID to VLAN 10.

At this point, we have finished setting up the networks. Connect all the network nodes, the computers will obtain IP addresses from its network and have access to the Internet, as well as to the computers in different departments.

3. Create ACL to block communication between networks

To block access between computers in different departments, ACL is introduced to manage the network behavior. Go to Firewall – Access Control, and click the Add button to create two new ACL entries. One strategy involves prohibiting the R&D department from accessing the marketing department, while the other involves preventing the marketing department from accessing the R&D department. Follow the settings shown below; Note that the "LAN -> LAN" interface signifies an inter-network traffic ACL entry. Finally, those two departments will be unable to communicate with each other.

The first rule is to prevent the marketing department from accessing the R&D department.

The second rule is to prevent the R&D department from accessing the Marketing department.

Related Video:

Omada SDN Video-How to configure Multi-Networks & Multi-SSIDs?