TL-SG108E Multiple VLAN help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-SG108E Multiple VLAN help

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-SG108E Multiple VLAN help
TL-SG108E Multiple VLAN help
2018-03-13 06:22:20
Model :

Hardware Version :

Firmware Version :

ISP :

Hello, my name is Tomberg.

I'm currently developing a prototype box that uses the TL-SG108E switch, that is a little hard to explain, I'll start with what each port has:

1 = gateway router for internet connection
2 = other switch for users
3 = ADMIN port
4 = Pi1 (Virtual Router)
5 = Pi2
6 = Pi3
7 = Pi4
8 = Pi5

So I have Port 1, connecting to Port 4. I call that Vlan101. In working order, it gives my virtual router access to the internet, and allows distribution to my semi-DMZ areas. This having IP Addresss 192.168.0.3

Then I have Port 4, connecting to Ports 2,5-8. This giving the Pi's, and the user's supplied, and semi-controlled internet under new IP Address 10.0.3.1/26

Then I need Port 3 and 4 to connect for a secure ADMIN Port for my vRouter, and its privatized web server.

I have tried setting:

VLAN101 = 1,4
VLAN102 = 2,4-8
VLAN103 = 3,4

But I've gotten no use, and I feel I'm not getting the hang of this. I can set PVID to certain ports, but how do I set multiple VLANS on the same port? I kind of need it for that Port 4. If anyone has a working setting for this switch to allow this, I would appreciate it. This has kept me up for the past few nights.
  0      
  0      
#1
Options
5 Reply
Re:TL-SG108E Multiple VLAN help
2018-03-14 04:46:56

Tomberg wrote


I have tried setting:

VLAN101 = 1,4
VLAN102 = 2,4-8
VLAN103 = 3,4

But I've gotten no use, and I feel I'm not getting the hang of this. I can set PVID to certain ports, but how do I set multiple VLANS on the same port?


You already have it: port 4 is a member of all VLANs 101, 102 and 103, therefore making it a trunk port. The virtual router needs to have a trunk port, too, or in other words: it must be capable of processing tagged Ethernet frames. For most Linux/UNIX systems this is no problem: just create a VLAN-enabled interface to connect the router with the switch's trunk port.

Also make sure you use latest firmware of early 2018, which lets you remove ports 1-3 and 5-8 from the Default_VLAN 1. Only port 4 should be member of VLAN 1 and this only to be able to assign it a PVID of 1, so effectively dropping untagged frames arriving over the trunk port. See this thread for an explanation.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:TL-SG108E Multiple VLAN help
2018-03-14 05:56:04
Thanks! So I've been working on this all day. I started fresh on all my Pi's. I have my vRouter Pi setup on the Vlans (102, and 103), and I have it assigning proper dhcp now., along with static IP's for all Pi Servers.

I'm working on my IPTables to be able to transfer the basic ports for everything on DMZ, to the Outer net. I have a lot of services running though, and really I don't even know how much the Pi's can handle.

I'll look into the firmware upgrade after I clone my OS's. I did notice the whole PVID 1 problem, but I will try to set it to Port 4 only.

Would that affect my access to the switch? I've been locked out of it before.
  0  
  0  
#3
Options
Re:TL-SG108E Multiple VLAN help
2018-03-14 17:20:40

Tomberg wrote


Would that affect my access to the switch? I've been locked out of it before.


Not if you use static IPs on your laptop. If using different DHCP server for different VLANs, then yes, it could lock out your laptop from the switch.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:TL-SG108E Multiple VLAN help
2018-03-15 12:19:34
So... I think I got it. I have vlan 101,102,103, and 104
101 connects port 1 to port 4 (Internet to linux vRouter)
102 connects port 4 to ports 5-8 (vRouter to DMZ Servers)
103 connects port 4 to port 2 (vRouter to Users port [up to 60~ish users but probably limit to 25])
104 connects port 4 to port 3 (vRouter to Admin port)

I am happy to say that I have my Vlans, iptables, and dhcp all set up enough to be able to ping all Vlan connected devices outside to the network on port 1.

I'm pretty set with my tp-link switch settings now, thank you. The rest of my work involves getting this iptables complete.
  0  
  0  
#5
Options
Re:TL-SG108E Multiple VLAN help
2018-03-15 21:15:00
Glad it works. Have fun with the switch (and iptables setup)! :cool:
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#6
Options