VLAN T1600G-28TS
VLAN T1600G-28TS
Hello,
I have created a VLAN 4 on the T1600G-28TS and assigned this VLAN to some ports. Two Laptops are connected to these ports but they can't communicate with each other. They even don't see the MAC addresses. What am I doing wrong?
Thank you in advance!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
On Port Config Tab what is the default PVID for those ports? try to change them to 4
- Copy Link
- Report Inappropriate Content
This is too few information, missing PVID.
TP-Link VLANs work as defined in the standard. The Primary VLAN ID (PVID) is the ID assigned to untagged Ethernet frames if the port they arrive on is an untagged member of VLAN 2, so the PVID of port 33 needs to be set to VLAN 2 to exchange data over any trunk. As for the trunk ports ensure their PVID is not VLAN 2 if they are tagged members of VLAN 2.
- Copy Link
- Report Inappropriate Content
On Port Config Tab what is the default PVID for those ports? try to change them to 4
- Copy Link
- Report Inappropriate Content
yes, with the default VLAN 4 it works, but if I assign other IP range (for example 10.10.10.0/24) on the computer - it works too.
I need to allow only the 192.162.102.0/24 network. Otherwise, VLAN makes no sense...
- Copy Link
- Report Inappropriate Content
Anahaym wrote
yes, with the default VLAN 4 it works, but if I assign other IP range (for example 10.10.10.0/24) on the computer - it works too.
I need to allow only the 192.162.102.0/24 network. Otherwise, VLAN makes no sense...
Not sure what you mean. A VLAN just isolates Ethernet traffic to certain ports from Ethernet traffic to other ports, which are not member of this VLAN. Of course it works with any subnet IP used in this virtual LAN if there are at least two devices communicating to each other using an IP from this subnet.
Also make sure that the VLAN 4 member ports are not members of any other VLAN (including the default/system VLAN 1).
- Copy Link
- Report Inappropriate Content
R1D2 wrote
Also make sure that the VLAN 4 member ports are not members of any other VLAN (including the default/system VLAN 1).
They weren't the members of any other VLAN including the system VLAN:
- Copy Link
- Report Inappropriate Content
I really don't understand how VLANs work on the TP-Link switches.
There is another example:
As you can see
- if I assign the VLAN 2 as tagged on the 30th port and the UniFi AP receives this trunk as well, then AP Clients gets an IP from DHCP in that VLAN and can see the Cisco router.
- If I assign the VLAN 2 as untagged on the 33 port then a Client doesn't get any IP. Even I set static IP the Client doesn't see the Cisco... Why? the port 33 belongs (Untagged) to the VLAN 2 only.
- Copy Link
- Report Inappropriate Content
This is too few information, missing PVID.
TP-Link VLANs work as defined in the standard. The Primary VLAN ID (PVID) is the ID assigned to untagged Ethernet frames if the port they arrive on is an untagged member of VLAN 2, so the PVID of port 33 needs to be set to VLAN 2 to exchange data over any trunk. As for the trunk ports ensure their PVID is not VLAN 2 if they are tagged members of VLAN 2.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
R1D2 wrote
This is too few information, missing PVID.
TP-Link VLANs work as defined in the standard.
Thank you! I have to read more about the VLANs because it isn't obviously for me...
For example, we have the HP switches in our branch - it doesn't have any PVID. I just create a VLAN and configure its membership in VLANs.
Another example, on Cisco I only configure "switchport access vlan 2". I have to read more...
I thought that PVID is used when no VLANs assigned to the port in VLAN Config Tab.
Thank you for your help! Now I can implement my schema.
- Copy Link
- Report Inappropriate Content
Anahaym wrote
I thought that PVID is used when no VLANs assigned to the port in VLAN Config Tab.
[Updated 02/2020 to include new settings in more modern firmware versions for TP-Link switches.]
No. According to the standard, any port of a managed switch must always be a member of at least one VLAN, let's call it "Port VLAN (PV)" (sometimes also called "Native VLAN" or "Primary VLAN"). The ID of the PV is the "Port VLAN ID (PVID)", which every switch assigns any port (wether you can see/change it in the UI or CLI is another question, but I bet on Cisco switches you can do so as well).
In other words: If you have only one VLAN, it's the one you usually call "LAN" and the "real" VLAN exists only in the switch. Often, switches use VLAN ID 1 as PVID for this so-called "default", "system" or "native" VLAN. All Ethernet frames come in untagged, get assigned VLAN ID 1 and leave any port as untagged frame again. This is the reason why in default settings of TP-Link switches all ports are members of VLAN 1 with PVID=1 and are marked "untagged".
Now for tagged ports: According to the standard, a port can be member of more than one VLAN. It still has the first VLAN as its Port VLAN, which will be used for untagged frames.¹
¹ Note that the standard does not differentiate between ports which are in one VLAN and ports which are in more than one VLAN. They all are just ports, they can be member of any VLAN, they can be set to tagged/untagged and they have a Port VLAN ID (PVID). In daily life ports are differentiated and are called "access port" (if untagged) or "trunk port" (if tagged).
The PVID also plays a role for tagged (trunk) ports: If untagged Ethernet frames arrive on a trunk port, they are assigned the PVID of this port. If Ethernet frames tagged with the PVID are being forwarded to a trunk port, they can either go out as tagged (unchanged) or untagged (because it's the Port or Native VLAN for this port) depending on the policy or setting of the switch.²
² Older TP-Link switches had three settings: ACCESS port (untagged), TRUNK (PVID retained on egress) and GENERAL (frames with VID = PVID either removed or retained on egress according to an Egress Rule). On newer switches such as the T1600G-28TS which do not differentiate between TRUNK and GENERAL, you just need to set the port's membership of the VLAN as a tagged member for the Port/Native VLAN (TRUNK behavior) or as an untagged member (GENERAL behavior). In other words, trunk ports allow for an Egress Rule without needing to set the port type to GENERAL.
Long story short:
In most of my networks I want only tagged traffic over trunk links, so I use the (elsewhere unused) VLAN 1 as the System (Default/Native) VLAN for untagged traffic and unused ports. But there are no devices connected to VLAN 1. It just exists in all of my switches to "drop" untagged traffic, which might be injected by someone plugging a computer to a trunk port of a switch (note that newer TP-Link firmwares allow to drop untagged traffic arriving on a trunk port using a setting "Accepted Frame Types").
- Trunk ports and unused ports thus are also members of VLAN 1 and always have their PVID set to 1.
- Access ports are members of one VLAN only (starting with VLAN ID 2), so their PVID is this VLAN's ID.
If you need VLAN 1 for a real subnet, then assign another VLAN ID to your System (Default/Native) VLAN, e.g. 100. Use this as PVID for trunk ports and for unused ports to absorb untagged traffic arriving on trunk ports.
- Copy Link
- Report Inappropriate Content
Thank you for the very good explanation. You said that the access point is only related to one vlan.
How do I have to configure the switch if a client pc should have access to two different vlans over one access port?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 5394
Replies: 11
Voters 0
No one has voted for it yet.