Home

Forums

Stories

Knowledge Base

Business Community > WiFi > TP-Link VLANS - Complete Stack

< WiFi

TP-Link VLANS - Complete Stack

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TP-Link VLANS - Complete Stack

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

BlackOak

2019-04-30 21:27:25

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2019-04-30

TP-Link VLANS - Complete Stack

2019-04-30 21:27:25

Model: EAP225

Hardware Version: V7

Firmware Version:

So we have the whole stack:

EAP225 x 3 - Access Points
OC200 - Cloud Controller
TL- SG1016PE - Smart Switch
TL-ER6020 - VPN Router

I got the OC200 connected (works awesome), and have set up three SSIDs with these intents:

LAN (access to anything, including S2S connections. WPA2/PKI; VLAN 1)
BYOD (access to Internet and PRINT. WPA2/PKI; VLAN 2)
PRINT (access to nothing. WPA2; VLAN 3)
GUEST (access to Internet. Captive Portal)

The three APs are plugged into ports 1-3 of the POE Switch and the OC200 is port 4. 16 is the uplink to the VPN Router.

On the VPN Router, Port 3 is LAN and Port 1 is WAN. Internet connectivity is confirmed on port 4.

On the switch, the switch is in 802.1q mode, and ports 1-4 are assigned to (as tagged) all four VLANs.

This is where I get a little confused. I cannot get an IP from any of the wireless networks (although I can connect). Could someone point me in the right direction for the next steps to configure this? I'm pretty sure I'm just not done yet. All help is appreciated!

1 Reply

Tobacco

LV3

2019-05-03 12:32:42 - last edited 2019-05-03 12:33:10

Posts: 291

Helpful: 5

Solutions: 0

Stories: 0

Registered: 2018-08-28

Re:TP-Link VLANS - Complete Stack

2019-05-03 12:32:42 - last edited 2019-05-03 12:33:10

well, I understand your goal.

But sorry to tell you, it cannot be achieved by the devices you have.

I will try to explain it as easy understanding as possible,

1. What you want is a Layer 3 VLAN routing topology. Usually, there must be a L3 gateway or L3 switch in the core, which is capable to have VLAN interfaces in order to do the inter-VLAN routing.

For example,

Cisco Router:

VLAN interface-A: VLAN=1, interface IP address=192.168.1.1/24, DHCP pool=192.168.1.0/24.

VLAN interface-B: VLAN=2, interface IP address=192.168.2.1/24, DHCP pool=192.168.2.0/24.

VLAN interface-C: VLAN=2, interface IP address=192.168.3.1/24, DHCP pool=192.168.3.0/24.

And then you can connect it to the L2 switch 1016PE, and then to the EAP with multiSSID-VLAN-bind configured.

2. Now, the ER6020 cannot support VLAN interface, nor inter-VLAN-routing. What it supports is only "pure L2 VLAN division".

Simply speaking, your goal cannot be achieved, where you want all different guests to be isolated into different VLANs but at the same time they should access internet.

Note: TP-Link routers cannot support VLAN routing. Only L2+ Switches like T1600G series and above series can support, but this is out of this topic.

3. However, don't be frustrated, if all you want is just to separate the clients from different SSIDs, there is a more simple way to do it.

3.1 Just delete all the VLANs on the 6020 and switch, (you can reset them into factory default if you don't remember the default Vlan settings).

3.2 Delete the Vlan-binding settings on all SSIDs.

3.3 upgrade the OC200 to V3.1.x via cloud.

3.4 Now, open SSID settings menu, you will see there is an option "enable Guest Network", just enable it. Then all clients on this SSID cannot access your local LAN.

TP-Link VLANS - Complete Stack

TP-Link VLANS - Complete Stack

Information

Voters 0

Tags