TL-SG108PE - System IP Setting and VLAN
TL-SG108PE - System IP Setting and VLAN
Hi, I've happily configured my switch with several VLANs. Some ports are set as client to connet devices on their own VLAN: DHCP works as expected. Other ports ad left tagged, trunk ports, where I attach other things (like a wifi ap which supports tagged vlan): DCHP works as expected.
What I don't understand is how to configure the switch itself VLAN. I'd like it to be on a VLAN of my choice, but it seems like it choses the VLAN he likes. I'm not sure what logic is behind that. If I look at the switch settings (System > IP Setting) I can only set DHCP enabled/disabled and then the IP with subnet mask and gateway, but no VLAN setting. How am i supposed to choose which VLAN to use with the switch itself?
Let me know if I make myself clear. Thank you.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Bongo,
Bongo wrote
Thanks for the detailed reply, I have read some of your other posts in the this forum, and you are a real asset to the forum.
thanks for the compliment, but so are you, too; read on. ;-)
Since you have an ER-X and the EP-R6 (which is essentially an outdoor version of the ER-X SFP), you can try this on either one, since they are both based on the MediaTek MT7621A SoC, which has a 32bit MIPS CPU and a dedicated portion that is an switch chip. I use fw v1.10.10 because v2.0.6 has problems on the MediaTek SoC based routers.
The post at »Kazoo It« was the missing link I searched the UBNT forum many times w/o finding the definitive answer. You're right, the switch is indeed a HW switch. Could have seen this in the Config Tree by the separate sections for the individual Ethernet ports and the switch SoC, what made me scratch my head why Vyatta OS does it this way. :-)
Thanks very much for the link to the blog post at »Kazoo It«, it's really very helpful!
So, it's indeed possible to set the PVID independently from VLAN membership of the ports and a user's claim in their forum that setting a PVID would make the switch port an access port is wrong, isn't it? But still an user says so (see here). Anyway, I consider to go with OpenWRT on the EP-R6 for use as the gateway for Pharos and Omada Outdoor APs with Multi-SSID setups. I currently use the EP-R6 as a plain switch connected to a gateway router running an OpenWRT-based hotspot portal and I would like to have this functionality in only one device.
I also still use v1.10.10 b/c of the problems of v2.0.6 with the MediaTek SoC. My setups are WAN1/WAN2 ↔ LAN using three IPs for the ER-X and one VLAN-aware LAN only for the EP-R6 using one IP for mgmt assigned to switch0.2. This outdoor switch feeds a Pharos CPE510 and an EAP225-Outdoor. Former setup on the ER-X will be changed soon to a WAN ↔ LAN setup with five public IPs and five VLANs over a trunk. Good to know that packet switching throughput is limited to 500 Mbps full-duplex (1 Gbps total) between WAN and LAN. That's still good enough for my use case in a standard WAN/LAN setup, but definitely could be improved by UBNT for the ER-X if possible technically.
Probably that's a simliar product policy like TP-Link's policy for Easy Smart and Smart switches.
- Copy Link
- Report Inappropriate Content
R1D2 wrote
So, it's indeed possible to set the PVID independently from VLAN membership of the ports and a user's claim in their forum that setting a PVID would make the switch port an access port is wrong, isn't it? But still an user says so (see here). Anyway, I consider to go with OpenWRT on the EP-R6 for use as the gateway for Pharos and Omada Outdoor APs with Multi-SSID setups. I currently use the EP-R6 as a plain switch connected to a gateway router running an OpenWRT-based hotspot portal and I would like to have this functionality in only one device.
Hello @R1D2
the ER-X has two modes for the switch, the default it non vlan-aware, and it behaves like a 6 port unmanaged switch with one "port" in the SoC and the other 5 ports connected to the RJ45 ports. And the switch when not in vlan-aware mode will pass ethernet frames without modifying the contents. So you can define "linux" style vlan subinterfaces on the "switch0" virtual interface, and all those will apply tags (but the tags are applied by the linux kernel, not the switch). The main switch0 interface can have an ip address applied, and the frames sent from this interface will not be tagged, i.e. they are standard ethernet frames.
When switch0 is placed in vlan-aware mode, it changes the behavior. When vif vlan subinterfaces are created, these are associated with vlan on the switch. But now you can control the switch-ports.
If you have a switch-port configured with just pvid 10 and no vids, then broadcast frames sent from the switch0.10 vif will exit the switchport as standard untagged ethernet frames. Since the switch-port isn't a member of any other vlans, and the ER-X switch is strictly symmetrical vlans (nothing like the MTU VLANS, private vlans, or isolated ports), any traffic to vlans other than vlan 10 will never be forwarded to that switch-port and therefor never transmitted by the switch-port, either untagged or tagged. Also, any tagged traffic recieved on the port will be dropped. That's pretty similar to what cisco calls an access port.
If a switch-port is configured with a pvid 10 and vid 20 and vid 30, then the switch-port will be a member of 10, 20, 30 with 10 untagged and 20 and 30 tagged, i.e. a "hybrid" trunk. Broadcast packets sent from switch0.10 will exit the switch-port with no tag, sent from switch0.20 will exit with IEEE 802.1Q vlan tag for vlan 20, likewise sent from switch0.30 will exit with IEEE 802.1Q vlan tag for vlan 30. This switch-port would be connected to managed switch vlan trunk port, or a vlan-aware access point configured with per vlan SSIDs.
What is less clear, is what happens when a switch-port has a vid or multiple vids associated with it, but does not have a pvid. It seems like it gets forwarded to the switch0 interface, which isn't really associated with any vlan on the switch. But then it can't be forwarded to other switch-ports. That's what the EdgeRouter X Inter-VLAN routing issues (How I solved it) thread is all about.
Ben Pin has good youtube videos.
Since this stuff isn't well documented by Ubiquiti, you have to spend a lot of time reading the forums and searching the web. Vyatta/vyos documentation also helps.
- Copy Link
- Report Inappropriate Content
Bongo wrote
What is less clear, is what happens when a switch-port has a vid or multiple vids associated with it, but does not have a pvid. It seems like it gets forwarded to the switch0 interface, which isn't really associated with any vlan on the switch. But then it can't be forwarded to other switch-ports. That's what the EdgeRouter X Inter-VLAN routing issues (How I solved it) thread is all about.
Yes, I know this – that's exactly the setup on my outdoor switch setup of EP-R6 which doesn't need Inter-VLAN routing. But the gatewy router (ER-X) would need Inter-VLAN routing. In my opinion, the behavior of forwarding tagged frames to the base interface (switch0 here) is the same semantics as with Linux kernel VLANs: the base interface gets all frames, no matter whether tagged or untagged.
A port without a PVID is IMO a clear violation of the 802.1Q standard which states that every switch port needs to be a member of at least one VLAN, the so-called Primary VLAN (which is always the VLAN defined by the Primary VLAN ID, hence its name PVID).
The standard doesn't even mention terms like »access port«, »trunk port«, »general port« nor »Default/Native/System VLAN«; it only talks of »a port which can be member of one or more VLANs«, where all but the primary VLAN are optional. A PVID not only defines what to do with tagging untagged frames on ingress or untagging tagged frames on egress, it much more designates the port to a specific VLAN membership, so every port is always in one VLAN at least.
This leaves much freedom to vendors for an actual implementation of the 802.1Q standard, but omitting a PVID isn't part of that freedom.
Ben Pin has good youtube videos.
Since this stuff isn't well documented by Ubiquiti, you have to spend a lot of time reading the forums and searching the web. Vyatta/vyos documentation also helps.
Problem with non-native English speaking people such as me is that videos are most often very difficult to follow. That's why I like written documentation, preferably by the vendor of the device. But nowadays vendors tend to not document much aside from the usual »click here to do that« – I would have guessed so even w/o such kind of »documentation« :-)
You know, if you start searching the web you often end up having 40+ tabs open in your browser and still no definitive answer, but five different answers and seven opinions to choose from where nine are actually outdated since firmware did change meanwhile. :-D
What's left as the ultimate documentation is to read the source code – if it's available at all.
- Copy Link
- Report Inappropriate Content
I am giving up on this forum.
I just spent about an hour creating a detailed response, and then when I pressed post, it said I had to login. So I did, and everything was lost.
This happens on the Ubiquiti forums as well but its been a while.
All I will say is that terminology means different things for different vendors. The IEEE 802.1Q-2005 standard uses the term Port VLAN for PVID. And the only requirement I could find was that every port had to be a member of at least one vlan. Nothing about having to accept untagged frames and classify them into a vlan. I had references, but I am not going to retype and re-research everything again. And this will probably be one of my last visits here.
Thanks for the info you provided.
- Copy Link
- Report Inappropriate Content
@Bongo, sorry for the confusion. Yes, it's Port VLAN ID in the standard and every port needs to be in one VLAN at least.
It's a pitty you want to leave the forum. It has been a valuable discussion with your profound knowledge about ER-X; thank you for the information, too.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 18206
Replies: 15
Voters 0
No one has voted for it yet.