TL-SG1016DE vlan issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-SG1016DE vlan issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-SG1016DE vlan issues
TL-SG1016DE vlan issues
2019-10-30 14:43:08 - last edited 2019-10-30 14:44:57
Model: TL-SG1016DE  
Hardware Version: V3
Firmware Version: 1.0.1 Build 20180629 Rel.58355

Hi,

 

I have the following situation: In one of the rooms at home, I have a TV with a set-top box, along with some other network devices. The set-top box (STB) is provided by my ISP and requires a direct connection to the cable modem (WAN). All other devices should be behind my router in the local network (LAN). Unfortunately I have only a single ethernet cable going to the room. Therefore I bought two managed TP-Link switches (TL-SG1016DE and TL-SG108E), such that I can use VLAN's to transport both WAN and LAN traffic over the same cable.

 

The network setup is as follows:

 

The main TL-SG1016DE switch VLAN configuration is as follows:

 

Note: compared to my diagrams above, port 1 and 2 are swapped.

 

This works fine except for these problems:

 

When the TL-SG1016DE switch is configured as DHCP client, it doesn't seems to request an IP address from the router. The result is that I can no longer access the switch management interface, because I don't know it's IP address. I'm not sure, but I suspect the switch has received an IP address directly from the cable modem instead. This is of course not supposed to happen. For now I worked around this problem by assigning a static IP address. But how can I be sure the switch can't be accessed from the internet? Because that would be a huge security risk!

 

When connecting a PC to a port intended for the STB (e.g. the WAN vlan), I correctly receive an public IP address from my ISP. But if configure the PC with a manual IP address in the same subnet as the LAN, then I can still access the switch management interface. How do I restrict this to only devices inside the LAN?

 

The switch management interface is painfully slow, to the point where it is simply unuseable. When I ping the IP address of the main switch, I see extremely high ping times (~8000ms) and also packet loss. When I ping the secondary switch or other devices in the network, there is no packet loss and normal ping times (~2.5ms for the secondary switch and ~0.5ms for other wired devices). The strange thing is that if I disconnect the cable modem from the main switch, those high ping times immediately disappear and the management interface becomes responsive again. To me, that seems to indicate a problem with the switch or its configuration.

 

Jef

  0      
  0      
#1
Options
8 Reply
Re:TL-SG1016DE vlan issues
2019-10-31 01:58:13

@jedr 

 

If your modem can be a router, it means that the switch will get the private IP address even if get the IP from the modem, then you don't need to worry about that other people can access your switch. Because they cannot access the private IP address. Bug if your switch get the public IP address, then it's recommended to change to static private IP adderss.

 

And your switch model doesn't support management VLAN, so cannot meet the demand that only allow the device from LAN to access the switch.

 

Your switch model still support managed by utility. You can use utility to scan the switch for confirming its IP address. The utility can be downloaded from TP-Link website.

 

If your switch is using private IP address, the high ping delay is abnormal. Unless your traffic is too much to make the netowrk slowly.

  0  
  0  
#2
Options
Re:TL-SG1016DE vlan issues
2019-10-31 07:04:39

@Andone 

 

The cable modem does not contain a router. Thus any device connected directly to the modem gets a public IP address from the ISP.

 

I've read somewhere that VLAN 1 is used as the management VLAN.

 

The high ping times are not caused by high traffic, because I also see it when the network is almost idle.

  0  
  0  
#3
Options
Re:TL-SG1016DE vlan issues
2019-11-01 09:54:37
If your ISP is assigning the IP address thorugh DHCP, then the switch may get the IP address from ISP. If through PPPoE other other way, DHCP will not get the IP address. Generally VLAN 1 is used as management VLAN. But easy smart switch has not management VLAN. You can access the switch through all VLANs. I think it's better to set up static IP address for the switch. If you want to make the IP fixed. And other people cannot access your switch as well. For the high ping, it will not affect the data forwarding. Generally ping delay is caused by high CPU usage. But normal data forwarding doesn't need to pass CPU. But it will affect managing switch.
  0  
  0  
#4
Options
Re:TL-SG1016DE vlan issues
2019-11-01 19:21:06 - last edited 2019-11-01 19:23:46

@Andone 

 

If the switch management interface can indeed be accessed from all vlan's, then that's a huge security risk! I don't want my switch to be exposed directly to the internet. If that's not possible then it's worthless to me. I consider being able to configure the management vlan basic functionallity for a vlan capable switch.

 

Even if the high ping times do not affect the normal traffic forwarding, it is still problematic because it means I can't configure the switch. If I needed a switch without configuration, then I would have bought a unmanaged switch. High cpu usage is probably also a good indication that there is something seriously wrong with the switch!

 

I'm very disappointed with my switch. Looks like I'm better off buying another one :-(

  0  
  0  
#5
Options
Re:TL-SG1016DE vlan issues
2019-11-03 08:51:14

The problem is indeed the TL-SG1016DE switch. For testing, I replaced it with the TL-SG108E switch with the exactly the same configuration, and that works just fine. Normal ping times and the management interface is very responsive. So I can only conclude the TL-SG1016DE switch is buggy.

  1  
  1  
#6
Options
Re:TL-SG1016DE vlan issues
2021-04-19 01:21:11

@jedr 

 

I have the exact same issue with the TP-Link 16 port router smart switch. I have multiple vlans that work without issue. I am using a one armed router setup. I have my cable internet modem plugged into port 2. My router is in port 1. I have set a static ip for the switch and I can only access the web interface when i unplug the internet from port 2. As soon as I plug the internet cable back into port to i cannot access the web management.

 

I can also confirm the my exact same setup on the 8 port TP-Link smart switch works without issue.

 

Very strange. I did a lot of playing around with different configurations until I tried it on my smaller setup and it worked on the 8 port. Seems like some sort of routing issue?

  1  
  1  
#7
Options
Re:TL-SG1016DE vlan issues
2021-04-22 12:21:28
I never found a solution, and I bought another switch instead.
  1  
  1  
#8
Options
Re:TL-SG1016DE vlan issues
2022-01-07 16:13:00

@jedr @Andone @Bailz

 

My experience is identical to yours. On my TL-SG1016DE, 8 VLANS are trunked through port 16 (from Router) and then egressed (tagged) on ports 15 - 8. Port 15 is attached to a TL-SG108D and ports 14 - 12 are attached to 3  x TL-SG105D. Port 11 is connected via VLAN aware bridge to an additional TL-SG105D. Ports 10 and 9 are connected to VLAN aware WIFI AP. Port 1 of the 1016 is set for the managment VLAN with all infrastructure having a static IP on that VLAN.

 

I cannot connect to the 1016 web interface reliably from any of the vlan, including managment. If I ping the 1016 from the router console it will eventualy permit http connection but freezes after trying to navigate away from the main page. The same is true from the configured untagged port 1 of the 1016. If a connection is attempted to the 108 or 105 switches via the trunked 1016, they will also fail to respond reliably. However, I can reliably connect to the 108 and 105s through their individual untagged managment ports.

 

The bridge components and APs reliably connect via their web servers and, as stated earier, they are on the same VLAN subnet. All VLANS are transmitted reliably and there is no issue with internet or intra lan access to other resources.

 

I am, to say the least, disappointed. This is the second 1016 I have purchased, the first being in 2017. At that time I had a flat network and anticipated moving to a VLAN configuration in the future. The 1016 worked without issue in that configuration. I purchased a duplicate set of switches in November so that I could configure and test the VLANs with my new PFSense router and I did note the connection issues. But I thought it was (switch) arp table corruption due to my changing ports frequently. Now I see that the issue is common and wonder why others have not reported it.

 

If tech support follows these threads I hope they will help resolve the issue. The problem is easily reproduced and hopefully can be resolved with a firmware update.

 

In Commiseration

 

Chris

  2  
  2  
#9
Options