VLAN configuration with T1500G-10PS
Hello,
I am trying to establish a VLAN configuration for seperated WLANs with T1500G-10PS (TL-SG2210P) as switch for multiple access points.
Unfortunately it is not possible to establish even a simple configuration just applying one additional VLAN with ID 10
Working configuration:
Access from VLAN ID 10 to Port 8 (VLAN ID 1: Port 1-8 untagged / VLAN ID 10 Port 8 untagged / Port 1-8: PVID 1)
But no access any more via Port 8 when I remove Port 8 from VLAN ID 1 or set PVID to VLAN ID 10 ...
Can anybody help me to get started with this issue ...
... next steps will follow but if I there is no possibility to even configue one untagged Port it is not possible to proceed.
Is there anything important which has to be configured before VLANs can be established with this Switch?
(Configuration of tp-link TL-SG108E has worked without complications ...)
Thanks in advance for your support ;-)
Best Regards
Migo
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Migo wrote
Working configuration:
Access from VLAN ID 10 to Port 8 (VLAN ID 1: Port 1-8 untagged / VLAN ID 10 Port 8 untagged / Port 1-8: PVID 1)
Can't work this way.
First, if you want separate WLANs assigned to different VLANs on a physical Access Point you need to use a tagged (trunk) port to the AP. Traffic to this WLAN will be tagged by the AP and the switch must process this VLAN tag. Thus, the port to the AP can't be untagged.
Second, the traffic in VLAN 10 must be forwarded to a network assigned to VLAN 10. This means you have to set up a separate (sub-) network on your router which is assigned to VLAN 10. Only exception is an asymmetric VLAN setup, but then you have to forward traffic in VLAN 10 to any other port.
If only one switch port is a member of VLAN 10, this does not make any sense, since all incoming traffic gets dropped in the switch.
Maybe you can draw a diagram of what you want to set up. Just ignore VLANs for the moment, draw the networks as if you would use separate routers, switches and APs. It then will be much easier to translate this into a VLAN setup saving the need to use two (or more) routers/switches/APs.
- Copy Link
- Report Inappropriate Content
Hello R1D2,
thanks for the fast replay
Please find below the quick overview of the planned configuration ...
Cheers
Migo
Switch-01 (Linksys SRW2024)
Port 01 (VLAN ID 10/20 tagged) -> Switch-02/Port 01 (T1500G-10PS)
Port 02 (VLAN ID 10/20 tagged) -> Switch-03/Port 01 (T1500G-10PS)
Port 03 (VLAN ID 20 untagged) -> Router/Firewall (192.168.20.1) -> Internet
---
Port 11 (VLAN ID 10 untagged) -> PC01 (192.168.10.11)
Port 12 (VLAN ID 10 untagged) -> PC02 (192.168.10.12)
...
Port 0n (VLAN ID 10 untagged) -> PC0n (192.168.10.n)
...
Port 20 (VLAN ID 10 untagged) -> Router/Firewall (192.168.10.1) -> Internet
Switch-02 (T1500G-10PS)
Port 01 (VLAN ID 10/20 tagged) -> Switch-01/Port 01 (Linksys SRW2024)
Port 01 (VLAN ID 10/20 tagged) -> AccessPoint-01 (EAP245)
- WLAN 1 (VLAN 10)
- WLAN 2 (VLAN 20)
Switch-03 (TL-SG108E)
Port 01 (VLAN ID 10/20 tagged) -> Switch-01/Port 02 (Linksys SRW2024)
Port 01 (VLAN ID 10/20 tagged) -> AccessPoint-02 (EAP245)
- WLAN 1 (VLAN 10)
- WLAN 2 (VLAN 20)
In a first step I just want to have access to the Switch-02 for configuration (prefered in VLAN 10)
Worked for Switch-03 (TL-SG108E) ...
- Copy Link
- Report Inappropriate Content
Migo wrote
In a first step I just want to have access to the Switch-02 for configuration (prefered in VLAN 10)
Worked for Switch-03 (TL-SG108E) ...
Much clearer now :-)
For access to the switch set its management VLAN ID to 10:
For access to the EAPs you have two options:
- untagged frames in a separate VLAN X (where X is not 10 or 20): set switch port as untagged member of VLAN X / PVID X
- tagged frames in a management VLAN 10: no change in your current setup, but you need to assign the EAP mgmt VLAN ID 10.
For example, in Omada controller it's done this way:
- Copy Link
- Report Inappropriate Content
Hello R1D2,
the problem I have is that the management VLAN ID needs a PVID.
But when for port 1 (tagged) or port 8 (untagged) the PVID is set to 10 (instead of 1) the connection to the switch is lost ...
... this is the issue to be solved. For details see screeshots below.
Thanks a lot
Cheers
Migo
- Copy Link
- Report Inappropriate Content
@Migo, I can't see what is on port 8. Your PC?
They way I set up my switches network-wide is to use the Default VLAN only for unused ports and for the PVID of trunks.
There is no traffic ever reaching my VLAN 1, since unused ports are not connected to any device and on my trunks there is no untagged traffic coming in or going out at all.
Every frame travelling through my network is always tagged, either by the router, by another switch, by an EAP or as a last resort by the switch which received the frame at first. Thus, I can use PVID 1 for trunk ports so that an untagged frame coming in on a trunk port from somewhere (by accident!) gets dropped immediately. Note that my trunk ports are not members of VLAN 1, albeit they have PVID 1. Untagged frames would not be forwarded to other switches since the trunk port is not a member of VLAN 1.
With T1500 series switches and latest firmware I can even drop untagged frames on trunk ports immediately on ingress by setting »Acceptable Frame Types« to tagged-only.
My rules of thumb:
- Switches itself are always in the mgmt VLAN (10 in your case).
- Trunks between switches are always tagged members of all VLANs except VLAN 1 and have PVID 1.
- Trunks to servers, EAPs and other VLAN-aware devices are tagged members of the VLANs they belong to (except VLAN 1), PVID is 1.
- Access ports are always untagged member of exactly one VLAN they belong to and have the same VLAN ID as PVID.
- As soon as I assign any port a membership of a VLAN, I remove this port from the Default VLAN 1.
- My Default VLAN 1 is only for unused ports.¹
¹ To be honest: my VLAN 1 is very handy for setting up new TP-Link devices in an isolated VLAN with their factory IP settings, but after I configured the device, I move it into another VLAN thus removing it from VLAN 1.
To set the mgmt VLAN of a switch, use two access ports and set your laptop to a static IP. Assign one of the two ports as member of VLAN 10, PVID 10. Connect to the other port, change the mgmt VLAN, disconnect from the port, connect to the VLAN 10 port, log into the web UI and save settings permanently. Now the previous port can be changed, too. Do not rely on DHCP for the basic config of a switch, use only static addresses.
Hope this helps. If not, please post details what exactly you are doing before you lose connection to the switch.
- Copy Link
- Report Inappropriate Content
Hello R1D2,
thanks a lot for tipps and hints
Finally I could manage to configure the switch as you suggested ...
... now the next steps for the different WLANs in different VLANs configured with Omada will follow.
Maybe I come back and need addional help ...
Cheers
Migo
- Copy Link
- Report Inappropriate Content
Just an additional question:
Is it possible to update the Hardware Version V1 of Model: T1500G-10PS(TL-SG2210P)
with the Firmware Version: 2.0.3 Build 20190509 Rel.36379(s)?
Or is it better to stay with Version: T1500G-10PS(UN)_V1_170607?
Best Regards
Migo
- Copy Link
- Report Inappropriate Content
Migo wrote
Is it possible to update the Hardware Version V1 of Model: T1500G-10PS(TL-SG2210P)
with the Firmware Version: 2.0.3 Build 20190509 Rel.36379(s)?
Yes, it is possible. But see this thread about the new web UI and why I currently prefer the old web UI over the new one until TP-Link will improve the new web UI.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4636
Replies: 8
Voters 0
No one has voted for it yet.