VLAN not working or am I doing it wrong?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VLAN not working or am I doing it wrong?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VLAN not working or am I doing it wrong?
VLAN not working or am I doing it wrong?
2020-01-12 11:11:08
Hardware Version: V3
Firmware Version: 3.0.3 Build 20181101 Rel.54949(s)

Hello all,

 

I'm quite new to TP-Link switches and also quite new to VLANs. However, I wanted to dip my toe into the waters of VLAN and decided to learn more about it. However, I really do not understand it, or I'm doing something terribly wrong. The fact that the firmware and GUI has changed, but the manuals haven't, do not make it any easier to understand.

 

I have a network here with this switch. Port 1 is my computer, port 2 is my printer. Both get an IP from my DHCP server. Everything is standard, so all ports are in untagged VLAN-1 and all is working well.

 

I created a new VLAN, called DATA_100 (VLAN ID 100). I place port 1 and 2 in there, untagged and remove the printer from VLAN-1. I'm my mind that means the printer is now ONLY untagged in VLAN-100. My personal PC is in both VLAN-1 and VLAN-100, untagged.

 

However, I can't ping my printer, as soon as I remove it from VLAN-1. But aren't both devices untagged in VLAN-100? Shouldn't they see and therefor be able to ping eachother?

 

Is something wrong with my switch or am I missing an important step here?

  0      
  0      
#1
Options
3 Reply
Re:VLAN not working or am I doing it wrong?
2020-01-12 17:00:14 - last edited 2020-01-13 02:26:56

Hi @Aspage,

 

inside a managed switch there is no untagged traffic at all. If you set a port to untagged, you have to set the Port VLAN ID (PVID), so the switch can assign untagged traffic arriving on this port to the VLAN the port is a member of. Thus, access ports (those are ports to which VLAN-unaware devices are connected) must be in exactly one VLAN, whose ID equals the PVID.

 

Technically, an access port (untagged) can be in two or more VLANs for special setups such as asymmetric VLANs (a policy), but nevertheless untagged traffic will be directed to the VLAN designated by the PVID of the corresponding port.

 

What do you want achieve by putting the printer in a separate VLAN? Just learning VLANs or do you have a specific goal?

 

If you just want to learn about VLANs, you would need some more devices to separate them (e.g. two PCs, one sharing the virtual network with the Internet router only and one sharing the virtual network which also hosts the printer).

 

Note also that VLANs usually require own networks. VLANs are helpful if you have two networks (imagine two routers, two switches, two PC groups) and you would like to use only one router or one switch to carry traffic for both networks to save cables and expenses as well as to simplify management.

 

Unless you have separate networks or at least separate groups of isolated devices using the same network, VLANs are mostly useless.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:VLAN not working or am I doing it wrong?
2020-02-06 10:09:37

Hello @R1D2 ,

 

Thank you for your response and I'm sorry for the late reply.

 

I'm currently just testing with VLAN's, so that's why I picked my PC and printer to test with. My goal (in the near future) would be to separate my wifi-guest network from my normal network. And (for another client) to separate the VOIP from DATA.

 

Your explanation is very clear, although I'm a bit confused why I would need to set a PVID, if I already set an untagged VLAN for a port. But if that's what it takes, I'll manage, of course.

 

What I'm not clear on yet, is how to get a DHCP request from the same server (Windows 2016 on VLAN1) if my wifi-guest-network is on VLAN 10 (for instance). What are the setup steps to take for this?

 

Thank you again in advance!

  0  
  0  
#3
Options
Re:VLAN not working or am I doing it wrong?
2020-02-06 12:42:58 - last edited 2020-02-06 12:44:49

 

Aspage wrote

Your explanation is very clear, although I'm a bit confused why I would need to set a PVID, if I already set an untagged VLAN for a port. But if that's what it takes, I'll manage, of course.

 

You need to set the Port VLAN ID (PVID) because inside a switch there is no untagged traffic at all. Thus, a port's »untagged« or »tagged« membership in a VLAN tells the switch whether the tag has to be removed or to be retained in frames on egress, while the PVID tells the switch which VLAN ID should be used to tag frames on ingress.

 

What I'm not clear on yet, is how to get a DHCP request from the same server (Windows 2016 on VLAN1) if my wifi-guest-network is on VLAN 10 (for instance). What are the setup steps to take for this?

 

 

Using the same network (broadcast domain) in different VLANs would require an asymmetric VLAN setup. While this can be done with switches, it is not possible to do so with VLAN-tagged SSIDs since the SSIDs cannot be member of two or more VLANs. To use VLAN-tagged SSIDs you would require two networks and I'm not sure whether Windows supports this (Linux does so).

 

I suggest to first read this HowTo for setting up a guest network and then to check whether Windows lets you create two networks as described (for Linux) in this HowTo. If it does, just follow the steps in the HowTo in method 2), else consider to use method 1) without VLAN-tagged SSIDs.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options