TL-SG1016PE - 802.1Q VLAN how to assign one port to multiple VLANs
TL-SG1016PE - 802.1Q VLAN how to assign one port to multiple VLANs
Hi there
I owned Smart switch TP-Link TL-SG1016PE and I am trying to setup 802.1Q VLANs for my home network. So I need to figure out how I can assign wifi AP (UBNT) port as member of two VLANS (private network and guest network), also I am sure that I have to assign router (mikrotik) port as member of all vlans. Problem is after I create vlans I cannot set up one port as member of two (or more) vlans in PVID settings because in PVID settings is possible to set only one port to one vlan.
So can you tell me how can I solve my situation?
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@j.lj, PVID is the Port VLAN ID which determines the VLAN ID the switch will assign to untagged frames. You cannot assign more than one VLAN ID to a PVID – this would make no sense. How should a switch decide the VLAN ID for untagged frames if there would be two PVIDs? Impossible with port-based VLANs.
To assign a port a member of two or more VLANs use the VLAN membership settings, not the PVID.
For example, in old web UI of Easy Smart Switches it's done this way:
In new web UI it's done this way:
Just repeat those steps for all VLANs a port should be a member of.
- Copy Link
- Report Inappropriate Content
Hey thanks for reply but my admin interface is different. My admin interface looks like in this video: TP-Link Easy Smart Switch giga VLAN Configuration - YouTube
So can you give advice how I can set up VLAN by that utility?
- Copy Link
- Report Inappropriate Content
@jj.j, that's pretty much the same as in the new web UI when it comes to functionality, just an older design (Easy Smart Switch Config Utility).
See chapter 5 »Configuring VLAN« in the fine manual for step-by-step instructions.
- Copy Link
- Report Inappropriate Content
Yeah I know this manual but if I understand to that correctly, by this manual I need to set UBNT ports as tagged but when I do that then UBNT APs cannot boot. By Google this is some kind of special behavior for Ubiquiti devices.
- Copy Link
- Report Inappropriate Content
@jj.j, as far as I know, UBNT APs use tagged VLANs only for traffic from/to SSIDs (which need to be VLAN-mapped, too), but uses untagged traffic between the AP and the UniFi controller. But I might be wrong; it's been too long since I used UBNT APs.
I think it would be best be to ask someone in the UBNT forum about what the requirements for their APs are nowadays.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
mariem56 wrote
Why is a VLAN called untagged port?
A port needs to be an »untagged member« of a VLAN if you want to connect VLAN-unaware devices such as laptops, PCs, printers, etc. to this port. Since they can't handle VLAN tags for themself, you need to configure the switch to add a VLAN tag on ingress (using the PVID) and remove the VLAN tag (= untag it) on egress from the switch.
A port needs to be a »tagged member« of certain VLANs if you want to transfer traffic of different VLANs to another device (router, switch, server, etc.). This device must be VLAN-aware, too, it must be able to process the VLAN tag for itself and needs to assign each Ethernet frame to the appropriate network according to the VLAN tag..
VLANs are really easy to set up if you imagine you would set up devices for different networks, say network A and network B, using gear w/o VLANs (one separate router, one switch, one AP for each network) and then reduce all devices which can handle VLANs to one device only used by both networks:
- You need to pass the VLAN tags to any device which should handle traffic for both networks (that means you need a tagged port to connect those devices). Those devices can be part of both networks A and B, for example a router which defines two networks or a wireless AP which extends the networks A and B to wireless ones.
- You need to remove VLAN tags in traffic to any device which cannot handle VLAN tags (that means you need an untagged port to connect those devices). Those devices can be part of only one network A or B, for example a laptop or a printer.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
mariem56 wrote
My problem would be getting two VLANs from 1AP connected to TPlink Switch.
TL-SG1016PE conforms to 802.1Q standard as do Cisco switches, but the TL-SG1016PE is an Easy Smart Switch which lacks some advanced features.
You can use any port as uplink to your L3SW switch and yes, if the L3SW switch uses a trunk (tagged port, member of one or more VLANs), then the TL-SG1016PE port also needs to be tagged member of the VLANs the switch and the AP should handle.
As far as I know, UBNT uses untagged traffic for management of their APs (correct me if I'm wrong), so the uplink port can also be an untagged member of this mgmt VLAN and its PVID must equal the ID of this mgmt VLAN. Mgmt VLAN is the network which allows access to the AP itself (not to one of the SSIDs).
Also, you're right that traffic from/to VLANs 20 and 30 for the AP's SSIDs need a trunk port to the AP, so the AP can divert traffic to the appropriate SSID assigned to either the corporate or the guest network.
TP-Link APs can be used in pretty much the same manner as UBNT APs are being used, but TP-Link APs allow to alternatively use tagged traffic for mgmt of the AP instead of untagged traffic, so you can choose either method, while UBNT APs might require to use untagged traffic for mgmt.
In my setups I never mix tagged and untagged traffic on a trunk port, so I prefer a separate mgmt VLAN using tagged traffic.
Maybe this picture makes it somewhat clearer. It shows Multi-SSID setup on TP-Link APs and switch ports:
Router ports:
- P1 is the WAN port, connected directly to the Internet modem.
- P2 is an access port (untagged member of VLAN 200/mgmt only, PVID=200). It's connected to mgmt network, pretty much as port P4.
VLAN 200 could alternatively be the Default VLAN 1.
- P3 is a trunk port (tagged member of VLANs 10, 20, 30 and either tagged or untagged member of VLAN 200).
If P3 is an untagged member of VLAN 200, PVID must be 200.
If P3 is a tagged member of VLAN 200, PVID doesn't matter, but »Managemen VLAN« setting of the AP must be set to 200.
- P4 is an access port (untagged member of VLAN 200, PVID=200) to the AP controller.
The controller can't process tagged traffic, thus the port needs to be an untagged member of the mgmt VLAN.
An uplink port from the TP-Link switch to another switch would have the same VLAN settings as port P3.
Hope this helps.
- Copy Link
- Report Inappropriate Content
R1D2 wrote
For example, in old web UI of Easy Smart Switches it's done this way:
In new web UI it's done this way:
Other than looking more modern, the New UI looks less functional than the old UI. It appears to require more switching between screens. What was the purpose of the change?
In the old UI, everything for a single vlan was in one place. I am much more interested in function than form.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 18680
Replies: 14
Voters 0
No one has voted for it yet.