VLAN 802.1Q config questions (uplink port config / reaching web interface)
I have a couple of questions on how to correctly set up VLAN (802.1Q) on my TP-Link switch.
My VLAN-capable devices are:
- A OPNsense Firewall/Rounter, which is the DHCP server and gateway to WAN
- A TL-SG1016DE switch
- A UniFi Wifi AP
I want ot have a very simple VLAN split between internal and guest VLANs. All devices connected to ports are either VLAN-capable or belong to "internal" VLAN. On the Wifi, I'll have both an "internal" and a "guest" Wifi.
On the Firewall, I have a "LAN" interface, which can't be assigned a VLAN id. Based on it's behavior, it uses VLAN id 1 internally. I gave it IP range 192.168.0.x
Then I created
- VLAN "internal" with id 2 and IP range 192.168.1.x
- VLAN "guest" with id 3 and IP range 192.168.2.x
Trouble is, as soon as I configure my PC to belong to VLAN group "internal", I can no longer reach the web UI of the TP-Link switch. It looks as if the switch itself belongs "only" to VLAN 1, so it cannot be reached from any VLAN id other than 1.
Is that true? And can I do anything about it?
Alternatively, my VLAN-configuration of the switch may be incorrect. I have:
- Port 1 (to Firewall): Tagged for VLANs 1-3, PVID 1
- Port 2 (to Wifi AP): Tagged for VLANs 1-3, PVID 1
- Ports 3-16 (to PCs): Untagged for VLANs 1-2, PVID 2 ("internal")
As soon as I configured Port 1 as "Tagged", the trouble started, and I either had to get my PC into VLAN 1 somewhow, or hard-reset the switch to get back into the web UI.
My next attempt would be to use VLAN-id 1 for the "internal" network. This should at least guarantee that I can reach the switch web ui. But I read in some tutorials that it's not a "clean" configuration.