Vlan Setup- Switch Fails to Assign IPs after ACL Binding

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Vlan Setup- Switch Fails to Assign IPs after ACL Binding

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Vlan Setup- Switch Fails to Assign IPs after ACL Binding
Vlan Setup- Switch Fails to Assign IPs after ACL Binding
2024-02-22 17:40:31 - last edited 2024-02-27 09:58:46
Model: TL-SG2008  
Hardware Version: V3
Firmware Version: Original

Good day!

 

I'm reaching out as I have been trying to set-up VLANS for better security and to keep IOT devices isolated from the main network.

I have a TL-SG2008P version 3 switch and a VR2100v archer router. I set up my VLANs and everything using the following tp-link guide.

https://www.tp-link.com/us/support/faq/3656/

Please note that I am a beginner, but have learnt a ton going thru other threads here. I really appreciate the help and will be glad to clarify anything in my explanation below.

 

Everything went smoothly: for example, when I connect my switch to my gateway/router, I can plug my laptop to port 3 on the switch for example (which in my case is unique to Vlan 20), and my laptop nicely gets an IP address in the 192.168.2.1 range. And I can access the internet as well.

So I'm ruling out that my router can't do VLANs, which was a worry initially since it doesn't have the multi-net nats feature, but anyway let's move on..

 

The PROBLEM arises when I set up the ACLs on the switch to prevent vlan 30 from talking to vlan 20 and vice versa.. So i create the acls, knowing that I have to bind them before they take effect. Upon binding each vlan-specific set of rules to its corresponding port on the switch GUI, immediately after that, the switch fails to give ip addresses. At the same time, it still gives an IP address if i plug my device to another port on the switch where no acls are binded to that port. I don't understand what the problem is, frustrating.

 

As a demonstration, to reverse the problem, I unbind one group of VLAN-specific ACL rules from its corresponding port et Voila! i plug my laptop into that port on the switch and I get an IP again!

 

I hope this is a clear explanation, thanks a million!

  1      
  1      
#1
Options
1 Accepted Solution
Re:Vlan Setup- Switch Fails to Assign IPs after ACL Binding-Solution
2024-02-23 02:17:28 - last edited 2024-02-27 09:58:46

Hi @Matt677 

Thanks for posting in our business forum.

Matt677 wrote

Good day!

 

I'm reaching out as I have been trying to set-up VLANS for better security and to keep IOT devices isolated from the main network.

I have a TL-SG2008P version 3 switch and a VR2100v archer router. I set up my VLANs and everything using the following tp-link guide.

https://www.tp-link.com/us/support/faq/3656/

Please note that I am a beginner, but have learnt a ton going thru other threads here. I really appreciate the help and will be glad to clarify anything in my explanation below.

 

Everything went smoothly: for example, when I connect my switch to my gateway/router, I can plug my laptop to port 3 on the switch for example (which in my case is unique to Vlan 20), and my laptop nicely gets an IP address in the 192.168.2.1 range. And I can access the internet as well.

So I'm ruling out that my router can't do VLANs, which was a worry initially since it doesn't have the multi-net nats feature, but anyway let's move on..

 

Correct. That summarizes the description above.

 

Matt677 wrote

 

The PROBLEM arises when I set up the ACLs on the switch to prevent vlan 30 from talking to vlan 20 and vice versa.. So i create the acls, knowing that I have to bind them before they take effect. Upon binding each vlan-specific set of rules to its corresponding port on the switch GUI, immediately after that, the switch fails to give ip addresses. At the same time, it still gives an IP address if i plug my device to another port on the switch where no acls are binded to that port. I don't understand what the problem is, frustrating.

 

As a demonstration, to reverse the problem, I unbind one group of VLAN-specific ACL rules from its corresponding port et Voila! i plug my laptop into that port on the switch and I get an IP again!

 

I hope this is a clear explanation, thanks a million!

Assume you have blocked the DHCP server from the switch. That's the reason why. DHCP server stops responding because your ACL blocks the communication.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
2 Reply
Re:Vlan Setup- Switch Fails to Assign IPs after ACL Binding-Solution
2024-02-23 02:17:28 - last edited 2024-02-27 09:58:46

Hi @Matt677 

Thanks for posting in our business forum.

Matt677 wrote

Good day!

 

I'm reaching out as I have been trying to set-up VLANS for better security and to keep IOT devices isolated from the main network.

I have a TL-SG2008P version 3 switch and a VR2100v archer router. I set up my VLANs and everything using the following tp-link guide.

https://www.tp-link.com/us/support/faq/3656/

Please note that I am a beginner, but have learnt a ton going thru other threads here. I really appreciate the help and will be glad to clarify anything in my explanation below.

 

Everything went smoothly: for example, when I connect my switch to my gateway/router, I can plug my laptop to port 3 on the switch for example (which in my case is unique to Vlan 20), and my laptop nicely gets an IP address in the 192.168.2.1 range. And I can access the internet as well.

So I'm ruling out that my router can't do VLANs, which was a worry initially since it doesn't have the multi-net nats feature, but anyway let's move on..

 

Correct. That summarizes the description above.

 

Matt677 wrote

 

The PROBLEM arises when I set up the ACLs on the switch to prevent vlan 30 from talking to vlan 20 and vice versa.. So i create the acls, knowing that I have to bind them before they take effect. Upon binding each vlan-specific set of rules to its corresponding port on the switch GUI, immediately after that, the switch fails to give ip addresses. At the same time, it still gives an IP address if i plug my device to another port on the switch where no acls are binded to that port. I don't understand what the problem is, frustrating.

 

As a demonstration, to reverse the problem, I unbind one group of VLAN-specific ACL rules from its corresponding port et Voila! i plug my laptop into that port on the switch and I get an IP again!

 

I hope this is a clear explanation, thanks a million!

Assume you have blocked the DHCP server from the switch. That's the reason why. DHCP server stops responding because your ACL blocks the communication.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Vlan Setup- Switch Fails to Assign IPs after ACL Binding
2024-02-27 10:01:05

  @Clive_A Thank you!! Yup that was it, I found the problem in my acls, thanks for pointing it out.

 

 

  1  
  1  
#3
Options