Multiple T1600G-28TS on a network. Need to manage to add VLAN
Hi everybody.
I'm quite new to Smart Switches series, so please forgive if I'm asking something that could be pretty simple to the most of you.
Actual Scenario:
I have a network built with 5 T1600G-28TS and it works fine.
All clients are cable connected and there are no VLAN and the network works on the 192.168.1.X IP, so despite the fact that switches are Smart and has their IPs there is no conflict.
What I need to do:
I must create a VLAN to isolate some clients on the Wireless Network. Using the Omada series I can configure it pretty easy, but, obviusvly the client connceted to the SSID assigned to VLAN1 does not communcate and access to the internet.
What I think I should do:
- Do I have to reach each of the T1600G-28TS and change their IPs to manage them individually, without causing conflicts?
- Do I have to assign VLAN1 to the the port of the APs?
- Do I have to create another VLAN to let all the other stuff work as they works now? In this case, do I have to assign both VLAN to the port where APS are connected?
Thnaks a lot for reading.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @laboratorio101,
- Do I have to reach each of the T1600G-28TS and change their IPs to manage them individually, without causing conflicts
TP-Link switches all use 192.168.0.1 in default settings. When there are multiple switches on a network, it's suggested to change and set unique IP addresses for these switches to avoid IP conflict. To easily access these switches in your 192.168.1.X network, you can change their IP, for example, to 192.168.1.2, 192.168.1.3, 192.168.1.4...
How to change the IP address of the smart and L2 managed switches
- Do I have to assign VLAN1 to the the port of the APs?
- Do I have to create another VLAN to let all the other stuff work as they works now? In this case, do I have to assign both VLAN to the port where APS are connected?
With 802.1Q VLAN, a LAN can be divided into several VLANs and only the hosts in the same VLAN can communicate with each other.
For TP-Link T series switches, all ports are in the VLAN1 and set as untagged by default. So all devices connected to these ports can communicate with each other.
So if you want to use VLAN to isolate the network, there should be at least two VLANs created on the switch. A configuration example for your reference.
How to configure 802.1Q VLAN on Smart and Managed switches
With Wireless VLAN, the Omada EAP can work together with the switches supporting 802.1Q VLAN. Traffic from the clients in different wireless networks is added with different VLAN tags according to the VLAN settings of the wireless networks. Then the wireless clients in different VLANs cannot directly communicate with each other. Please note that the traffic from the wired clients will not be added with VLAN tags.
Usually, wireless VLAN works together with multiple SSIDs, below is a configuration example you may refer to.
How to Configure Multiple SSIDs with Multiple Subnets on EAP products
I must create a VLAN to isolate some clients on the Wireless Network. Using the Omada series I can configure it pretty easy, but, obviusvly the client connceted to the SSID assigned to VLAN1 does not communcate and access to the internet.
May I know your network topology and actual requirements here? It's not so clear whether VLAN is really needed for your purpose.
If your demand is to allow visitors to access the internet via WiFi, but not to access the local wired network or other wireless clients, you can simply configure Guest Network on the Omada EAPs to achieve it.
How to set Access Control to create guest SSID on Omada Controller/EAP
- Copy Link
- Report Inappropriate Content
Hi @Fae,
thanks for your kindness.
TP-Link switches all use 192.168.0.1 in default settings. When there are multiple switches on a network, it's suggested to change and set unique IP addresses for these switches to avoid IP conflict. To easily access these switches in your 192.168.1.X network, you can change their IP, for example, to 192.168.1.2, 192.168.1.3, 192.168.1.4...
That's fine, I will change my pc IP and try to reach them one by one and put their IP in fixed in the same IP range of the network. As we usually for APs and other stuff. ;)
- Do I have to assign VLAN1 to the the port of the APs?
- Do I have to create another VLAN to let all the other stuff work as they works now? In this case, do I have to assign both VLAN to the port where APS are connected?
With 802.1Q VLAN, a LAN can be divided into several VLANs and only the hosts in the same VLAN can communicate with each other.
For TP-Link T series switches, all ports are in the VLAN1 and set as untagged by default. So all devices connected to these ports can communicate with each other.
So, are you saying that my netwok, where I did not creat VLAN at the moment is virtually into VLAN1, so I must creat a VLAN2 to isolate that clients? Or do I have to create also VLAN1 to let "normal client" to work? By Now I will call mi actual network VLAN1 for disambiguation.
So if you want to use VLAN to isolate the network, there should be at least two VLANs created on the switch. A configuration example for your reference.
How to configure 802.1Q VLAN on Smart and Managed switches
With Wireless VLAN, the Omada EAP can work together with the switches supporting 802.1Q VLAN. Traffic from the clients in different wireless networks is added with different VLAN tags according to the VLAN settings of the wireless networks. Then the wireless clients in different VLANs cannot directly communicate with each other. Please note that the traffic from the wired clients will not be added with VLAN tags.
Usually, wireless VLAN works together with multiple SSIDs, below is a configuration example you may refer to.
How to Configure Multiple SSIDs with Multiple Subnets on EAP products
I've tried to create a new SSID and assigned it to VLAN2, but there is no internet access, is that beacause the ports of the switches where APs are connected are not setted?
I must create a VLAN to isolate some clients on the Wireless Network. Using the Omada series I can configure it pretty easy, but, obviusvly the client connceted to the SSID assigned to VLAN1 does not communcate and access to the internet
May I know your network topology and actual requirements here? It's not so clear whether VLAN is really needed for your purpose.
I've drawed a simplified version of the netwok, with the only component included into this work, you cand find it here. Please consider that the 6 client will be connected to the various EAPs.
Obviusvly I will change the TL-SG1024 with some smart switches (the first on the left will be a T1600g-28TS, the last one a smaller one I think).
As you can see I use POE Switches after the T1600 to power the APs. APs must provides network to both VLAN1 & VLAN2 on different SSID
If your demand is to allow visitors to access the internet via WiFi, but not to access the local wired network or other wireless clients, you can simply configure Guest Network on the Omada EAPs to achieve it.
How to set Access Control to create guest SSID on Omada Controller/EAP
No, visitors are already ok with Guest SSIDs. The six PC that will be on the VLAN2 WiFi and the wired PCs you see in the diagram are simply a different network that must communicate with each other but not with tha main network (VLAN1)
Thank you once again
- Copy Link
- Report Inappropriate Content
Dear @laboratorio101,
So, are you saying that my netwok, where I did not creat VLAN at the moment is virtually into VLAN1, so I must creat a VLAN2 to isolate that clients? Or do I have to create also VLAN1 to let "normal client" to work? By Now I will call mi actual network VLAN1 for disambiguation.
Yes, you need to create new VLANs to divide the network into different groups. As mentioned, only the hosts in the same VLAN can communicate with each other. To let "normal client" to access the Internet, the key is to ensure the uplink port (the port connected to the network) is included in the new VLAN you created for the "normal client", but not to create VLAN1. The VLAN1 is already there, no need to create it again.
I've tried to create a new SSID and assigned it to VLAN2, but there is no internet access, is that beacause the ports of the switches where APs are connected are not setted?
Say topology:
Router <-----> Port 1-- T1600 switch #1---Port 2 <-----> Port 1'-- T1600 switch #2 ---Port 2' <-----> EAP115 )))((( SSID2 in VLAN2
To get the SSID works in VLAN2, please ensure you configured the VLAN2 on the switches correctly, all the related ports should be included in VLAN2. Besides, the router port connected to the switch should also be tagged in VLAN2, ensure your router supports Tagged VLAN as well.
So we need to create VLAN2 on both T1600 switch #1 and T1600 switch #2, as well as the Router.
On the T1600 switches, create VLAN2 and add both Port 1 and Port 2 as Tagged Port.
If there is a normal PC connected to the T1600 switch through Port 3, and you need to get it in VLAN2, then select Port 3 as Untagged Port and configure PVID as 2.
- Copy Link
- Report Inappropriate Content
@Fae Thank you once again!
Just a last question. As you can see I've got an unmanaged POE Switch after the T1600 to power on APs. Did it let everything pass through (VLAN1 & VLAN2) or it will break communications?
- Copy Link
- Report Inappropriate Content
Dear @laboratorio101,
As you can see I've got an unmanaged POE Switch after the T1600 to power on APs. Did it let everything pass through (VLAN1 & VLAN2) or it will break communications?
Good question. This is what I should have added in my last reply. TP-Link Unmanaged Switches will pass through the VLAN traffic, that is, they will forward the VLAN traffic directly without any processing. However, there could be a problem when you want to add tag VLAN with the unmanaged switches in the network.
T1600 --Port2 <--------> Port 1 --TL-SG1005P ------> EAP115 )))((( SSID1 in VLAN1 & SSID2 in VLAN2
------> PC (must be on VLAN1&VLAN2)
The two SSIDs on the EAP115 need to work in VLAN1 & VLAN2, so the Port2 on T1600 should be added as Tagged Port in both VLAN1 & VLAN2. As a result, the outgoing traffic from Port2 will be tagged, if the PC cannot handle tagged traffic, then the communication will be stopped. So, you may ensure the PC supports VLAN if you want to connect in the way above. Otherwise, replace the Unmanaged switch with a smart switch that supports VLAN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1271
Replies: 5
Voters 0
No one has voted for it yet.