Cannot communicate between hosts when VLAN tagging is enabled on WA801ND
Cannot communicate between hosts when VLAN tagging is enabled on WA801ND
I have a WA801ND which I am currently trying to use to present 4 individual SSIDs. I am also using the functionality to TAG traffic comming in from these SSIDs. The traffic tagging itself is working fine and at a switch and router level I can process the tags, firewall appropriately, etc. However, I'm unable to communicate between devices on the same SSID. These devices are a mixture of Linux laptops, windows laptops, android and ios phones.
As can be seen, Client Isolation is currently disabled:
As soon as VLAN tagging is disable (and all hosts are on the same flat network), clients on the same SSID are able to communicate with no issues.
I also have a TL-SG108E switch which I configure trunk ports for the wireless access point and tag other ports so that I can have physical devices on the same logical VLANs. I am able to connect to devices (ping, ssh, etc) on the VLAN segments from a wired computer on the same VLAN segment without any issues, so it seems that all of the issues
are within the way the WA801ND is configuring VLAN tagging.
Does anyone have any ideas? :)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi,
As far as I understand, different VLANs are separated by design and communication between them can only be achieved via a router.
Maybe try a Google search for communication+between+vlans to find some helpful information.
- Copy Link
- Report Inappropriate Content
Hi @woozle !
Thanks for the response. The issue isnt communication between VLAN's, the issue is communication between hosts on the same VLAN. For example, I cannot communicate between Device A and Device B, both of which are connected to Brewnet_Main and have a VLAN tag of 20.
From what I understand, hosts connecting to the same VLAN should be able to communicate despite what my Switch/Router settings are set to because inter-host communication would happen at the AP level (packets would not be routed to the router for adjacent hosts).
- Copy Link
- Report Inappropriate Content
Oh, I see. I misread your original post, sorry.
Devices on the same VLAN should be able to communicate with each other.
- Copy Link
- Report Inappropriate Content
From your description I understand the following:
When both devices (on the same VLAN) are connected to the 801ND there's a problem communicating with each other.
When one device is connected to the TL-SG108E and the other to the 801ND (both on the same VLAN) there's no problem communicating with each other.
If my understanding is correct so far, something similar has been reported here.
You can e-mail your local tech support to be advised on this issue.
- Copy Link
- Report Inappropriate Content
Hi @terziyski
Yeah, thats exactly the issue. its really strange that a laptop (connected wirelessly to SSID 1) and a computer connected wired to the switch and both on VLAN 20 can communicate with no issues, but two laptops connected to SSID 1 also with the same VLAN 20 are unable to communicate. I reckon theres a bug somewhere.
I've contacted support and I'll update my post when I hear from them on the off chance someone else runs into this issue.
Thanks
- Copy Link
- Report Inappropriate Content
What you can do (to confirm the issue) is to test if the two laptops connected to SSID 1, with the same VLAN 20 can communicate with each other if one of them is connected through the TL-SG108E.
That is to exclude any possible issues with laptop's OS firewall rules or apps blocking the communication.
If you've done communication test in both directions then that confirms the issue.
- Copy Link
- Report Inappropriate Content
Hi @terziyski
Well, I've already confirmed that a computer connected to the switchport that is tagged with VLAN 20 is able to communicate with either of the laptops connected to SSID with VLAN 20 (this can be seen in the PING output at the bottom of the post). And this is in both directions too. And the laptop itself is able to access the internet/other internal hosts like my gitlab via my router firewall (though for adjacent clients on an SSID, packets wouldn't even go as far as the router, they would just be routed directly to the adjacent host by the wireless access point/switch). Its definitely an issue with the Access Point in some way.
- Copy Link
- Report Inappropriate Content
I got a pretty disappointing response from TP LINK
"The purpose of the Vlan is to separate networks. Devices in different vlans cannot communicate with each other. If you want all your devices to communicate with each other, the disable Vlan ID works. Or do you have a special need to enable Vlan ID ?"
I've tried explaining again that Laptop 1 and Laptop 2 are both connect to the same access point and their traffic is both tagged with the same VLAN tag.
- Copy Link
- Report Inappropriate Content
801ND is with an EoL status (end of life) according some regional TP-Link websites and its latest FW release is from 2017.
TBH, I am a bit skeptical about finding a resolution if this turns out to be a FW issue, unless they come up with some beta FW release like in this thread.
Meanwhile you may receive an answer by the support as well - lets hope they understand the problem in details.
I don't know what router you're using but for example a devices like EAPs could do this job for sure.
Meanwhile you can go through this guide and double check the switch VLAN configuration just to make sure everything's OK there.
For 802.1Q VLAN configuring on Smart/Unmanaged Pro switches like TL-SG108E this is a good source of information too.
- Copy Link
- Report Inappropriate Content
We've also tried setting this up with a Ubiquti wireless access point and it worked fine, so if there is no solution then we'll likely replace our infrastructure with those devices going forward. They're a bit more pricey, but they work at least.
For reference, the firewall/router is a Netgate 3100 (pfSense). The switch is also TPlink.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2573
Replies: 12
Voters 0
No one has voted for it yet.