Carles wrote

I am quite new to VLAN setup and I'm not sure if what I am trying to do is not possible or if I am doing something wrong.

 

I have a T1600G-28TS configured as this:

 

VLAN100 (STUDENTS): 1-18,24 (untagged)
VLAN101 (TEACHER): 1-24 (untagged)
VLAN102 (INTERNET): 1-24 (untagged)

 

PVIDs:
1-18: VLAN100
19-23: VLAN101
24: VLAN102
 

I'd like that teachers could access to resources in VLAN100 (students).

VLANs are a mechanism to isolate networks from each other, which use common resources (switches, cables) for transmission.

To achieve a strict isolation between three logical subnets, you would have to assign ports 1-18 as members of VLAN 100 only, 19-23 as members of VLAN 101 only and port 24 as a member of VLAN 102 only. To route traffic from one of those isolated subnets into another, you would have to use inter-VLAN routing. To control permissions to use certain routes you would have to use access control lists (ACLs).

That's pretty heavy stuff for a beginner.

Rule 1: In general, it makes not much sense to assign an untagged port to more than one VLAN at a time. With your config, if a teacher's system sends a packet to a student's system, it gets assigned VLAN 101 and will be forwarded to those student's system. If this system then sends data back, it gets assigned to VLAN 100, so the teacher's system never will see this reply.

Rule 2: Always use the appropriate mechanism for a given task. If you need isolated networks, use VLANs. If you need interconnectivity, use either a common network or a router (or inter-VLAN routing in the switch). If you need access control, use a firewall (or ACLs in the switch).

Hi Carles

As for the Trunk port, in TP-Link Switch, it can be achieved by General with Tagged setting. 

In another words, if you want to config port 1 as a Trunk port, all you need to do is change the port type to General and set the Egress rules of the port to TAG.

Hope this can help you.