OliverG wrote

Hello

 

I have a setup of the VPN Router (TL-R600VPN) connected to a cable modem.

The switch (T2600G) uses Port 1 (configured as TRUNK) to connect to the R600VPN

There are 1 VLANs configured (1=admin; 10=Net1; 20=Net2; 30=GuestNet).

Each VLAN has an address pool configured with its own Network (172.16.x.0/23)

There are also also 2 APs providing WiFi networks tagged with each on those VLAN IDs (SSID to VLAN mapping) They need VLAN1 for admin purposes, or no vlan at all.

 

The ports on the switch are configured as follows:

Port 1:    TRUNK; PVID-1    -> Router LAN-Port5

Port 2:    ACCESS, PVID-1

Port 3:    TRUNK, PVID-1    -> AccessPoint 1

Port 4:    TRUNK, PVID-1    -> AccessPoint 2

Port5-10: ACCESS, PVID-20

Port11-16: ACCESS, PVID-10

 

The Router (TL R600VPN) hass currently no VPN config. (reset everything because of unseuccessfull appempts.

Port 1: WAN  VLAN2988,Untag -> Cable Modem

Port2-4: open

Port5:  

 

My questions are:

a) if the connection of the AccessPoints correct or do the need to be ACCESS,PVID1?

b) How does the Switch as well as the router need to be configured so that traffic from the VLAN is routed to the internet?

c) I have very few devices that woild need to be accessible from VLAN10 and VLAN20. How is that accomplished

d) Admin access (VLAN1) needs to exist accross router, switch and APs (There is s SSID for admin with VLAN1 association)

 

I hope I covered it.

 

Any help is appriciated.

 

Oliver

Hi Oliver

Your AP provides wifi network tagged. You need to set up the switch port as trunk or genernal tagged. 

You need to set the static routing for switch and router. You can refer to the following link.

https://www.tp-link.com/en/faq-887.html

If you have set up the layer3 interface for VLAN10 and VLAN20, then VLAN 10 can access VLAN 20. 

Set up the ports of router and switch belong to VLAN1, and your AP also has VLAN1, the VLAN1 data can transmit through router, switch, and AP.

Hi Anderson

thanks for the response. 

This helped a lot. I have it all working.

I have one follow up question: It looks as if there is no need to configure any VLAN on the router (R600VPN), beside the 2 default ones?

ALso to confihure VPNs using IPSec I simply place them into network and therfor indirectly assign them to their corresponding VLAN?

Thanks again

Regards

Oliver

OliverG wrote

Hi Anderson

 

thanks for the response. 

This helped a lot. I have it all working.

I have one follow up question: It looks as if there is no need to configure any VLAN on the router (R600VPN), beside the 2 default ones?

ALso to confihure VPNs using IPSec I simply place them into network and therfor indirectly assign them to their corresponding VLAN?

 

Thanks again

 

Regards

Oliver

Hi Oliver 

If the switch port connected to R600VPN is untagged port, then R600VPN doesn't need to configure VLAN and tagged port.

About the IPsec VPN,  you should configure multiple entries for your different subnets. The different entries use different local subnet.

And you should configure the static routing on T2600. For example, you topology is as follows.

10.0.0.0/24-----Router-----VPN------R600VPN(192.168.0.1)-----T2600G-28TS-----(VLAN 10 192.168.10.1/24)

Add the routing on T2600. destination 10.0.0.0/24, next hop 192.168.0.1