Home

Forums

Stories

Knowledge Base

Business Community > Switches > TL-ER6020 & T2600G-28MPS VLAN configuration

< Switches

TL-ER6020 & T2600G-28MPS VLAN configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-ER6020 & T2600G-28MPS VLAN configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

skangraf

2019-03-18 20:32:48 - last edited 2019-03-18 20:34:30

Posts: 1

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2019-03-17

TL-ER6020 & T2600G-28MPS VLAN configuration

2019-03-18 20:32:48 - last edited 2019-03-18 20:34:30

Model: T2600G-28MPS(TL-SG3424P)

Hardware Version: V3

Firmware Version: 3.0.0 Build 20180301 Rel.41844(s)

Hello,

It's my first time VLAN's configuration and i have issue. So, clients gets IP from DHCP(correctly to VLAN IP pool), are able to use internet, but unfortunatelly they can also connect to each other VLAN ie. clients form VLAN 30 can connect to VLAN 40, VLAN 1 and VLAN 50. Configuration as follow:

TL-ER6020:
IP: 10.0.100.1/24

VLAN 1,30,40,50

static route:
VLAN30 10.0.0.0/24 10.0.100.2 LAN
VLAN40 192.168.0.0/24 10.0.100.2 LAN
VLAN50 10.0.10.0/24 10.0.100.2 LAN

NAT:
WAN1 10.0.100.0/24
WAN1 10.0.0.0/24
WAN1 192.168.0.0/24
WAN1 10.0.10.0/24

VLAN1   PORTS: 3(TAG) 4(TAG) 5(TAG) - Default Vlan For LAN
VLAN10   PORTS: 1(UNTAG) - Default Vlan For WAN1
VLAN20   PORTS: 2(UNTAG) - Default Vlan For WAN2
VLAN30   PORTS: 3(TAG) 4(TAG) 5(TAG) - school
VLAN40   PORTS: 3(TAG) 4(TAG) 5(TAG) - teachers
VLAN50   PORTS: 3(TAG),4(TAG),5(TAG) - guests

T2600G-28MPS a
IP: 10.0.100.2/24

VLAN 1,30,40,50

L3 Interfaces:
vlan1 10.0.100.2
vlan30 10.0.0.1
vlan40 192.168.0.1
vlan50 10.0.10.1

server DHCP pool
vlan1 10.0.100.0/24
vlan30 10.0.0.0/24
vlan40 192.168.0.0/24
vlan50 10.0.10.0/24

VLAN
tagged ports: 1
untagged ports: 2,17-28
pvid ports: 1,2,17-28 : 1

VLAN 30
tagged ports: 1,2,17-24
untagged ports: 9-16
pvid ports: 9-16 : 30

VLAN 40
tagged ports: 1,2,17-24
untagged ports: 3-8
pvid ports: 3-8 : 40

VLAN 50
tagged ports: 1,2,17-24
untagged ports:
pvid ports:

OC200
IP: 10.0.100.10/24

VLAN 1,30,40,50

SSID
school VLAN30
teachers VLAN40
guests VLAN50

All ports has Acceptable Frame Types as "Admit All" if i change to "Tagged Only" then clients in VLAN are loosing internet connection.

In attachment network diagram (switch B is not connected until it's not working as i wish).

Thanks in advance for help.

File:

Network Diagram.pngDownload

1 Reply

Anderson

2019-03-19 02:07:11

Posts: 139

Helpful: 34

Solutions: 3

Stories: 0

Registered: 2018-07-24

Re:TL-ER6020 & T2600G-28MPS VLAN configuration

2019-03-19 02:07:11

skangraf wrote

Hello,

It's my first time VLAN's configuration and i have issue. So, clients gets IP from DHCP(correctly to VLAN IP pool), are able to use internet, but unfortunatelly they can also connect to each other VLAN ie. clients form VLAN 30 can connect to VLAN 40, VLAN 1 and VLAN 50. Configuration as follow:

TL-ER6020:
IP: 10.0.100.1/24

VLAN 1,30,40,50

static route:
VLAN30 10.0.0.0/24 10.0.100.2 LAN
VLAN40 192.168.0.0/24 10.0.100.2 LAN
VLAN50 10.0.10.0/24 10.0.100.2 LAN

NAT:
WAN1 10.0.100.0/24
WAN1 10.0.0.0/24
WAN1 192.168.0.0/24
WAN1 10.0.10.0/24

VLAN1   PORTS: 3(TAG) 4(TAG) 5(TAG) - Default Vlan For LAN
VLAN10   PORTS: 1(UNTAG) - Default Vlan For WAN1
VLAN20   PORTS: 2(UNTAG) - Default Vlan For WAN2
VLAN30   PORTS: 3(TAG) 4(TAG) 5(TAG) - school
VLAN40   PORTS: 3(TAG) 4(TAG) 5(TAG) - teachers
VLAN50   PORTS: 3(TAG),4(TAG),5(TAG) - guests

T2600G-28MPS a
IP: 10.0.100.2/24

VLAN 1,30,40,50

L3 Interfaces:
vlan1 10.0.100.2
vlan30 10.0.0.1
vlan40 192.168.0.1
vlan50 10.0.10.1

server DHCP pool
vlan1 10.0.100.0/24
vlan30 10.0.0.0/24
vlan40 192.168.0.0/24
vlan50 10.0.10.0/24

VLAN
tagged ports: 1
untagged ports: 2,17-28
pvid ports: 1,2,17-28 : 1

VLAN 30
tagged ports: 1,2,17-24
untagged ports: 9-16
pvid ports: 9-16 : 30

VLAN 40
tagged ports: 1,2,17-24
untagged ports: 3-8
pvid ports: 3-8 : 40

VLAN 50
tagged ports: 1,2,17-24
untagged ports:
pvid ports:

OC200
IP: 10.0.100.10/24

VLAN 1,30,40,50

SSID
school VLAN30
teachers VLAN40
guests VLAN50

All ports has Acceptable Frame Types as "Admit All" if i change to "Tagged Only" then clients in VLAN are loosing internet connection.

In attachment network diagram (switch B is not connected until it's not working as i wish).

Thanks in advance for help.

Hi skangraf

It's normally that the different VLANs can connect to each other, because the switch support inter-VLAN routing. When you set L3 interface for each VLAN, the switch will generate the routing automatically. The devices can access other VLAN through these routing.

You can configure ACL to block the traffic between different VLAN. For example, block VLAN30 to VLAN40. You need to add following ACL rules.

1.Deny 10.0.0.0/24 to 192.168.0.0/24

2.Allow 10.0.0.0/24 to 0.0.0.0/0.

0.0.0.0/0 means all IP address.

About how to configure ACL, you can refer to the below link.

https://www.tp-link.com/en/configuration-guides/configuring_acl/?configurationId=18222#using_the_gui_2_1

TL-ER6020 & T2600G-28MPS VLAN configuration

TL-ER6020 & T2600G-28MPS VLAN configuration

Information

Voters 0

Tags