TL-ER6020 & T2600G-28MPS VLAN configuration
TL-ER6020 & T2600G-28MPS VLAN configuration
TL-ER6020 & T2600G-28MPS VLAN configuration
2019-03-18 20:32:48 - last edited 2019-03-18 20:34:30
Model: T2600G-28MPS(TL-SG3424P)
Hardware Version: V3
Firmware Version: 3.0.0 Build 20180301 Rel.41844(s)

Hello,

It's my first time VLAN's configuration and i have issue. So, clients gets IP from DHCP(correctly to VLAN IP pool), are able to use internet, but unfortunatelly they can also connect to each other VLAN ie. clients form VLAN 30 can connect to VLAN 40, VLAN 1 and VLAN 50. Configuration as follow:

 

 

TL-ER6020:
IP: 10.0.100.1/24

VLAN 1,30,40,50

static route:
VLAN30 10.0.0.0/24 10.0.100.2 LAN
VLAN40 192.168.0.0/24 10.0.100.2 LAN
VLAN50 10.0.10.0/24 10.0.100.2 LAN

NAT:
WAN1  10.0.100.0/24
WAN1 10.0.0.0/24
WAN1 192.168.0.0/24
WAN1 10.0.10.0/24

VLAN1    PORTS: 3(TAG) 4(TAG) 5(TAG) - Default Vlan For LAN    
VLAN10    PORTS: 1(UNTAG) - Default Vlan For WAN1    
VLAN20    PORTS: 2(UNTAG) - Default Vlan For WAN2    
VLAN30    PORTS: 3(TAG) 4(TAG) 5(TAG) - school    
VLAN40    PORTS: 3(TAG) 4(TAG) 5(TAG) - teachers     
VLAN50    PORTS: 3(TAG),4(TAG),5(TAG) - guests

 

 

T2600G-28MPS a
IP: 10.0.100.2/24

 

VLAN 1,30,40,50

L3 Interfaces:
vlan1 10.0.100.2
vlan30 10.0.0.1
vlan40 192.168.0.1
vlan50 10.0.10.1

server DHCP pool
vlan1 10.0.100.0/24
vlan30 10.0.0.0/24
vlan40 192.168.0.0/24
vlan50 10.0.10.0/24


VLAN
tagged ports: 1
untagged ports: 2,17-28
pvid ports: 1,2,17-28 : 1

VLAN 30
tagged ports: 1,2,17-24
untagged ports: 9-16
pvid ports: 9-16 : 30

VLAN 40
tagged ports: 1,2,17-24
untagged ports: 3-8
pvid ports: 3-8 : 40

VLAN 50
tagged ports: 1,2,17-24
untagged ports:
pvid ports:

 


OC200
IP: 10.0.100.10/24

VLAN 1,30,40,50

SSID
school VLAN30
teachers VLAN40
guests VLAN50

 

All ports has Acceptable Frame Types as "Admit All" if i change to "Tagged Only" then clients in VLAN are loosing internet connection.

In attachment network diagram (switch B is not connected until it's not working as i wish).

 

Thanks in advance for help.

File:
Network Diagram.pngDownload
0
0
#1
Options
1 Reply
Re:TL-ER6020 & T2600G-28MPS VLAN configuration
2019-03-19 02:07:11

skangraf wrote

Hello,

It's my first time VLAN's configuration and i have issue. So, clients gets IP from DHCP(correctly to VLAN IP pool), are able to use internet, but unfortunatelly they can also connect to each other VLAN ie. clients form VLAN 30 can connect to VLAN 40, VLAN 1 and VLAN 50. Configuration as follow:

 

 

TL-ER6020:
IP: 10.0.100.1/24

VLAN 1,30,40,50

static route:
VLAN30 10.0.0.0/24 10.0.100.2 LAN
VLAN40 192.168.0.0/24 10.0.100.2 LAN
VLAN50 10.0.10.0/24 10.0.100.2 LAN

NAT:
WAN1  10.0.100.0/24
WAN1 10.0.0.0/24
WAN1 192.168.0.0/24
WAN1 10.0.10.0/24

VLAN1    PORTS: 3(TAG) 4(TAG) 5(TAG) - Default Vlan For LAN    
VLAN10    PORTS: 1(UNTAG) - Default Vlan For WAN1    
VLAN20    PORTS: 2(UNTAG) - Default Vlan For WAN2    
VLAN30    PORTS: 3(TAG) 4(TAG) 5(TAG) - school    
VLAN40    PORTS: 3(TAG) 4(TAG) 5(TAG) - teachers     
VLAN50    PORTS: 3(TAG),4(TAG),5(TAG) - guests

 

 

T2600G-28MPS a
IP: 10.0.100.2/24

 

VLAN 1,30,40,50

L3 Interfaces:
vlan1 10.0.100.2
vlan30 10.0.0.1
vlan40 192.168.0.1
vlan50 10.0.10.1

server DHCP pool
vlan1 10.0.100.0/24
vlan30 10.0.0.0/24
vlan40 192.168.0.0/24
vlan50 10.0.10.0/24


VLAN
tagged ports: 1
untagged ports: 2,17-28
pvid ports: 1,2,17-28 : 1

VLAN 30
tagged ports: 1,2,17-24
untagged ports: 9-16
pvid ports: 9-16 : 30

VLAN 40
tagged ports: 1,2,17-24
untagged ports: 3-8
pvid ports: 3-8 : 40

VLAN 50
tagged ports: 1,2,17-24
untagged ports:
pvid ports:

 


OC200
IP: 10.0.100.10/24

VLAN 1,30,40,50

SSID
school VLAN30
teachers VLAN40
guests VLAN50

 

All ports has Acceptable Frame Types as "Admit All" if i change to "Tagged Only" then clients in VLAN are loosing internet connection.

In attachment network diagram (switch B is not connected until it's not working as i wish).

 

Thanks in advance for help.

 

Hi skangraf

 

It's normally that the different VLANs can connect to each other, because the switch support inter-VLAN routing. When you set L3 interface for each VLAN, the switch will generate the routing automatically. The devices can access other VLAN through these routing.

 

You can configure ACL to block the traffic between different VLAN. For example, block VLAN30 to VLAN40. You need to add following ACL rules.

1.Deny 10.0.0.0/24 to 192.168.0.0/24

2.Allow 10.0.0.0/24 to 0.0.0.0/0. 

0.0.0.0/0 means all IP address.

 

About how to configure ACL, you can refer to the below link.

https://www.tp-link.com/en/configuration-guides/configuring_acl/?configurationId=18222#using_the_gui_2_1

 

0
0
#2
Options