VLAN Help - Enabling cuts off Internet Access

VLAN Help - Enabling cuts off Internet Access
VLAN Help - Enabling cuts off Internet Access
2019-06-15 17:53:30
Model: T2500G-10TS(TL-SG3210)
Hardware Version: V1
Firmware Version: 1.0.1 Build 20171225 Rel.67244(s)

Hi,

 

Please forgive my ignorance, but I don't even know if I'm using the right equipment to do what I want to do with my home network.

 

I have an Archer C5400X router and I'm trying to isolate/segment my network so that my wireless PCs and wired NAS are separated from all other wired and wireless devices. 

 

I moved the wireless gear to my guest network and disabled their LAN and peer access, so that was easy. 

 

Next I wanted to separate the wired devices, so after some research, I bought the T2500G-10TS with the idea of using VLANs and Port Isolation.

 

The Port Isolation works well, but those wired devices can still see the wireless PCs on my router.  Following an old article from SmallNetBuilder, I created a VLAN (2) for all ports using "General" / Untagged and moved them their.  Then I created a seperate General/Untagged VLAN (3) for the devices, but when I assign the VLAN PVID (3) to their ports (1-6), they are completely cut off from the Internet.

 

I've tried the DHCP relay, disabling the Port Isolation, using the IPTV VLAN routing in the Archer C5400X and many other things, but nothing works.  I'm either missing something entirely, or this gear can't do what I want it to do.

 

Also, is there any reason why a brand-new switch purchased from Amazon in the US would be V1 with such old firmware?

 

Thank you in advance for your help,

Ian

0
0
#1
Options
5 Replies
Re:VLAN Help - Enabling cuts off Internet Access
2019-06-17 06:56:43

Nah, you cannot do it with 5400X, if you want to base it on VLANs. Despite the cost it is still SOHO device, so it doesn't support 802.1Q on LAN ports. If you had TL-ER6120 (or some cheap Mikrotik), then you would easily configure it with adding your VLAN's (tagged) on LAN-port, so everything would work. 

So, until you have 5400X forget about VLANs. 

Port Isolation will work like you said, it is true, so it will isolate based on ports on switch, so you can't filter wireless clients.

I do not now, how Guest Network works on 5400X, but in general in should not allow wireless clients connect to LAN. If it is so, then configure guest network + port isolation, it would be enough for what you want.

0
0
#2
Options
Re:Re:VLAN Help - Enabling cuts off Internet Access
2019-06-17 15:36:14

Thank you for your helpful reply and for your confirmation that this won't work with a consumer router. I suppose I can get a VLAN-aware Ethernet router to go between my cable modem and then connect the switch and wireless router ot it, right?

0
0
#3
Options
Re:Re:Re:VLAN Help - Enabling cuts off Internet Access
2019-06-18 09:00:48

Hi lanA

 

I see that C5400X guest network has the option of "Allow guests to access each other" and "Allow guest to access my local network". The geust network should be able to isolate the wireless clients and wired clients, maybe can meet your demand. 

Even if you get a VLAN-aware Ethernet router, if your wireless PC is connected to C5400X, you still need to consider how to isolate the wireless clients and wired clients.

0
0
#4
Options
Re:Re:Re:Re:VLAN Help - Enabling cuts off Internet Access
2019-06-20 03:56:00

Hi Andone,

 

I have taken advantage of those features on the guest network and they work well.  I ended up returning the Tp-link switch and going with a Ubiquiti Edgerouter 10X which also has 10 gigabit ports and a switch chip.  I'll turn the C5400X into an access point and create VLANs with router/switch for the wired devices.  I wish Tp-link had something similar but the VPN routers would also require me to have a switch and I'm trying to keep the costs and pieces of equipment down.

0
0
#5
Options
Re:Re:Re:Re:Re:VLAN Help - Enabling cuts off Internet Access
2019-06-21 10:06:47

The latest version of TP-Link SMB Router supports VLAN and it can meet your requirements that isolate the devices. But unfortunately TP-Link SMB router doesn't have wireless function, otherwise, you just need to buy a router which support VLAN and wireless.(The wireless still need to support isolation)

0
0
#6
Options