TL-SG1016DE vlan issues
I have the following situation: In one of the rooms at home, I have a TV with a set-top box, along with some other network devices. The set-top box (STB) is provided by my ISP and requires a direct connection to the cable modem (WAN). All other devices should be behind my router in the local network (LAN). Unfortunately I have only a single ethernet cable going to the room. Therefore I bought two managed TP-Link switches (TL-SG1016DE and TL-SG108E), such that I can use VLAN's to transport both WAN and LAN traffic over the same cable.
The network setup is as follows:
The main TL-SG1016DE switch VLAN configuration is as follows:
Note: compared to my diagrams above, port 1 and 2 are swapped.
This works fine except for these problems:
When the TL-SG1016DE switch is configured as DHCP client, it doesn't seems to request an IP address from the router. The result is that I can no longer access the switch management interface, because I don't know it's IP address. I'm not sure, but I suspect the switch has received an IP address directly from the cable modem instead. This is of course not supposed to happen. For now I worked around this problem by assigning a static IP address. But how can I be sure the switch can't be accessed from the internet? Because that would be a huge security risk!
When connecting a PC to a port intended for the STB (e.g. the WAN vlan), I correctly receive an public IP address from my ISP. But if configure the PC with a manual IP address in the same subnet as the LAN, then I can still access the switch management interface. How do I restrict this to only devices inside the LAN?
The switch management interface is painfully slow, to the point where it is simply unuseable. When I ping the IP address of the main switch, I see extremely high ping times (~8000ms) and also packet loss. When I ping the secondary switch or other devices in the network, there is no packet loss and normal ping times (~2.5ms for the secondary switch and ~0.5ms for other wired devices). The strange thing is that if I disconnect the cable modem from the main switch, those high ping times immediately disappear and the management interface becomes responsive again. To me, that seems to indicate a problem with the switch or its configuration.