mariem56 wrote

Thank you sir. It's different from a Cisco concept of VLAN... So for uplink from the L3SW Edge Switch I can use the Port 1/0/1 of TPlink as the tagged port/ uplink port? Then untagged the port that is connected to PC or printer with static address. Then I would connect my AP with VLAN20(WLAN Corporate) VLAN30(Guest) as tagged port? My problem would be getting two VLANs from 1AP connected to TPlink Switch.

@mariem56 

I am more familiar with the way vlans are handled on the EdgeRouters than Mikrotik.

The Ubitquiti access points expect the configuration to be done with standard ethernet frames (untagged frames).  After the access point has been adopted by the controller, in recent versions of firmware/controller you can tell it to use a vlan for management, but it is easier to just leave it as is.  I don't think you want WLAN Corporate unless you are using a Unifi router (USG or UDM).  If you are using Edgeswitch or TP-Link, then the unifi controller does not control them.  Instead you want to use "vlan only".  Google corporate vs vlan only unifi to find information about the differences.  As @R1D2 said, if you have questions about Unifi setup, the Ubiquiti Unifi forum would be a better place to get configuration help. 

So for trusted home lan and guest wifi (if you have separate subnets/vlans for these your MTK router) you want the link to the UAP to have the trusted home network to be (in Cisco terminology, the Native vlan for the trunk) and the guest to be on a tagged vlan (on the wire).  Or if you want to do it like in a business, you would have a separate management vlan, and use tagged vlans for both SSIDs.  At home I just have trusted and untrusted and do management on the trusted vlan/subnet.

Every vendor has different ways of setting up switches.  TP-Link, Cisco, HP, MikroTik, Ubiquiti (has two, unifi is different from edgeswitch). 

Since you are familiar with Cisco, to setup a trunk with native vlan on the TP-Link (lets say trunk carrying two vlans 10 and 20 with 10 as the native vlan)

define vlan 10 and for the trunk port add as untagged (the port will send traffic from vlan 10 as untagged on egress from the port)

define vlan 20 and for the trunk port add as tagged (the port will send traffic from vlan 20 as tagged on egress from the port)

For the trunk port set the pvid to 10 (the vlan that the port will classify untagged ingress frames into).

The big difference that I noticed with TP-Link compared to Ubiquiti is that you must explicitly specify how frames will be sent (tagged or untagged) in addition to specifying what vlan the port will classify with a standard untagged ethernet frame it receives (the pvid).  It is possible to configure asymmetric vlans, somewhat like cisco private vlans where it is possible to receive untagged frames coming from one vlan and respond to them and have the return frame traverse a different vlan in the switch.  So you define what vlans the port is a member of, and whether the frames sent from the switch port will have an IEEE 802.1Q tag or not.  When the switch port receives an ethernet frame, it has to classify it into a single vlan, or drop it.  If the frame it receives is tagged then as long as the port is a member of the vlan specified by the IEEE 802.1Q tag, then the frame will be classified and forewarded on the vlan.  If tagged and port is not a member, frame is dropped.  If the received frame has no IEEE 802.1Q tag, then the frame is classified as belonging to the vlan specified by the PVID (port vlan id) for the port, and it gets forwarded only to members of that vlan, but normally only a single port where the mac was last seen for unicast frames.

There really should be a vlan rosetta stone.

mariem56 wrote

I have this problem too. I owned a TPlink 2600G-52TS and Unifi EdgeSwitch L3SW and UAPs, My plan is to set a L3SW for routing and create an uplink to TPlink Switch then connect my UAPs there but Creating VLANs is so confusing to me. Why is a VLAN called untagged port?

@mariem56 

Here's an example config on the only type of vlan-aware TP-Link switch I own (TL-SG108E v4).

Port 1 and 8 are configured as trunk ports with vlans 10, 20 and 30 with vlan 30 as the "native" untagged vlan (see pvid and that 30 is untagged on those ports), and vlan 10 and 20 tagged.

Port 3 is an access port for vlan 20 (only a member of vlan 20, port set as untagged on vlan 20 and pvid for port set to 20.

Port 5 is an access port for vlan 10 (only a member of vlan 10, port set as untagged on vlan 10 and pvid for port set to 30.

Ports 2, 4, 6 and 7 are access ports for vlan 30 (only members of vlan 30, ports set as untagged for vlan 30, and pvid for ports set to 30

vlan 1 can't be deleted, but you can remove it from every port.  But you must have a PVID defined for every port (at least on TL-SG108E)

@Bongo 

I tried similar configuration on TL-SG108E, but I get disconnected from network once I remove all the ports from default vlan1. My router connection goes to port1. What should be changed here so that setup works?

802.1Q VLAN CONFIGURATION