Second opinion on VLAN config TL-SG1016DE

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Second opinion on VLAN config TL-SG1016DE

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Second opinion on VLAN config TL-SG1016DE
Second opinion on VLAN config TL-SG1016DE
2021-06-24 09:52:45
Model: TL-SG1016DE  
Hardware Version: V4
Firmware Version: 1.0.0 Build 20191128 Rel.43060

Hi

 

I'm a beginner to this so I would very much like a second opinion on this configuration. 

 

This is what I intend. 

Port 1. WAN port connected to ISP. VLAN 10

Port 3. Firewall, with one ethernet only. Filtering all traffic. Acting DHCP for all VLANs with different subnets

Port 5,7: Trunk ports to other switches

Port 9-16: IoT VLAN. VLAN 30. Can reach WAN after being filtered by FW on port 3

Port 2,4,6,8: Home net. VLAN 20. Can reach WAN after being filtered by FV on port 3

 

VLAN 20 should be able to talk to VLAN 30 depending on FW rules

 

This is my current configuration, will it work?

 

 

 

Any help appreciated. 

  0      
  0      
#1
Options
2 Reply
Re:Second opinion on VLAN config TL-SG1016DE
2021-06-25 05:59:18
First look - ports 5 an 7 should have PVID 30 as they are tagged for VLAN 1 or they should have PVID 1 if you swap their tagged/untagged status for VLANs 1 and 30. Port 3 is untagged on VLAN 10 and 30 with PVID 10 so it should be tagged on vlan 30. - Can you send the system config from a telnet/ssh session.
  0  
  0  
#3
Options
Re:Second opinion on VLAN config TL-SG1016DE
2021-06-25 12:38:23

@Buckleau 

 

I dont seem to be able to either telnet och ssh to the switch, but will have to make due with the web or config util. 

 

New try since last time.

 

from fiber box comes untagged traffic on port 1. it gets VLAN id 10 due to port 1 having PVID 10

the only members of PVID10 is port 1 and 3. So port 3 gets tagged vlan10. The FW then, depending on the rules, tags the traffic with 20 or 30. 

ports with PVID20 gets that traffic and sends it to the clients

ports with PVID30 gets that traffic and sends it to the clients

 

Clients on port 2-8 that send outgoing will send untagged traffic that will be added VLAN id 20. if its directed to the internet the FW in port 3 will get that traffic and change id to VLAN10 and send it to port 1.

Clients on port 3,5,7,9-16 the same but VLAN 30. 

 

port 5,7 speak to other switch that also have VLAN 1 as tagged and VLAN 20,30 as untagged. 

 

how am I doing?

 

 

  0  
  0  
#4
Options