Business Community > Routers > ER605 VLAN Routing
< Routers

ER605 VLAN Routing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 VLAN Routing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 VLAN Routing
ER605 VLAN Routing
2023-05-16 17:19:05
Model: ER605 (TL-R605)  
Hardware Version:
Firmware Version:

Hello!

 

I'm trying to setup an isolate VLAN network that can only get to the internet but not to anything else on the network. I have a TP Link SG2428P switch. On the switch, I have ports 2-4 setup as tagged VLAN10 and all other ports as untagged VLAN1. VLAN1 is 172.16.0.1/24, VLAN10 is 172.16.2.1/24. Port 1 of the switch goes to the ER605 router's port 2. Switch port 2 (VLAN10) goes to the ER605 router's port 3. On the ER605, Port 2 is setup as untagged, port 3 is tagged VLAN10. I get the proper IP Addresses via DHCP from both VLANs when I plug in via ethernet. I can get to all network resources and the internet on VLAN1. On VLAN10, I get an IP Address but I am unable to ping the default gateway or get to the internet. I am NOT using Omada in this setup.

 

What do I have to do to get to the internet on VLAN10? 

 

Thank you

  0      
 
  0      
 
#1
Options
3 Reply
Re:ER605 VLAN Routing
2023-05-16 18:11:02

  @tuckerm 

 

I assume you've configured both LAN subnets on the ER605 and assigned then to VLAN1 and VLAN10 respectively?  I also assume the ER605 is the DHCP server for those subnets and not the switch?

 

You don't need two wires from the switch, you can configure the router port to have PVID=1 (native untagged VLAN of 1) and also belong to VLAN10 but tagged.  You configure the same on the 2428 switch, and then a single cable will connect both VLANs into the router.  Traffic will remain isolated.

 

The LAN subnet which is tagged as VLAN10 can just be configured as a GUEST network...this prevents it from accessing all other private IPs (so other peers or services locally, as well as the whole of VLAN1).  Basically a Guest can only get to internet.

 

Now that said, I think the issue may be the Port Profile you have configured on ER605port3.  If it doesn't match the tag/untag you configured on the switch, it won't work.  At a minimum it needs to be VLAN10 tagged.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:ER605 VLAN Routing
2023-05-16 22:15:49

  @d0ugmac1 

 

I have made the changes you specified above, including removing the second ethernet cable. ER605 LAN Port 2 is set as untagged, and tagged VLAN10. All switch ports are set to untagged and switch port 2 is set to tagged VLAN10. Both LAN subnets are configured on the ER605 and assigned to the resepective VLANs and yes, it is the DHCP server for the subnets, not the switch.

 

 

Upon making the configuration changes, I no longer get a VLAN10 IP address when plugged into Swith Port 2. If I statically set my IP address to the VLAN10 IP scheme, I have no connectivity to anything, including the internet.

 

What am I missing?

 

  0  
  0  
#3
Options
Re:ER605 VLAN Routing
2023-05-16 23:09:36

  @tuckerm 

 

If all the other VLAN1 ports are behaving as expected, then I think it's behaving exactly as it should! 

 

What you do next is configure one or more VLAN10 access port(s) on your switch, say make port 3 to be VLAN10 untagged only (no VLAN1).  Jack your test laptop into that, and you should get a VLAN10 IP assigned.  The reason it doesn't work on the router is it's expecting VLAN10 traffic to be tagged, and by default, most laptops are NOT.

 

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 1413

Replies: 3

Related Articles
ER605 Basic routing assistance
5383 0
ER605 LT2P VPN is not routing through VPN
819 0
Static routing with an ER605
2379 0
OpenVPN Routing on ER605
782 0
ER605 vpn routing
463 0
ER605 routing and other issues
1992 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.