Internet access help using router/switch/EAP and Vlans
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I have a Router/Switch/EAP setup that provides 4 vlans using a single EAP.
I have had it working previously but something happened and I can't get Internet access to any of the vlans working any more.
Router: TL-ER6020
Switch: TL-SG2008P
EAP: 655-Wall
The setup has ISP internet providing a dynamic IP to WAN1 of my router (vlan10.) WAN2 (vlan20) is not currently used and the remaining ports 3-5 are on vlan1
DHCP is using 10.10.0.100-150
The Switch (port 8) is connected to port 5 of the Router.
Switch L2 features:
vlan1 - system vlan (port 1 -8 untagged)
Each Vlan provides its own pool of IPs
vlan100 - 10.10.1.x (port 1 tagged and port 8 tagged)
vlan200 - 10.10.2.x (port 1 tagged and port 8 tagged)
vlan300 - 10.10.5.x (port 1 tagged and port 8 tagged)
vlan400 - 10.10.10.x (port 1 tagged and port 8 tagged)
The EAP is configured to provide SSIDs for each of the vlans and is connected to Port 1 of the switch
According to all documentation I could find, Port 1 on the switch should be set to untagged, but I found that with that setup I was unable to get the IPs delivered to the Hosts.With port 1 of the switch set to tagged the IP was assigned to the host properly. I assumed that this was because the port was connected to the EAP rather than to an individual host.
If I connect to the EAP and connect to the SSID for vlan1 I am able to access the internet, however, if I connect to any other SSID (connected to the other vlans) I get the proper IP address but have no internet access. I assume this has something to do with a missing route I need to define?
If I connect my computer with an ethernet cable to one of the unused ports on the Switch or Router I have access to the 10.10.0.x IP range and have internet access.
I know I had this working before but I must have deleted a route or something else that made it work and I can't figure out what i did.
From what I can tell, everything else is working as expected, I just need to find a way to get the hosts that are connecting to the other vlans to access the internet.
I tried adding the IP ranges into the Multi-Nets NAT List but that didn't work. There must be something simple I am missing. I keep trying different things but the more I do the more of a mess I make. I am hoping someone can point out what I need to do and give me some kind of explanation. I tried following procedures on line but most don't explain why they are doing what they are, and give examples based on outdated interfaces and equipment/ setups that don't match what I am using. I don't mind experimenting to figure out what is happening but there are way too many variables and in a lot of cases I have to reboot everything in order to be sure that changes have actually taken effect.
I assume that there must also be a way to allow hosts on different subnets to communicate. Is this possible by setting up routes in the Switch? Any examples or guides using the same hardware I am using?
Thanks for any assistance anyone can provide.
Okay, after making my changes everything I connecting up appears to now be working properly.
1. The Router has 3 vlans. Port1 Wan1 (vlan10) Port2 Wan2 (vlan20) and Ports 3-5 Vlan1
2. The Router Port 5 is connected to the Switch Port 8 (both tagged)
3. The EAP is connected to Port 1 (POE) of the switch (tagged).
4. My HomeAssistant Pi is connected via ethernet to Port 5 (untagged) on the switch and belongs to the IOT vlan (PVID is set to 400 under Ports - IOT vlan)
5. My Network printer (HP Color CP2025dn) is connected via ethernet to to Port 7 (untagged) on the switch and is on vlan1 (PVID is set to 1 under Ports)
6. All my vlans can be accessed through the single EAP using different SSIDs.
7. Each of the Vlans can access the internet through the switch interface using the default gateway of that interface (10.10.0.2).
7. Internet access is possible by adding the static route that points each vlan to the interface 10.10.0.2 (ex. destination: 10.10.10.0 next hop 10.10.0.2 see Edit below)
Issues still to resolve:
1. Printing to network printer does not function properly.
1. Printing issue solved using Static route rather than default gateway (10.10.0.2)
One of my laptops can access the printer and Print to it from any of the vlans (wireless) but two of my new HP laptops can access the printer web server and view all its inf but are unable to print to it. The print jobs get stuck in the print queue. I can't figure out what is different other than the Toshiba has an older version of Win10 and the HPs are on newer versions of Win 10 and Win11. If I switch SSIDs on the HP laptops the print job gets sent to the printer right away.
I read in other posts about some firmware changes on the EAP that might help and also about mDNS issues but I am not sure if these apply in my case.
2. Download and upload speed issues - Edit: upgrading the switch to the latest firmware appears to have resolved this isssue.
The other thing I have noticed and have not been able to figure out is why my speed tests show a 5-10x increase/decrease when I switch from my admin SSID (vlan1) to any of my other SSIDs (Vlan100 - 400)
I have run the speed test a bunch of times and the difference can be more than 10x. I must have something set incorrectly to make a difference in the speed as large as that.
The first and last readings are when I have my computer connected via my Admin SSID (vlan1) The middle reading is connected to my IOT SSID (vlan400) Same computer, just switching internet connections (SSID) through the EAP.
Usually this reading is about 30-40 Mbps for downloads and about the 3-5 for uploads. The one in the pic is probably the highest one I have got so far.
Any suggestions as to where I need to look.
Edit 1
I have been able to fix the printing issue. Apparently the use of the default gateway provided by the DHCP pool worked to give access to the internet but causes other issues.
I put the standard Default gateway back for each of the DHCP subnets and used the Static Routing Table to do the same thing. This allows the printing to work properly as well.
So for the moment the only issue I am still having is with the download and upload speeds for the vlans other than vlan1.
Edit 2
I updated the firmware of my switch to the latest version. I did it one version at a time using the versions available on the TP-Link site. Thanks Jericho. Huang (TP-Link Technical Support) https://www.tp-link.com/en/support/download/tl-sg2008p/#Firmware
I had problems with internet access with the first two updates but the latest appears to have solved the problem.
Speed test of the main vlan1:
And these are the tests of eac of the 3 vlans using the dhcp address pools from the switch
I think I have figured out the problem. There were some issues that required me to reset the router and the switch back to factory settings but I believe that the biggest issue was the default gateway set in the IP Pool setups for the vlans.
There are some basic settings that are defined as Optional (such as the Default Gateway) I had tried leaving those blank and then added in the standards but it wasn't until I added in the Interface ip for the switch (vlan1) that I was able to get internet access.
In the instructions this is shown
But for me to get access t the internet for each of the vlans I needed to enter the Ip used for the L3 interface for vlan1
Using the Switch IP for the gateway allows the other domains access out.
I only have 2 of my 4 vlans set up and working now. Will add the other two and hope that this is the only issue. Keeping my fingers crossed.
Okay, after making my changes everything I connecting up appears to now be working properly.
1. The Router has 3 vlans. Port1 Wan1 (vlan10) Port2 Wan2 (vlan20) and Ports 3-5 Vlan1
2. The Router Port 5 is connected to the Switch Port 8 (both tagged)
3. The EAP is connected to Port 1 (POE) of the switch (tagged).
4. My HomeAssistant Pi is connected via ethernet to Port 5 (untagged) on the switch and belongs to the IOT vlan (PVID is set to 400 under Ports - IOT vlan)
5. My Network printer (HP Color CP2025dn) is connected via ethernet to to Port 7 (untagged) on the switch and is on vlan1 (PVID is set to 1 under Ports)
6. All my vlans can be accessed through the single EAP using different SSIDs.
7. Each of the Vlans can access the internet through the switch interface using the default gateway of that interface (10.10.0.2).
7. Internet access is possible by adding the static route that points each vlan to the interface 10.10.0.2 (ex. destination: 10.10.10.0 next hop 10.10.0.2 see Edit below)
Issues still to resolve:
1. Printing to network printer does not function properly.
1. Printing issue solved using Static route rather than default gateway (10.10.0.2)
One of my laptops can access the printer and Print to it from any of the vlans (wireless) but two of my new HP laptops can access the printer web server and view all its inf but are unable to print to it. The print jobs get stuck in the print queue. I can't figure out what is different other than the Toshiba has an older version of Win10 and the HPs are on newer versions of Win 10 and Win11. If I switch SSIDs on the HP laptops the print job gets sent to the printer right away.
I read in other posts about some firmware changes on the EAP that might help and also about mDNS issues but I am not sure if these apply in my case.
2. Download and upload speed issues - Edit: upgrading the switch to the latest firmware appears to have resolved this isssue.
The other thing I have noticed and have not been able to figure out is why my speed tests show a 5-10x increase/decrease when I switch from my admin SSID (vlan1) to any of my other SSIDs (Vlan100 - 400)
I have run the speed test a bunch of times and the difference can be more than 10x. I must have something set incorrectly to make a difference in the speed as large as that.
The first and last readings are when I have my computer connected via my Admin SSID (vlan1) The middle reading is connected to my IOT SSID (vlan400) Same computer, just switching internet connections (SSID) through the EAP.
Usually this reading is about 30-40 Mbps for downloads and about the 3-5 for uploads. The one in the pic is probably the highest one I have got so far.
Any suggestions as to where I need to look.
Edit 1
I have been able to fix the printing issue. Apparently the use of the default gateway provided by the DHCP pool worked to give access to the internet but causes other issues.
I put the standard Default gateway back for each of the DHCP subnets and used the Static Routing Table to do the same thing. This allows the printing to work properly as well.
So for the moment the only issue I am still having is with the download and upload speeds for the vlans other than vlan1.
Edit 2
I updated the firmware of my switch to the latest version. I did it one version at a time using the versions available on the TP-Link site. Thanks Jericho. Huang (TP-Link Technical Support) https://www.tp-link.com/en/support/download/tl-sg2008p/#Firmware
I had problems with internet access with the first two updates but the latest appears to have solved the problem.
Speed test of the main vlan1:
And these are the tests of eac of the 3 vlans using the dhcp address pools from the switch