Internet access help using router/switch/EAP and Vlans

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Internet access help using router/switch/EAP and Vlans

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Internet access help using router/switch/EAP and Vlans
Internet access help using router/switch/EAP and Vlans
2023-11-05 04:43:37 - last edited 2023-11-14 20:55:16
Model: TL-ER6020   SG2008P   EAP655-Wall  
Hardware Version: V2
Firmware Version: 2.0.3 Build 20200623 Rel.39031

I have a Router/Switch/EAP setup that provides 4 vlans using a single EAP.

I have had it working previously but something happened and I can't get Internet access to any of the vlans working any more.

 

Router: TL-ER6020

Switch: TL-SG2008P

EAP: 655-Wall

 

The setup has ISP internet providing a dynamic IP to WAN1 of my router (vlan10.) WAN2 (vlan20) is not currently used and the remaining ports 3-5 are on vlan1

DHCP is using 10.10.0.100-150

 

The Switch (port 8) is connected to port 5 of the Router.

 

Switch L2 features:

vlan1 - system vlan (port 1 -8 untagged)

Each Vlan provides its own pool of IPs

vlan100 - 10.10.1.x (port 1 tagged and port 8 tagged)

vlan200 - 10.10.2.x (port 1 tagged and port 8 tagged)

vlan300 - 10.10.5.x (port 1 tagged and port 8 tagged)

vlan400 - 10.10.10.x (port 1 tagged and port 8 tagged)

 

The EAP is configured to provide SSIDs for each of the vlans and is connected to Port 1 of the switch

 

According to all documentation I could find, Port 1 on the switch should be set to untagged, but I found that with that setup I was unable to get the IPs delivered to the Hosts.With port 1 of the switch set to tagged the IP was assigned to the host properly. I assumed that this was because the port was connected to the EAP rather than to an individual host.

 

If I connect to the EAP and connect to the SSID for vlan1 I am able to access the internet, however, if I connect to any other SSID (connected to the other vlans) I get the proper IP address but have no internet access. I assume this has something to do with a missing route I need to define?

If I connect my computer with an ethernet cable to one of the unused ports on the Switch or Router I have access to the 10.10.0.x IP range and have internet access.

I know I had this working before but I must have deleted a route or something else that made it work and I can't figure out what i did.

 

From what I can tell, everything else is working as expected, I just need to find a way to get the hosts that are connecting to the other vlans  to access the internet.

I tried adding the IP ranges into the Multi-Nets NAT List but that didn't work. There must be something simple I am missing.  I keep trying different things but the more I do the more of a mess I make. I am hoping someone can point out what I need to do and give me some kind of explanation. I tried following procedures on line but most don't explain why they are doing what they are, and give examples based on outdated interfaces and equipment/ setups that don't match what I am using. I don't mind experimenting to figure out what is happening but there are way too many variables and in a lot of cases I have to reboot everything in order to be sure that changes have actually taken effect.

I assume that there must also be a way to allow hosts on different subnets to communicate. Is this possible by setting up routes in the Switch? Any examples or guides using the same hardware I am using?

 

Thanks for any assistance anyone can provide.

 

 

 

 

 

 

 

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Internet access help using router/switch/EAP and Vlans-Solution
2023-11-10 22:57:28 - last edited 2023-11-14 20:55:16

Okay, after making my changes everything I connecting up appears to now be working properly.

1. The Router has 3 vlans. Port1 Wan1 (vlan10) Port2 Wan2 (vlan20) and Ports 3-5 Vlan1

2. The Router Port 5 is connected to the Switch Port 8 (both tagged)

3. The EAP is connected to Port 1 (POE) of the switch (tagged).

4. My HomeAssistant Pi is connected via ethernet to Port 5 (untagged) on the switch and belongs to the IOT vlan (PVID is set to 400 under Ports - IOT vlan)

5. My Network printer (HP Color CP2025dn) is connected via ethernet to to Port 7 (untagged) on the switch and is on vlan1 (PVID is set to 1 under Ports)

6. All my vlans can be accessed through the single EAP using different SSIDs.

7. Each of the Vlans can access the internet through the switch interface using the default gateway of that interface (10.10.0.2).

7. Internet access is possible by adding the static route that points each vlan to the interface 10.10.0.2 (ex. destination: 10.10.10.0 next hop 10.10.0.2 see Edit below)
 

Issues still to resolve:
1. Printing to network printer does not function properly.

1. Printing issue solved using Static route rather than default gateway (10.10.0.2)

One of my laptops can access the printer and Print to it from any of the vlans (wireless) but two of my new HP laptops can access the printer web server and view all its inf but are unable to print to it. The print jobs get stuck in the print queue. I can't figure out what is different other than the Toshiba has an older version of Win10 and the HPs are on newer versions of Win 10 and Win11. If I switch SSIDs on the HP laptops the print job gets sent to the printer right away.

I read in other posts about some firmware changes on the EAP that might help and also about mDNS issues but I am not sure if these apply in my case.

 

2. Download and upload speed issues - Edit: upgrading the switch to the latest firmware appears to have resolved this isssue.

The other thing I have noticed and have not been able to figure out is why my speed tests show a 5-10x increase/decrease when I switch from my admin SSID (vlan1) to any of my other SSIDs (Vlan100 - 400)
I have run the speed test a bunch of times and the difference can be more than 10x. I must have something set incorrectly to make a difference in the speed as large as that.

The first and last readings are when I have my computer connected via my Admin SSID (vlan1) The middle reading is connected to my IOT SSID (vlan400) Same computer, just switching internet connections (SSID) through the EAP.
Usually this reading is about 30-40 Mbps for downloads and about the 3-5 for uploads. The one in the pic is probably the highest one I have got so far.

Any suggestions as to where I need to look.

 

Edit 1

I have been able to fix the printing issue. Apparently the use of the default gateway provided by the DHCP pool worked to give access to the internet but causes other issues.

I put the standard Default gateway back for each of the DHCP subnets and used the Static Routing Table to do the same thing. This allows the printing to work properly as well.

So for the moment the only issue I am still having is with the download and upload speeds for the vlans other than vlan1.

 

Edit 2

I updated the firmware of my switch to the latest version. I did it one version at a time using the versions available on the TP-Link site. Thanks Jericho. Huang (TP-Link Technical Support) https://www.tp-link.com/en/support/download/tl-sg2008p/#Firmware

 

I had problems with internet access with the first two updates but the latest appears to have solved the problem.

 

Speed test of the main vlan1:

And these are the tests of eac of the 3 vlans using the dhcp address pools from the switch

 

Recommended Solution
  0  
  0  
#6
Options
5 Reply
Re:Internet access help using router/switch/EAP and Vlans
2023-11-06 03:51:49

Hi @ksihota 

Thanks for posting in our business forum.

Double-check if your switch supports DHCP server.

The guide you should refer to is How to build up a multi-nets network via Multi-Nets NAT feature on TP-Link router with L2+/L3 switches

 

Internet access should be set up on the router with Multi-net NAT and the feature of Static Routing. See the guide, you'll understand.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Internet access help using router/switch/EAP and Vlans
2023-11-06 07:29:40

  @Clive_A 

Thanks for the quick reply. I used that information originally when I set up the router and switch and then could not locate it again. I'll go through it again and hopefully it will solve my problems.

 

Is that available as a PDF with better quality images. I find it very difficult to see the images clearly on my small laptop screen.

 

Kim

  0  
  0  
#3
Options
Re:Internet access help using router/switch/EAP and Vlans
2023-11-06 22:09:36

Hi  @Clive_A 

 

I have gone back over my configuration and as far as I can tell I have it set up as specified. I did notice that I was having some trouble trying to add some entries. I was getting an errror telling me that the entries already existed but I could not locate them anywhere. I ended up resetting all devices back to factory setings and reconfiguring from scratch.

 

This time when I set everything up I simplified my configuration by only creating 1 of the 4 vlans. I managed to finally get everything working and had the EAP delivering the IPs and had internet access. I figured it was all good and went ahead and added the 3 other vlans. Got it all set up and was no longer getting IPs through the EAP. The only way it would work was to switch the Untagged Port that the Vlans connected to to Tagged. I was then able to obtain IPs but I was no longer getting Internet access.

 

I am now in the process of working backwards and removing the other vlans to see where/when it will start functioning again.

 

One quetion that I am not clear on.

When I set up the vlans and assign the ports in the switch Vlan1 has all ports listed. Should they be tagged or untagged. I then create the vlans for my subdomins (different IP ranges) The directions say set that port to untagged and the link port (to the router) to tagged. Eg. port 1 to the EAP is untagged and port 8 to the router is tagged. It also says to go to the Port Tab and set the PVID for the port to match the vlan. This does not make much sense to me since the vlan port (where the EAP is connected) is supplying all the vlans not just one.

Is the port configuration necessary when using the EAP?

Is it really meant for when a single host is attached?

I am assuming that when I am using a multi SSID EAP that the port it is attached to must be tagged, rather than untagged (as specified in the documentation?)

Another question is about the ports on the router.

Should the router ports all be untagged? I have 3 vlans on the Router. Vlan 10 and Vlan 20 which are connected to the WAN ports (untagged) and the 3 other ports are assigned to vlan 1 which are all untagged.

I am wondering if it is a problem with the port tagging that is blocking the internet access. Is there someting else I need to configure to allow the different IP ranges to interact with the range on the router which has interent access?

The EAP can provide the IP range that is provided by the router and this does get internet access.

  0  
  0  
#4
Options
Re:Internet access help using router/switch/EAP and Vlans
2023-11-07 07:03:16

I think I have figured out the problem. There were some issues that required me to reset the router and the switch back to factory settings but I believe that the biggest issue was the default gateway set in the IP Pool setups for the vlans.

There are some basic settings that are defined as Optional (such as the Default Gateway) I had tried leaving those blank and then added in the standards but it wasn't until I added in the Interface ip for the switch (vlan1) that I was able to get internet access.

In the instructions this is shown

But for me to get access t the internet for each of the vlans I needed to enter the Ip used for the L3 interface for vlan1

Using the Switch IP for the gateway allows the other domains access out.

 

I only have 2 of my 4 vlans set up and working now. Will add the other two and hope that this is the only issue. Keeping my fingers crossed.

  1  
  1  
#5
Options
Re:Internet access help using router/switch/EAP and Vlans-Solution
2023-11-10 22:57:28 - last edited 2023-11-14 20:55:16

Okay, after making my changes everything I connecting up appears to now be working properly.

1. The Router has 3 vlans. Port1 Wan1 (vlan10) Port2 Wan2 (vlan20) and Ports 3-5 Vlan1

2. The Router Port 5 is connected to the Switch Port 8 (both tagged)

3. The EAP is connected to Port 1 (POE) of the switch (tagged).

4. My HomeAssistant Pi is connected via ethernet to Port 5 (untagged) on the switch and belongs to the IOT vlan (PVID is set to 400 under Ports - IOT vlan)

5. My Network printer (HP Color CP2025dn) is connected via ethernet to to Port 7 (untagged) on the switch and is on vlan1 (PVID is set to 1 under Ports)

6. All my vlans can be accessed through the single EAP using different SSIDs.

7. Each of the Vlans can access the internet through the switch interface using the default gateway of that interface (10.10.0.2).

7. Internet access is possible by adding the static route that points each vlan to the interface 10.10.0.2 (ex. destination: 10.10.10.0 next hop 10.10.0.2 see Edit below)
 

Issues still to resolve:
1. Printing to network printer does not function properly.

1. Printing issue solved using Static route rather than default gateway (10.10.0.2)

One of my laptops can access the printer and Print to it from any of the vlans (wireless) but two of my new HP laptops can access the printer web server and view all its inf but are unable to print to it. The print jobs get stuck in the print queue. I can't figure out what is different other than the Toshiba has an older version of Win10 and the HPs are on newer versions of Win 10 and Win11. If I switch SSIDs on the HP laptops the print job gets sent to the printer right away.

I read in other posts about some firmware changes on the EAP that might help and also about mDNS issues but I am not sure if these apply in my case.

 

2. Download and upload speed issues - Edit: upgrading the switch to the latest firmware appears to have resolved this isssue.

The other thing I have noticed and have not been able to figure out is why my speed tests show a 5-10x increase/decrease when I switch from my admin SSID (vlan1) to any of my other SSIDs (Vlan100 - 400)
I have run the speed test a bunch of times and the difference can be more than 10x. I must have something set incorrectly to make a difference in the speed as large as that.

The first and last readings are when I have my computer connected via my Admin SSID (vlan1) The middle reading is connected to my IOT SSID (vlan400) Same computer, just switching internet connections (SSID) through the EAP.
Usually this reading is about 30-40 Mbps for downloads and about the 3-5 for uploads. The one in the pic is probably the highest one I have got so far.

Any suggestions as to where I need to look.

 

Edit 1

I have been able to fix the printing issue. Apparently the use of the default gateway provided by the DHCP pool worked to give access to the internet but causes other issues.

I put the standard Default gateway back for each of the DHCP subnets and used the Static Routing Table to do the same thing. This allows the printing to work properly as well.

So for the moment the only issue I am still having is with the download and upload speeds for the vlans other than vlan1.

 

Edit 2

I updated the firmware of my switch to the latest version. I did it one version at a time using the versions available on the TP-Link site. Thanks Jericho. Huang (TP-Link Technical Support) https://www.tp-link.com/en/support/download/tl-sg2008p/#Firmware

 

I had problems with internet access with the first two updates but the latest appears to have solved the problem.

 

Speed test of the main vlan1:

And these are the tests of eac of the 3 vlans using the dhcp address pools from the switch

 

Recommended Solution
  0  
  0  
#6
Options