[Note to admin - the "model" selection under 'new thread' won't accept TL-SG608E so I've selected TL-SG108E instead. Database needs updating]

 

TL;DR: Switch picks management VLAN completely at random

 

I have a new TL-SG608E which I've installed in my loft to distribute wired Ethernet around my house. It replaces a Netgear GS105PE which worked great but I need the extra ports.

 

My network makes use of VLANs to separate trusted devices (subnet 3), printers (4), untrusted devices (5) and wireless devices (6). All my switches themselves (ie. management interfaces) are on subnet 1 and they use the default VLAN id 1.

 

Two of the ports on the TL-SG608E connect directly to 'untrusted' (subnet 5) devices. All other ports connect to other managed switches, they're members of all VLANs and have tags enabled. This is the exact same configuration as the Netgear switch that it replaces, and that all works fine.

 

Every device on my network is configured to use DHCP. My router is the DHCP server, and of course it allocates IP addresses in different subnets to each of the VLANs. Every device I recognise has a reserved address (ie. bound to its MAC address) in the proper subnet.

 

I noticed after installing the TL-SG608E that I couldn't access its management interface, even though it seemed to be working OK otherwise.

 

It turned out that it had been allocated an IP address on subnet #6, which I reserve for wireless access points and the devices connected to them. Cue much head scratching and unplugging of all my wireless access points. (Deco XE75 Pro likes to form loops and other unexpected connections when it loses wired connectivity, but that's another story entirely).

 

I then tried disabling ports on the TL-SG608E, leaving just the two 'untrusted' ports on VLAN 5 and the uplink port that goes to my router (via a TP-link TL-SG1024DE which seems otherwise fine, though I'm starting to have doubts about it too since they seem to share the same firmware).

 

With only these 3 ports left enabled, I rebooted the TL-SG608E. Now it has an IP address on subnet #5. This subnet happens to be intentionally isolated from other subnets and is only visible from other ports that use the same VLAN ID, so I had to physically plug my laptop into a suitable port on another switch just to gain access once more.

 

I then disabled the remaining two ports on the TL-SG608E besides the uplink, and rebooted again. Success! Now it's on VLAN 1 and it has the correct IP address - but, of course, it's useless because all its other ports are disabled.

 

I enabled them all again and rebooted. Now it's on subnet #3 and I'm losing the will to live.

 

It appears as though it's picking a VLAN id completely at random from amongst the IDs that are used by enabled ports, and is using that when it issues DHCP requests. The DHCP server does exactly as it should, assigning an address based on the subnet from which the request appears to come. If that happens to be the correct subnet, it gets the reserved address, otherwise it gets one from a dynamic pool.

 

All my Netgear switches default to using VLAN id 1 (or possibly just untagged frames) for their management interfaces. I expected the TP-link to do the same, not just to pick a tag at random.

 

Better yet, perhaps there's a setting to configure which VLAN should be used for the management interface somewhere?

 

I've worked around the problem by setting a static IP on the TL-SG608E, and not using DHCP at all. It seems to work, but it breaks the methodology of using reserved DHCP addresses to map my network centrally.

 

What's the rule here? How does it pick a VLAN for its management interface, and what do I do if it's not the correct one?