Home

Forums

Stories

Knowledge Base

Business Community > Switches > Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router

< Switches

Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router

stingelf

2 weeks ago - last edited a week ago

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-07-19

Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router

2 weeks ago - last edited a week ago

Model: TL-SG1218MPE

Hardware Version: V5

Firmware Version: 1.0.0 Build 20221012 Rel.42630

Hello,

I would like to segment and isolate my home network, by making the main house and the basement suite "physically" unavailable to each other. I have ethernet ports in every room in the house, including the basement suite rooms. All the ports are connected to my SG1218MPE switch.

To state my goal clearly:

The switch ports are interfaced like so:
- Port 17 to the gateway/router
- Port 15 to the main room in the suite
- Ports 2-14,16,18 to the house (though only a few of them are actually connected)
All devices should be able to communicate to the gateway, of course
The devices from the house ports and the suite ports should not be able to communicate with each other at the ethernet layer.
This seems like a perfect job for VLANs.

A lot of the tplink online material is for setups that use the Omada controller, which I don't have.

But, basically, it seems like I should create 3 VLANs. One that has all ports as untagged ports, one that has the ports from the house, and one that has the ports (there is actually a single one) from the suite. In my case, port 17 leads to the gateway, port 15 is the connected port from the suite, and the rest are the house ports:

I know this is not enough.

With the setup as it is, devices on any port are able to communicate with devices from any other port. Which I think makes sense, because VLAN 1 covers all the ports.

I don't understand why the instructions I followed so far (which I can't find anymore, it was weeks ago!) had me add every port to VLAN 1. My basic understanding tells me each port needs to be able to communicate directly to the gateway (my ER7206 router is connected to port 17), and that's the role of VLAN 1. But the way it's configured, VLAN 1 allows every port in the house to communicate to each other.

Also, does my ER7206 router need to participate in this setup? On the switch, do I need to create one subnet for VLAN 2, and one for VLAN 3? Do I need to remove the subnet for VLAN 1? At the moment I only have the following:

There are obviously gaps in my understanding of what I need to do. Any pointers appreciated, and we can iterate from there.

1 Accepted Solution

Clive_A

a week ago - last edited a week ago

Posts: 4921

Helpful: 2262

Solutions: 1084

Stories: 0

Registered: 2023-06-09

Re:Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router-Solution

a week ago - last edited a week ago

Hi @stingelf

Thanks for posting in our business forum.

7206 should be involved in the configuration.

See the config guide: How to Set Up VLAN Interface on the Omada Router

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

Information

Helpful: 0

Replies: 1

Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router

Segmenting network using VLANs on TL-SG1218MPE switch and ER7206 router

Information

Voters 0

Tags