Home

Forums

Stories

Knowledge Base

Business Community > SOHO Switches > Port based VLAN in TL-SG108E

< SOHO Switches

Port based VLAN in TL-SG108E

BARV

2025-05-03 09:49:51 - last edited 2025-05-06 02:18:22

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-05-03

Port based VLAN in TL-SG108E

2025-05-03 09:49:51 - last edited 2025-05-06 02:18:22

Tags: #Configuration #VLAN & Multi-Networks #Network Connectivity

Model: TL-SG108E

Hardware Version: V6

Firmware Version: 1.0.0 Build 20230218

Hello Community,

I have a LAN setup with CCTV cameras and Dahua NVR, which unfortunately doesn't support 802.1Q VLAN tagging. The goal is to isolate CCTV VLAN from main VLAN at the same time making NVR accessible in both, because it has to be reachable from WAN and also be able to discover the cameras in other VLAN. Hence, the solution might be to apply port-based VLAN. My idea is to have the same subnet, say 192.168.0.0/24 and:

Port	VLAN	Purpose
1	1	Main LAN
2	1,2	NVR
3-8	2	Cameras

A very simple trick to forbidden cameras accessing main LAN/Internet. But I realized that in contrast from similar easy-smart switch Netgear GS108E, in TP-Link it is not possible to assign a port (Port 2 in my case) to several port-based VLANs.

Do you know if it is planned in future FWs or what could be a solution in case of my scenario?

Thanks in advance for any valuable tips!

1 Accepted Solution

Clive_A

2025-05-06 02:16:58 - last edited 2025-05-06 02:18:22

Posts: 8362

Helpful: 4317

Solutions: 2194

Stories: 0

Registered: 2023-06-09

Re:Port based VLAN in TL-SG108E-Solution

2025-05-06 02:16:58 - last edited 2025-05-06 02:18:22

Hi @BARV

Thanks for posting in our business forum.

You want unidirectional VLAN isolation?

This is not possible with this switch.
Even if you want this, you need a router that can do a VLAN interface and stateful ACL. Not a switch or layer 3 switch.

If you insist on a switch doing this, that'll be the ACL scheme. Not VLAN.

Once the isolation is created by 802.1Q VLAN, it is full isolation without a rule to allow A to access B, B not to A.

Common Questions About 802.1Q VLAN

Recommended Solution

1 Reply

Clive_A

2025-05-06 02:16:58 - last edited 2025-05-06 02:18:22

Posts: 8362

Helpful: 4317

Solutions: 2194

Stories: 0

Registered: 2023-06-09

Re:Port based VLAN in TL-SG108E-Solution

2025-05-06 02:16:58 - last edited 2025-05-06 02:18:22

Hi @BARV

Thanks for posting in our business forum.

You want unidirectional VLAN isolation?

This is not possible with this switch.
Even if you want this, you need a router that can do a VLAN interface and stateful ACL. Not a switch or layer 3 switch.

If you insist on a switch doing this, that'll be the ACL scheme. Not VLAN.

Once the isolation is created by 802.1Q VLAN, it is full isolation without a rule to allow A to access B, B not to A.

Common Questions About 802.1Q VLAN

Port based VLAN in TL-SG108E

Port based VLAN in TL-SG108E

Information

Voters 0

Tags