Business Community > SOHO Switches > VLAN isolation issue on TL-SG1024DE
< SOHO Switches

VLAN isolation issue on TL-SG1024DE

VLAN isolation issue on TL-SG1024DE

VLAN isolation issue on TL-SG1024DE
VLAN isolation issue on TL-SG1024DE
2025-07-01 16:13:16
Tags: #VLAN & Multi-Networks #Firmware Update
Model: TL-SG1024DE  
Hardware Version: V4
Firmware Version: 1.0.0 Build 20230219 Rel.71334

I'm experiencing a critical issue with VLAN isolation on my TL-SG1024DE.

 

Problematic Setup:

  • TL-SG1024DE: Configured with Port-Based VLAN 10 (Ports 1-18, untagged) and VLAN 20 (Ports 19-24, untagged)

  • MikroTik hEX S: Functions as a transparent Layer 2 bridge (hw=off on all ports). ether1 connects to a VLAN 10 port (e.g., Port 18) on the TL-SG1024DE, and ether2 connects to a VLAN 20 port (e.g., Port 24) on the TL-SG1024DE

  • Symptom: My network experiences extreme lag, packet loss, and timeouts, becoming almost unusable

 

Key Evidence (MAC Flapping): MikroTik sees "MAC Flapping" for devices residing solely in VLAN 10 (e.g., FritzBox MAC 3C:A6:2F:03:E9:0A). This MAC repeatedly appears on both ether1 (VLAN 10 uplink) and ether2 (VLAN 20 uplink) within the MikroTik bridge.

 

Crucial Observation: This problem occurs immediately when ether2 (VLAN 20 uplink) is connected to the TL-SG1024DE, even with no other devices attached to VLAN 20. Disconnecting ether2 instantly stabilizes the network.

 

Working Setup (Comparison): When I replace the TL-SG1024DE's VLAN function by using two separate physical switches (one for the VLAN 10 segment, one for VLAN 20 segment), the network is 100% stable with no issues or MAC flapping, using the identical MikroTik configuration.

 

Conclusion: This indicates that the TL-SG1024DE fails to properly isolate Layer 2 traffic between its configured Port-Based VLANs (VLAN 10 and VLAN 20). Traffic leaks between them, creating an uncontrolled loop via the MikroTik bridge.

 

Has anyone else experienced this, or are there known firmware fixes for this VLAN isolation defect?

  0      
 
  0      
 
#1
Options
1 Reply
Re:VLAN isolation issue on TL-SG1024DE
2025-07-02 12:21:27

After extensive trial and error, I've discovered a surprisingly specific, non-standard configuration that makes 802.1Q VLANs work reliably.

 

My Working Configuration (PVID Anomaly):

 

My current, fully stable setup involves:

  • 802.1Q VLANs (instead of port-based VLANs): Ports 1-18 are (still) untagged members of VLAN 10; Ports 19-24 are (still) untagged members of VLAN 20.

  • CRUCIAL POINT: The PVID for ALL ports (1-24) on the TL-SG1024DE remains set to its default value of 1.

 

This setup provides perfect Layer 2 isolation and stable network operation.

 

The "Breaking Test" - PVID Change:

In a standard 802.1Q setup, PVIDs should match the untagged VLAN ID. However, when I attempted to change the PVID for Ports 19-24 from 1 to 20 (to match VLAN 20), connectivity was immediately lost (stable timeouts). Reverting the PVID back to 1 instantly restored full functionality.

 

My Hypothesis:

This directly contradicts standard 802.1Q behavior. It appears that on the TL-SG1024DE, the "untagged member" assignment in the 802.1Q VLAN configuration is the dominant rule for ingress traffic. Changing the PVID from its default (1) then causes an internal conflict or bug, breaking the VLAN functionality.

 

Request for Confirmation:

Could the TP-Link support team please confirm if this observed PVID behavior (requiring PVID to be left at 1 for untagged 802.1Q ports to function, despite standard practice) is:

  • An intentional design for the "Easy Smart" series?

  • A known limitation or bug in the firmware?

 

Your clarification would be highly appreciated.

  0  
  0  
#2
Options

Information

Helpful: 0

Views: 243

Replies: 1

Tags

VLAN & Multi-Networks Firmware Update
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.