@Ethan-TP 

 

Hi TP-Link / Ethan. 

Many thanks for the prompt response, 

 

To answer your questions, 

 

1. When you mentioned that the management interface "becomes unavailable after 4-5 minutes," does this mean that after staying on the web UI for 4-5 minutes, it times out and you can no longer access it again

- Yes - correct, on the web interface and it randomly becomes unavailable, refreshing the page, or closing the browser does not fix it. I then tested with a constant PING, from the laptop (from the other vlan) accessing the web UI, recording the times it takes to drop out. approx 4-5mins on average.

 

2. Also, are these two VLANs configured on the firewall (pfSense) or only on the switch?

- Apologies, I should have been clearer. Multiple VLANs, I'll explain a simplified setup below that can replicate the issue. (i'm using two TL-SG1428PE switches)

- Switch 1 TL-SG1428PE

2 VLANs 10, 11, trunked to port 25.

The switch has a static IP address assigned in VLAN10, gateway set to VLAN10 gateway address (firewall)

PVID set for devices connected ports to appropriate vlans (set as untagged in config)

Port 25 configured as Tagged, and members of VLANs 10 & 11

- Switch 2 TL-SG1428PE

2 VLANs 20,21, trunked to port 25. 

The switch has a static IP address assigned in VLAN20, gateway set to VLAN20 gateway address (firewall)

PVID set for devices connected ports to appropriate vlans (set as untagged in config)

Port 25 configured as Tagged, and members of VLANs 21 & 21

- Firewall

Physical Port 1 connected to Switch 1 port 25 - VLAN 10, and 11 are configured as sub interfaces from Switch 1 TL-SG1428PE uplink (port 25)

Physical Port 2 connected to Switch 2 port 25 - VLAN 20, and 21 are configured as sub interfaces from Switch 2 TL-SG1428PE uplink (port 25)

Firewall rules for a laptop in vlan 20, (same as switch2), to allow the laptop to access VLAN 10 and 11. (full access)

Each sub interface / vlan has a DHCP server, 1 - 99 reserved for static, 100 - 254 for DHCP Pool

VLAN10 = 172.24.10.1/24

VLAN11 = 172.24.11.1/24

VLAN20 = 172.24.20.1/24

VLAN21 = 172.24.21.1/24

 

Notes and observations

1. DHCP, static devices all work, no issues with any traffic from devices, or access to any devices. All devices were set to static for the test anyway.

2. Laptop can access Switch 2 web interface without issue, for as long as needed, without any timeouts / loss of UI. Note the laptop is connected to the same VLAN directly at the L2 switch

3. The laptop can intermittently connect to Switch 1, lasting about 4 - 5 min on average. The longest session i got was 6 mins.

4. To restore the UI, I have to ping internally from the firewall to the UI IP address. This restores the UI.

 

 

3. Additionally, do devices on different VLANs obtain IP addresses from the same subnet or different subnets?

VLAN DHCP server(s) are avaliable each VLAN from the firewall. All devices are statically assigned with an IP within that subnet / vlan. So to answer your question, it's different subnets. Listed above for each vlan, devices in the corresponding vlan have an ip in the matching subnet. 

 

Please refer to rough image below. It should be possible to replicate this with one switch and one L3 device, just place the laptop in a different VLAN to the switch IP, and have the L3 device route the traffic back down the trunk port. 

 

Please let me know if there's any additional diagnostic information, tests etc that i can assist with. 

 

This seems to be an issue for anyone trying to manage their switches remotely, which the previous post also alluded to. We should be able to manage the switch without being physically connected to the switch.