jeryroman wrote

By configuring VLAN 101 and VLAN 102 according to Figure1 and Figure2 and having connected Internet from Router TP-LINK TL-WR2543ND direct to Port 1 of the Switch, I can still ping a PC from VLAN 101 to another VLAN 102 PC and vice versa. Is there anything wrong with configuring this communication between VLANs?

Yes. Port 1 is a member of all VLANs (1, 101 and 102). Therefore ingress untagged packets will be tagged with the PVID of the corresponding ports, then being forwarded to member ports (including port 1). Before forwarding to the TL-WR2534 the tag will be removed b/c it's an untagged port. The router then will route it to the destination and forward the packet back to port 1 where it now will be tagged with PVID 1 and so its reaches it destination even if it is in another VLAN.

To isolate the VLANs you have to output tagged packets to your router and to route them into two independent, separated subnetworks. You can't share an untagged connection (port 1 to a router) with both VLANs 101 and 102 in a single network.

jeryroman wrote

I need to share the Internet from the Router TL-WR2543ND (which has the DHCP server activated) for VLAN 101 and VLAN 102 (which should not be seen) without using other routers.

Not possible. With your setup you not only share Internet access, but also the common subnet the devices in both VLANs are members of.

I saw in other posts that it is possible to do this with 1 router and 1 manageable switch using the configuration that I posted.

Which manageable switch? There are a lot of different devices out there. If the manageable switch is a Layer 3 switch, then yes, it could handle different VLANs, different broadcast domains, access control and even DHCP and routing services between different VLANs/subnets.

But the TL-SG108E does not offer such features. It is a smart switch, not a manageable switch. To do such fancy things like separating devices into different VLANs for access control/separation, you will need a router (or a manageable L3 switch with routing functionality) in order to create own subnets for different VLANs. It does not make much sense to separate the same subnet into VLANs. VLANs are used primarily to combine two logical, but independent subnets on one physical cable, not to replace access control lists (ACLs).

See this post if you want to implement VLANs with a SOHO router such as the TL-WR2543ND. But you will have to install OpenWRT on it (if possible at all; I didn't check availability of OpenWRT on this particular device):

http://forum.tp-link.com/showthread.php?94159-Status-LEDs-on-active-ports-always-flashing-synchronously-SOLVED&p=194548&viewfull=1#post194548