Business Community > All Threads > TL-SG2008 902.1q vlan untagging and tagging ports
< All Threads

TL-SG2008 902.1q vlan untagging and tagging ports

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TL-SG2008 902.1q vlan untagging and tagging ports

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-SG2008 902.1q vlan untagging and tagging ports
TL-SG2008 902.1q vlan untagging and tagging ports
2022-10-20 09:26:36 - last edited 2024-09-08 09:05:52
Tags: #VLAN & Multi-Networks #Switch ACL
Model: TL-SG2008  
Hardware Version: V4
Firmware Version: 4.0.2 Build 20211105 Rel.57589

Hello, as a newbie to switches, I need a little help for my simple network.

 

I have created two examples in the images below and I would like to ask the following:
Assuming that my router is connected to port 1 of the switch, and a few pc's are connected to ports 5 through 8, which of the images correctly allows the pc's to access the internet?

 

 

MSI Z97 GAMING 5 (MS-7917 SOCKET 0), Intel Core i5 4690, 16.0GB DDR3 MSI NVIDIA GeForce GTX 970, Samsung SSD 980 m.2, Samsung SSD 860 EVO Windows 7, 10, Linux Debian 12, TP-Link TL-SG2008, Fiber 100
  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:TL-SG2008 902.1q vlan untagging and tagging ports-Solution
2022-10-23 09:24:31 - last edited 2024-09-08 09:05:52

  @xmanhattan The IP addresses of a VLAN are applied by the router DHCP.  The switch breaks out the VLANs to the specific ports, or combines them for trunking to a router or other switch.

 

For instance if you make a network that the DHCP address space is 192.168.1.2 to 192.168.1.100 that we'll call VLAN 100.  Then the next network can be 192.168.1.101 to 192.168.1.150 that we call 200.  The VLANs shouldn't overlap in the IP addresses assigned unless the VLAN is fully isolated, so a VLAN 300 that is 192.168.1.1 to 192.168.1.200 could interfere with both 100 and 200.

 

So for the info you provided.  Cameras and the NVR looks to be ports 2,3, and 4, so those all should be on the same VLAN with untagged ports under that VLAN.  The camera VLAN would then be tagged on port 1 to the router for inter-VLAN routing and ACLs.  TV VLAN would be untagged on port 5 and tagged on port 1 like you have.  And then PC VLAN would be untagged on 6, 7, and 8, and then port 1 would be tagged or untagged if the PC VLAN is the base default LAN for the router.

 

VLANs are just like your physical LAN, just sharing the cables.  Each VLAN needs a DHCP and if connecting to other internal or external networks it needs a gateway.

Recommended Solution
  0  
  0  
#4
Options
4 Reply
Re:TL-SG2008 902.1q vlan untagging and tagging ports
2022-10-21 07:21:42

  @xmanhattan 

 

The port on which the switch connects to the router is recommended to be set to Tagged, and the port on which it connects to the PC is set to Untagged, as the PC cannot handle Tagged data.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:TL-SG2008 902.1q vlan untagging and tagging ports
2022-10-21 13:41:45

  @Virgo 

Hello Virgo,

 

Here is my attempt at creating the logic for the switch configuration based on your answer.

Are these settings correct?

 

1st group - VLAN #100 - port 1
allow access to router for
192.168.1.1                            Tagged
192.168.1.xxx - port 6, 7, 8        UnTagged
192.168.1.100 - port 5                UnTagged
192.168.1.201 - port 4                UnTagged

 

2nd group - VLAN #200 - port 2 & 3
allow two ip cameras to send video to DSM
192.168.1.20                        Tagged
192.168.1.21                        Tagged
    192.168.1.201                    UnTagged

 

3rd group - VLAN #300 - port 4
allow access to cameras by pc's
192.168.1.xxx                        Tagged
    192.168.1.20                    UnTagged
    192.168.1.21                    UnTagged

 

4th group - VLAN #400 - port 5
allow TV access to router
192.168.1.1                            Tagged
    192.168.1.100 - port 5            UnTagged

 

5th group - VLAN #500 - port 6, 7, 8
192.168.1.1                            Tagged
    192.168.1.xxx - port 6            UnTagged
    192.168.1.xxx - port 7            UnTagged
    192.168.1.xxx - port 8            UnTagged

 

I assume that untaged devices will be allowed access or denied.  I am not sure if I can write it that way.

 

If the TV uses a dynamic ip address, would that mean that I can eliminate the 4th group?

 

Thank you for your help.

 

MSI Z97 GAMING 5 (MS-7917 SOCKET 0), Intel Core i5 4690, 16.0GB DDR3 MSI NVIDIA GeForce GTX 970, Samsung SSD 980 m.2, Samsung SSD 860 EVO Windows 7, 10, Linux Debian 12, TP-Link TL-SG2008, Fiber 100
  0  
  0  
#3
Options
Re:TL-SG2008 902.1q vlan untagging and tagging ports-Solution
2022-10-23 09:24:31 - last edited 2024-09-08 09:05:52

  @xmanhattan The IP addresses of a VLAN are applied by the router DHCP.  The switch breaks out the VLANs to the specific ports, or combines them for trunking to a router or other switch.

 

For instance if you make a network that the DHCP address space is 192.168.1.2 to 192.168.1.100 that we'll call VLAN 100.  Then the next network can be 192.168.1.101 to 192.168.1.150 that we call 200.  The VLANs shouldn't overlap in the IP addresses assigned unless the VLAN is fully isolated, so a VLAN 300 that is 192.168.1.1 to 192.168.1.200 could interfere with both 100 and 200.

 

So for the info you provided.  Cameras and the NVR looks to be ports 2,3, and 4, so those all should be on the same VLAN with untagged ports under that VLAN.  The camera VLAN would then be tagged on port 1 to the router for inter-VLAN routing and ACLs.  TV VLAN would be untagged on port 5 and tagged on port 1 like you have.  And then PC VLAN would be untagged on 6, 7, and 8, and then port 1 would be tagged or untagged if the PC VLAN is the base default LAN for the router.

 

VLANs are just like your physical LAN, just sharing the cables.  Each VLAN needs a DHCP and if connecting to other internal or external networks it needs a gateway.

Recommended Solution
  0  
  0  
#4
Options
Re:TL-SG2008 902.1q vlan untagging and tagging ports
2022-10-23 12:35:20

  @JoeSea 

Hello JoeSea and thanks for your assistance.

I believe that I have set the vlans correctly.  I assume that vlan 1, the default stays the way it is.  I should have named it Switch-VLAN.

 

I setup Vlan-100 for the router as it is connected to port 1.

 

I have setup the others using the same logic.  So far everything appears to work.

Thank you.

 

 

MSI Z97 GAMING 5 (MS-7917 SOCKET 0), Intel Core i5 4690, 16.0GB DDR3 MSI NVIDIA GeForce GTX 970, Samsung SSD 980 m.2, Samsung SSD 860 EVO Windows 7, 10, Linux Debian 12, TP-Link TL-SG2008, Fiber 100
  1  
  1  
#5
Options

Information

Helpful: 0

Views: 1127

Replies: 4

Tags

VLAN & Multi-Networks Switch ACL
Related Articles
Swicht TL-SG2008
232 0
Vlan tagging and VRRP
367 0
Port mirroring on TL-SG2008 switches
1380 0
Vlan Setup- Switch Fails to Assign IPs after ACL Binding
529 1
DHCP Reservations not working on TL-SG2008 v4.0
641 0
Setting up VLAN tagging on ports
15115 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.