Setting up multi VLAN on TL-SG2008P and 2 x EAP670

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Setting up multi VLAN on TL-SG2008P and 2 x EAP670

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Setting up multi VLAN on TL-SG2008P and 2 x EAP670
Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-02 10:11:03 - last edited 2023-07-04 03:07:48
Model: SG2008P  
Hardware Version: V3
Firmware Version: 3.0.2 Build 20220909 Rel.75248

Hi,

 

I have tried to set up a multi VLAN on our switch and the client are able to connect to the WIFI on a EAP670 but;

 

1) it´s taking 30 sec. to connect which seems very long?!

2) there is no internet

 

The wireless client do get an IP within the range and I do see the clients on the DHCP list. But there is no Internet?!

 

My end goal is something like this:

 

For testing I am using the "test" set up as shown. The goal is to - as shown - use one port to split into multiple APs with the same IP-range to cover a larger area. The Tx-Rx set up is a fiberoptic transceiver to cover a longer distance.

 

My set up looks like this:

VLAN Config:

 

 

Tagged ports:

Port 1 : LAN cabel from FW; 192.168.1.41

Port 8 : LAN cabel to AP EAP670

 

 

VLAN: Port Config

 

I tried changing the PVID to correspond the VLAN id but that  had no effect.

 

IPv4 routing table:

 

Interface;

 

DHCP pool:

 

Client settings:

 

 

 

One the AP side it looks like this:

 

Wireless:

 

 

VLAN

 

 

 

So first off all I would like to get an Internet connection and second question is:

 

Can an unmanaged switch handle to split of different VLANs on the end side to have multiple APs as shown on the first image?

 

I have worked with a lot of different products but have moved to TP-link as I like the approachable and easy set up.

 

Thanks and much appreciated :-)

 

/Thomas

  0      
  0      
#1
Options
2 Accepted Solutions
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670-Solution
2023-07-03 15:01:12 - last edited 2023-07-04 03:07:48

Hi  @Clive_A 

 

It seems that TL-ER7206 and TL-R605 support multi-nets NAT and it's on by default ?!

A user wrote: no need to add Multi-nets NAT entries on the router anymore.

 

So I added Static Routing on the FW and presto.. it´s working:

 

 

 

So for my next question;

 

Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?

 

As shown in the first image.

 

Best regards

Thomas

Recommended Solution
  0  
  0  
#5
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670-Solution
2023-07-05 01:23:30 - last edited 2023-07-06 22:09:12

Hi @stringfarm 

stringfarm wrote

Hi  @Clive_A 

 

Ok. Thank you for your answer.

 

Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)

 

 If you need to extend the network further, add another switch to develop the VLAN further. Yes, you should get one that supports VLAN.

i.e. Uplink---Unmanaged switch---Switch(this should be one that supports VLAN at least)

 

Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)

 

As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.

 

I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.

 

But what is best practice? Option 1 or 2?

 

If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)

 

To answer your questions:

1. Have to set up VLAN ID to make any VLAN works. Unless you are talking about unmanaged switch connecting to SG2008P and only used for adding more ports for your EAP. In this way, you don't need to config anything. Only VLAN supported device can be used on this unmanaged switch.

2. You don't have to set up the routing twice. Just on the first one(which is usually called the core switch). The rest of them just need VLAN configured.

 

 

If you are interested in developing your network further into a huge one, you should consider a pyramid setup.

Core layer > Distribution layer > Access layer. To explain this further, you deploy L3 switch(core layer), L2+ or L2 as the distribution layer, and unmanaged switches as access layer.

 

The best practice would be Router only to take care of NAT. No involved in routing too much. Switch takes care of routing and physical connections.

Since your router is Omada one, you can probably think of setting up your network by this guide: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#10
Options
10 Reply
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-03 03:41:39 - last edited 2023-07-03 03:41:52

Hi @stringfarm 

This would be a lot easier if you can provide the model number of your router. Seeing it's a TP-LINK one. Right?

To set it up correctly, you may find the links below helpful :

If you are using an older model, non-Omada routers: How to build up a multi-nets network via Multi-Nets NAT feature on TP-Link router with L2+/L3 switches

If you are using a non-TP-LINK router, you have to make sure it supports the VLAN interface or two functions VLAN + multi-nets NAT. If that does not, then you cannot use it for multi-nets purposes because your router fails to NAT multiple networks. Consider an upgrade to one that supports.

If you are using Omada routers, you can follow: controller mode: How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller

Standalone mode: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-03 07:11:55 - last edited 2023-07-03 07:15:12

  Hi @Clive_A 

 

Thank you for your quick reply.

 

The router/FW is a TP-link: ER605

 

 

The switch is a TP-link: TL-SG2008P

 

The APs ere TP-link: EAP670

 

:-)

 

Thanks!

 

BR

Thomas

  0  
  0  
#3
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-03 07:56:19

Hi  @Clive_A 

 

I also have a TP-link ER7206 router available if the ER605 does not support this.

 

Thanks!

 

BR

Thomas

 

 

  0  
  0  
#4
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670-Solution
2023-07-03 15:01:12 - last edited 2023-07-04 03:07:48

Hi  @Clive_A 

 

It seems that TL-ER7206 and TL-R605 support multi-nets NAT and it's on by default ?!

A user wrote: no need to add Multi-nets NAT entries on the router anymore.

 

So I added Static Routing on the FW and presto.. it´s working:

 

 

 

So for my next question;

 

Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?

 

As shown in the first image.

 

Best regards

Thomas

Recommended Solution
  0  
  0  
#5
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-03 16:03:38

  @stringfarm 

 

"Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?"

 

Most likely not, but try it. I had an unmanaged switch ones that did not remove VLAN tags. Still, I would recommend using a managed switch. Managed switches have this advantage that you can check how they perform and control traffic going through them.

Kris K
  0  
  0  
#6
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-04 01:08:58 - last edited 2023-07-04 01:10:58

  @stringfarm 

To your first question, yes. The Omada routers now support multi-nets NAT function by default. There is no need to configure it anymore.

 

So for my next question;

 

Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?

 

As shown in the first image.

 

Best regards

Thomas

 

If you are going to add an unmanaged switch, the uplink port of this switch has to be either untagged for all computers that are going to connect to it, in addition, you can only have one PVID for the rest of the ports. (i.e. if I set it to VLAN 10, then PVID is 10. All computers connected to this switch will get an IP from VLAN 10)

Or tagged for all APs or tagged supported devices.  (i.e. you can have VLAN 10 and VLAN 20, or more added to this switch. Then set the VLAN for each individual device on this switch. AP is using SSID VLAN 10, then AP gets VLAN 10. If 20, AP gets 20.)

 

Straight answer is yes.

Set the port on SG2008 with VLAN 10 and VLAN 20, tagged, then you connect two APs to it. This switch can only supply tagged networks from the moment you set it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-04 22:37:46
Thank you for your answer :-)
  0  
  0  
#8
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-04 23:12:23

Hi  @Clive_A 

 

Ok. Thank you for your answer.

 

Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)

 

As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.

 

I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.

 

But what is best practice? Option 1 or 2?

 

If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)

 

Once again; thank you for you input. I have learned a lot :-)

 

BR

Thomas

 

 

 

 

  0  
  0  
#9
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670-Solution
2023-07-05 01:23:30 - last edited 2023-07-06 22:09:12

Hi @stringfarm 

stringfarm wrote

Hi  @Clive_A 

 

Ok. Thank you for your answer.

 

Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)

 

 If you need to extend the network further, add another switch to develop the VLAN further. Yes, you should get one that supports VLAN.

i.e. Uplink---Unmanaged switch---Switch(this should be one that supports VLAN at least)

 

Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)

 

As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.

 

I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.

 

But what is best practice? Option 1 or 2?

 

If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)

 

To answer your questions:

1. Have to set up VLAN ID to make any VLAN works. Unless you are talking about unmanaged switch connecting to SG2008P and only used for adding more ports for your EAP. In this way, you don't need to config anything. Only VLAN supported device can be used on this unmanaged switch.

2. You don't have to set up the routing twice. Just on the first one(which is usually called the core switch). The rest of them just need VLAN configured.

 

 

If you are interested in developing your network further into a huge one, you should consider a pyramid setup.

Core layer > Distribution layer > Access layer. To explain this further, you deploy L3 switch(core layer), L2+ or L2 as the distribution layer, and unmanaged switches as access layer.

 

The best practice would be Router only to take care of NAT. No involved in routing too much. Switch takes care of routing and physical connections.

Since your router is Omada one, you can probably think of setting up your network by this guide: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#10
Options
Re:Setting up multi VLAN on TL-SG2008P and 2 x EAP670
2023-07-06 22:09:35

  @stringfarm 

 

Thank you for your help :-)

  1  
  1  
#11
Options

Information

Helpful: 0

Views: 2241

Replies: 10

Related Articles