Setting up multi VLAN on TL-SG2008P and 2 x EAP670
Hi,
I have tried to set up a multi VLAN on our switch and the client are able to connect to the WIFI on a EAP670 but;
1) it´s taking 30 sec. to connect which seems very long?!
2) there is no internet
The wireless client do get an IP within the range and I do see the clients on the DHCP list. But there is no Internet?!
My end goal is something like this:
For testing I am using the "test" set up as shown. The goal is to - as shown - use one port to split into multiple APs with the same IP-range to cover a larger area. The Tx-Rx set up is a fiberoptic transceiver to cover a longer distance.
My set up looks like this:
VLAN Config:
Tagged ports:
Port 1 : LAN cabel from FW; 192.168.1.41
Port 8 : LAN cabel to AP EAP670
VLAN: Port Config
I tried changing the PVID to correspond the VLAN id but that had no effect.
IPv4 routing table:
Interface;
DHCP pool:
Client settings:
One the AP side it looks like this:
Wireless:
VLAN
So first off all I would like to get an Internet connection and second question is:
Can an unmanaged switch handle to split of different VLANs on the end side to have multiple APs as shown on the first image?
I have worked with a lot of different products but have moved to TP-link as I like the approachable and easy set up.
Thanks and much appreciated :-)
/Thomas
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Clive_A
It seems that TL-ER7206 and TL-R605 support multi-nets NAT and it's on by default ?!
A user wrote: no need to add Multi-nets NAT entries on the router anymore.
So I added Static Routing on the FW and presto.. it´s working:
So for my next question;
Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?
As shown in the first image.
Best regards
Thomas
- Copy Link
- Report Inappropriate Content
Hi @stringfarm
stringfarm wrote
Hi @Clive_A
Ok. Thank you for your answer.
Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)
If you need to extend the network further, add another switch to develop the VLAN further. Yes, you should get one that supports VLAN.
i.e. Uplink---Unmanaged switch---Switch(this should be one that supports VLAN at least)
Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)
As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.
I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.
But what is best practice? Option 1 or 2?
If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)
To answer your questions:
1. Have to set up VLAN ID to make any VLAN works. Unless you are talking about unmanaged switch connecting to SG2008P and only used for adding more ports for your EAP. In this way, you don't need to config anything. Only VLAN supported device can be used on this unmanaged switch.
2. You don't have to set up the routing twice. Just on the first one(which is usually called the core switch). The rest of them just need VLAN configured.
If you are interested in developing your network further into a huge one, you should consider a pyramid setup.
Core layer > Distribution layer > Access layer. To explain this further, you deploy L3 switch(core layer), L2+ or L2 as the distribution layer, and unmanaged switches as access layer.
The best practice would be Router only to take care of NAT. No involved in routing too much. Switch takes care of routing and physical connections.
Since your router is Omada one, you can probably think of setting up your network by this guide: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode
- Copy Link
- Report Inappropriate Content
Hi @stringfarm
This would be a lot easier if you can provide the model number of your router. Seeing it's a TP-LINK one. Right?
To set it up correctly, you may find the links below helpful :
If you are using an older model, non-Omada routers: How to build up a multi-nets network via Multi-Nets NAT feature on TP-Link router with L2+/L3 switches
If you are using a non-TP-LINK router, you have to make sure it supports the VLAN interface or two functions VLAN + multi-nets NAT. If that does not, then you cannot use it for multi-nets purposes because your router fails to NAT multiple networks. Consider an upgrade to one that supports.
If you are using Omada routers, you can follow: controller mode: How to configure Multi-Networks & Multi-SSIDs on Omada SDN Controller
Standalone mode: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode
- Copy Link
- Report Inappropriate Content
Thank you for your quick reply.
The router/FW is a TP-link: ER605
The switch is a TP-link: TL-SG2008P
The APs ere TP-link: EAP670
:-)
Thanks!
BR
Thomas
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
I also have a TP-link ER7206 router available if the ER605 does not support this.
Thanks!
BR
Thomas
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
It seems that TL-ER7206 and TL-R605 support multi-nets NAT and it's on by default ?!
A user wrote: no need to add Multi-nets NAT entries on the router anymore.
So I added Static Routing on the FW and presto.. it´s working:
So for my next question;
Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?
As shown in the first image.
Best regards
Thomas
- Copy Link
- Report Inappropriate Content
"Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?"
Most likely not, but try it. I had an unmanaged switch ones that did not remove VLAN tags. Still, I would recommend using a managed switch. Managed switches have this advantage that you can check how they perform and control traffic going through them.
- Copy Link
- Report Inappropriate Content
To your first question, yes. The Omada routers now support multi-nets NAT function by default. There is no need to configure it anymore.
So for my next question;
Will I work by adding an unmanaged switch at the end which has two APs with same two VLAN no. Office (VLAN10) and guest (VLAN20)?
As shown in the first image.
Best regards
Thomas
If you are going to add an unmanaged switch, the uplink port of this switch has to be either untagged for all computers that are going to connect to it, in addition, you can only have one PVID for the rest of the ports. (i.e. if I set it to VLAN 10, then PVID is 10. All computers connected to this switch will get an IP from VLAN 10)
Or tagged for all APs or tagged supported devices. (i.e. you can have VLAN 10 and VLAN 20, or more added to this switch. Then set the VLAN for each individual device on this switch. AP is using SSID VLAN 10, then AP gets VLAN 10. If 20, AP gets 20.)
Straight answer is yes.
Set the port on SG2008 with VLAN 10 and VLAN 20, tagged, then you connect two APs to it. This switch can only supply tagged networks from the moment you set it.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Ok. Thank you for your answer.
Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)
As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.
I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.
But what is best practice? Option 1 or 2?
If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)
Once again; thank you for you input. I have learned a lot :-)
BR
Thomas
- Copy Link
- Report Inappropriate Content
Hi @stringfarm
stringfarm wrote
Hi @Clive_A
Ok. Thank you for your answer.
Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)
If you need to extend the network further, add another switch to develop the VLAN further. Yes, you should get one that supports VLAN.
i.e. Uplink---Unmanaged switch---Switch(this should be one that supports VLAN at least)
Would you recommend I go with an additional managed switch at the end? And if so; would that work out-of-the-box by recognizing the tagged packages coming from the 1. switch? (option1)
As you see in the first image I have to "travel" a distance from one point to another. At this place I would like the same set up as the place with the initial switch.
I guess I could "jump" the first switch and have a copied setup at the second switch (with different VLAN ID off course as I would have 2 IP (switches) for the FW static routing rule) (option2) but I want a seemless setup and transition from one building to another. The FW could use 2 ports each with two VLAN IDs. Port1 would be a the test set up in building 1 and port2 would "travel" across the fiber transceiver to the second switch with the same set up.
But what is best practice? Option 1 or 2?
If option 1 works is there a link or guide you could provide for setting up managed2managed switching with VLANs on the TP-link devices? There seems to be different opinions on daisy chaining switches on the Internet :-)
To answer your questions:
1. Have to set up VLAN ID to make any VLAN works. Unless you are talking about unmanaged switch connecting to SG2008P and only used for adding more ports for your EAP. In this way, you don't need to config anything. Only VLAN supported device can be used on this unmanaged switch.
2. You don't have to set up the routing twice. Just on the first one(which is usually called the core switch). The rest of them just need VLAN configured.
If you are interested in developing your network further into a huge one, you should consider a pyramid setup.
Core layer > Distribution layer > Access layer. To explain this further, you deploy L3 switch(core layer), L2+ or L2 as the distribution layer, and unmanaged switches as access layer.
The best practice would be Router only to take care of NAT. No involved in routing too much. Switch takes care of routing and physical connections.
Since your router is Omada one, you can probably think of setting up your network by this guide: How to create multi networks and manage network behavior with ACL on Omada Gateway in standalone mode
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2241
Replies: 10
Voters 0
No one has voted for it yet.