Need hel with VLAN configuration on TL-SG108E

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Need hel with VLAN configuration on TL-SG108E

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Need hel with VLAN configuration on TL-SG108E
Need hel with VLAN configuration on TL-SG108E
2017-06-10 04:29:35
Model : TL-SG108E

Hardware Version :

Firmware Version :

ISP :

I am trying to get to grips with configuring VLANs on my new TL-SG108E.

I can't at the moment see any use for 8021Q mode, however I'm sure it must do *something* vaguely useful.

If I configure a VLAN, lets use ID 2 and assign some ports to it that shows up fine in the table, so far so good. However since every port is a member of VLAN ID 1 and that can't be changed what difference does the bit I have
added make? A packet arriving on the port I have assigned to VLAN ID 2 will get sent to the other ports I have assigned to it, but it will also get sent to those same ports (and every other port) because they are all on VLAN ID 1.

In fact, at the moment, I can't see how this differs from an unmanaged switch, any untagged packet arriving on any port will get sent to all the other ports regardless of how I configure things. Am I misunderstanding something?


Maybe the PVID is significnat. If I set things up as follows:-

VLAN ID 2 - Ports 2 and 3 are in VLAN ID 2
Set the PVID for port 2 to VLAN ID 2, set 'untagged'.

If a packet arrives at port 2 where does it go?
  0      
  0      
#1
Options
12 Reply
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-10 05:57:46

chrisisbd wrote


A packet arriving on the port I have assigned to VLAN ID 2 will get sent to the other ports I have assigned to it, but it will also get sent to those same ports (and every other port) because they are all on VLAN ID 1.


No, untagged packets arriving on untagged port 2 will be forwarded to the VLAN defined in the PVID of port 2, not to any other VLAN this port is also a member of. So, if PVID of port 2 is 1, all untagged packets will be forwarded only to the default VLAN 1, not to any other VLAN. If PVID is 2, all untagged packets will be tagged with VID 2 and therefore will be forwarded only to VLAN 2 members.

To have the switch forward all untagged packets arriving on untagged ports 2 and 3 into VLAN 2, you would have to set both PVIDs of port 2 and 3 to the VID 2.

Setting PVID to 1 makes only sense for untagged ports not belonging to any VLAN or for tagged ports to handle untagged packets and send them to the default VLAN (= any ports on TL-SG108E, but not on other switches, such as for example the TL-SG2008).

Maybe this table makes it somewhat clearer what happens with various settings:



༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-10 17:40:19
Thanks for that very helpful reply, I'm slowly beginning to understanf VLANs.

I have just a 'standalone' TL-SG108E, it's the only VLAN aware device on my system. So it seems to me that using 802.1q VLANs doesn't win me anything compared with port based VLANs, is that right?

If I understand correctly using 802.1q I can only really have untagged ports because nothing else on my LAN will understand tagged packets, thus (as far as I can see) 802.1q doesn't offer anything different from port based VLANs. It also means that you can only really have a maximum of 8 VLANs as the only way to use them is to have a por with the PVID set to the VLAN. Do I have this right?
  0  
  0  
#3
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-10 17:57:34
Sorry, a second reply, I've been looking at your table a little harder. It's what happens *within* the switch that I'm still not clear about.

In my case *all* packets will be received from 'outside' untagged so the port that receives the packet will add the PVID. Then what happens to the packet? It's 'inside' the switch and it does now have a tag.
All my ports will be untagged as nothing else on my LAN will understand tagged packets. So I *think* the packet will go to any/all ports that are in the VLAN given by the PVID that has been added to the packet.
Is this right? If no port is a member of the VLAN given in the PVID then the packet will be dropped. Thus, as I said in my other reply, there is absolutely no use (in my 'standalone' case) for more than 8 VLANs.
  0  
  0  
#4
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-10 19:41:27

chrisisbd wrote


So I *think* the packet will go to any/all ports that are in the VLAN given by the PVID that has been added to the packet.
Is this right?


This is right. And since all ports in factory settings are always members of the Default VLAN 1 (sometimes also called Native VLAN) and every PVID is 1, too, the switch behaves in factory setting like any other (unmanaged) switch.


If no port is a member of the VLAN given in the PVID then the packet will be dropped.


Theoretically, yes. But in practice: if no port is a member of a given VLAN, you cannot set this VID as PVID for any port. The switch's UI does not allow this. To be able to set a PVID N, not only the VLAN N must exist, but the port to be assigned this PVID N must also be a member of VLAN N.

In other words: you can have a VLAN 20 with no member port, but you can't assign this VID 20 to any port in this case, therefore - if you only use untagged packets outside the switch - no packet inside the switch will ever get tagged with this VID 20. It could arrive tagged already, but that's another story.


Thus, as I said in my other reply, there is absolutely no use (in my 'standalone' case) for more than 8 VLANs.


I'm not sure what you mean with 8 VLANs. For unmanaged mode you need no VLAN at all, even while the switch internally uses the Default / Native VLAN 1 to accomplish forwarding of untagged traffic. Packets then will arrive untagged at the switch and will leave the switch untagged. From the outside perspective, It is much the same as having no VLAN tags at all (and in fact outside the switch you indeed don't have VLAN tags).

As long as you don't need more than one subnet handled by the switch, you don't need 802.1Q VLANs at all. If you need two segmented subnets, you need two VLANs and a third one for untagged packets. If you need 25 segmented subnets you need 26 VLANs including the one for untagged packets.

If you just want to separate ports for security reasons into different segments in the same subnet, use MTU VLANs (Multi-Tenant Unit VLANs). Then you have 7 VLANs for 7 ports and a single port shared by those 7 VLANs, which then totals 8 VLANs.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#5
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-11 05:58:54
Thsnks again for your very helpful reply.

> Theoretically, yes. But in practice: if no port is a member of a given VLAN, you cannot set this VID as PVID for any port.
> The switch's UI does not allow this. To be able to set a PVID N, not only the VLAN N must exist, but the port to be assigned this PVID N must also be a member of VLAN N.

Of course! :-)

> If you just want to separate ports for security reasons into different segments in the same subnet, use MTU VLANs (Multi-Tenant Unit VLANs). Then you have 7 VLANs for 7 ports and a single port shared by those 7 VLANs, which then totals 8 VLANs.[/QUOTE]

I see, this just gives 7 isolated segments that can't talk to each other but can send/receive from the 'upload' port.


What I'm actually after is a mix of segments, some of which can talk to each other and some can't. I may not be able to achieve all I want with just
the managed switch but (with the help I've received here) I think it will do quite a lot of what I need.
  0  
  0  
#6
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-11 06:58:30

chrisisbd wrote


I see, this just gives 7 isolated segments that can't talk to each other but can send/receive from the 'upload' port.


That's correct.


What I'm actually after is a mix of segments, some of which can talk to each other and some can't. I may not be able to achieve all I want with just
the managed switch but (with the help I've received here) I think it will do quite a lot of what I need.


There is still another VLAN mode, it's called "Port-based VLAN". This probably will do what you need by allowing mixed segments. I never tried this mode, since I need 802.1Q VLANs, but maybe you want to play with it to see wether it will work the way you want.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#7
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-11 17:52:22
> There is still another VLAN mode, it's called "Port-based VLAN". This probably will do what you need by allowing mixed segments. I never tried this mode, since I need 802.1Q VLANs, but maybe you want to play with it to see wether it will work the way you want.

Yes, however TP-Link don't seem to have implemented that correctly, or at least they haven't implemented it the way that everyone else implemsnts it! In the TP-Link Port Based VLAN each port can only belong to one VLAN, in everyone else's implementation ports can belong to multiple VLANs.
  0  
  0  
#8
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-06-11 20:23:17

chrisisbd wrote

>In the TP-Link Port Based VLAN each port can only belong to one VLAN, in everyone else's implementation ports can belong to multiple VLANs.


If a port is a member of more than one VLAN, it is not Port-based anymore, but an 802.1Q-based VLAN. It does not make any sense to me to have an untagged port with membership in more than one VLAN if the device connected to such untagged port can't handle VLAN tags at all.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#9
Options
Similar problem: Tagging VLAN 1
2017-07-09 00:27:19
I'm seeing a related weird problem in that there appears to be no way to tag VLAN 1 or remove it from a port as it possible on all other switches I own (mostly NetGear).

I have multiple networks on separate VLANs where, for a given port, one VLAN will be the default (PVID + untagged), but the others will be available tagged for devices that know about them.

The problem comes up when I don't want my office network (VLAN 1) available on a port dedicated to the guest network (VLAN 87)

What I want is:

PVID=87 Untagged: 87 Tagged: 1, 50

Is there any way to do that with this switch without rearranging all the VLANs on the network?
  0  
  0  
#10
Options
Re:Need hel with VLAN configuration on TL-SG108E
2017-07-10 01:31:15

sgs wrote

I'm seeing a related weird problem in that there appears to be no way to tag VLAN 1 or remove it from a port as it possible on all other switches I own (mostly NetGear).


Yes, that's what bothers me the most with TL-SG108E, too.

We have > 1,000 WiFi routers in the field which use VLAN 1 for the LAN and a VLAN trunk to the APs for Multi-SSIDs. We can't switch away from VLAN 1 being the LAN and therefore can't use TL-SG108E/PE in this case, b/c even trunk ports are fixed untagged members of VLAN 1 on this switch. So we are forced to use Netgear GS108E to carry VLAN tagged traffic from our TP-Link WiFi routers to the TP-Link EAPs if the customer demands an inexpensive 8-port switch.


Is there any way to do that with this switch without rearranging all the VLANs on the network?


No. Using VLAN 87 instead of 1 as the default VLAN for untagged packets would require to be able to define this VID for the default VLAN. You could use it as a "secondary default VLAN", but even then VLAN 1 is still not useable for tagged traffic on a trunk port.

IMHO, if a VLAN is assigned manufacturer-specific semantics, then at least a higher VID should be used (>4090) rather than VID 1.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 6066

Replies: 12

Related Articles