VLAN's on SG-3428 without vlan aware router
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.VLAN's on SG-3428 without vlan aware router
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi,
I would like to seperate several devices on my SG-3428 TP-Link switch without a vlan aware router. So the switch is connected thru port 24 with a TP-link router that does not support vlans.
I found on the internet that it is possible to seperate several devices thru vlan's but when i make these 802.1q vlan's and add ports to it, the ports that are using another PVID then the default can not reach the Internet nor other devices on the switch.
Config:
vlan 1 = default
vlan 2 = internet
vlan 3 = lan+internet
ports 1,2,3,4,8,9,10 until 24 are in vlan 1 and 2
ports 5,6,7 are in vlan 1 and 3
PVID for most ports are 1 but for the 2 ports in vlan 2 they are PVID 2.
I want to accomplish that ports 5,6,7 cannot reach devices on the other ports but can connect to Internet, if possible the other way around is not a problem that way i can monitor the devices on both ports but they cannot reach me on the other ports.
Is this possible?
The router where the switch is connected to accepts all because it cannot read vlan's.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Based on your information, maybe the PVID you set wrong.
" I want to accomplish that ports 5,6,7 cannot reach devices on the other ports but can connect to Internet."
This is your needs, we suggest you set the 1,2,3,4,8,9,10 until 24 in vlan 1 and 2, ports 1,2,3,4,8,9,10 until 23 PVID set as 2.
And ports 5,6,7,24 are in vlan 1 and 3, ports 5,6,7 PVID set as 3.
And the port 24 in ALL VLAN 123, PVID set as 1.
Please have a try.
Best Regards!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Of course you can't ping through, they're in different VLANs.
The purpose of setting up VLANs is to separate the two groups so that the devices in each group don't have access to each other, but both have internet access.
Generally speaking, if you find that devices in different VLANs can't ping through to each other, it means that your VLAN has been successfully established.
Doesn't this mean that you have achieved what you said, "I want to accomplish that ports 5,6,7 cannot reach devices on the other ports but can connect to the Internet"?
Please take a look the Example 1: https://www.tp-link.com/support/faq/788/
Best Regards!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
So now i can reach the switch again with ipnumber. Hving a look at thru the console port with putty it seemed that all ports i have given PVID 2 exept for ports 5-7 and 24. I think this was the cause that the switch was not accassible thru its ipnumber because it is on interface 1 vlan 1, but am not sure.
I do not know exactly what the PVID does.
When putting port 24 in alle 3 vlan;s but with PVID 1 and alle other ports, except 5-7 into vlan 1 and 2 but with PVID 2 and ports 5-7 in vlan 3 and PVID 3, it is not goiing to work. 5 and 7 can then not reach the other ports (thats the intention) but also not on the internet....
What role has the PVID setting on a tp-link.
On Cisco it does not excist is it the equalivent of Cisco access vlan when not in the trunk vlan?
- Copy Link
- Report Inappropriate Content
Dear @surfer1,
surfer1 wrote
What role has the PVID setting on a tp-link.
On Cisco it does not excist is it the equalivent of Cisco access vlan when not in the trunk vlan?
As for PVID, generally each port only has one PVID, if you set port1's PVID is 10, then the data go through this port will be tagged number 10, but in your current network, you only need to set all ports egress rule as untagged, and in my opinion, the cisco's trunk port is similar with this router's tagged port.
You can check more articles about VLAN configuration to learn more:
How to configure 802.1Q VLAN on Smart and Managed switches using the new GUI?
How to configure 802.1Q VLAN on TP-Link Easy Smart/Unmanaged Pro Switches?
Best Regards!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I will place a new post on this forum with the question if it is possible with the TP-LINK SG-3428 switch to use ACL's for this case. The reason that i am doubting this is that ACL's are based on ingress traffic and not traffic to deny from specific ports.
I have looked at it but when making an ACL and binding the vlan to it where ports 5 and 7 are in then this does not work correct because the mindset is wrong, the mindset is set to egress from ports 5 and 7 and not ingress from router to ports 5 and 7.
Is it possible?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2513
Replies: 18
Voters 0
No one has voted for it yet.