Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 4 of 4
  1. #1

    EAP225 with Controller Management VLAN

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    I have 3 EAP 225 v2.

    Firmware: TL-EAP225v2_1.2.0_[20170828-rel67446]_up_signed
    Controller: 2.5.1
    Switches: TL-SG108E/TL-SG1016DE

    VLAN ID Configuration
    1 Default_VLAN
    2 Fibe
    3 Testing

    All AP's are plugged into a trunk port. (ie. tagged). PVID on switch port is set to 1.

    WITHOUT Management network set to VLAN 1, the AP's will sometimes grab an IP from VLAN 1, or sometimes an IP from VLAN 2. Why is it getting an IP from VLAN 2?

    If I plug a laptop into the same the switch port, I always get VLAN 1. (normal)

    If I enable Managment network set to VLAN 1, the AP will not get an IP.

    Can anyone explain this?

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,127
    Quote Originally Posted by enforcerviper View Post
    All AP's are plugged into a trunk port. (ie. tagged). PVID on switch port is set to 1.
    The PVID defines the primary VLAN ID, sometimes also called native VLAN. The primary/native VLAN exists to handle untagged traffic even on trunk ports. Setting PVID to 1 on a trunk port means on most switches that tags of Ethernet frames with VID 1 will be removed on egress, i.e. become untagged (that's how a primary/native VLAN is supposed to work).

    What's more, the TL-SG108E always removes tags with VID 1 on trunk ports on egress, since all ports are always (untagged) members of VLAN 1 on this switch. Switches without a fixed Default-VLAN allow assignment of any VLAN ID to be used as the native VLAN, so VID 1 can be configured to be tagged on trunk ports. Such switches even lets you override the semantics of the PVID on trunk ports designating a native VLAN.

    Solution for Easy Smart Switches like the TL-SG108E: use VLAN 1 for untagged traffic only and another VLAN (!= 1) for mgmt, if the mgmt VLAN should use tagged frames.

    WITHOUT Management network set to VLAN 1, the AP's will sometimes grab an IP from VLAN 1, or sometimes an IP from VLAN 2. Why is it getting an IP from VLAN 2?
    Can't be answered without more information on how the DHCP server is connected to which switch. A picture of the network topology would be helpful.

    If I plug a laptop into the same the switch port, I always get VLAN 1. (normal)
    Since it uses untagged frames, doesn't it? Those frames will be assigned to the primary/native VLAN.

    If I enable Managment network set to VLAN 1, the AP will not get an IP.
    I guess because frames arrive tagged at the switch, but replies will be untagged and dropped by the EAP (AFAIK the EAP doesn't have the notion of a primary/native VLAN, but I didn't investigate further). You could test it with a switch or router which allows for VID 1-tagged frames on egress, i.e. not an Easy Smart Switch.
    Last edited by R1D2; 11-12-2017 at 10:25.

  3. #3
    Thanks for the response. It appears the problem is with the TL-SG108E v1.0 of the switch. I just upgraded to the TL-SG1016DE v3.0 and it works as it should. (With Management VLAN off, and PVID set to 1).

    The issue can be replicated simply by using a TL-SG108E v1.0 and EAP225. I hope TP-LINK will release updated firmware, but I'm not holding my breath.

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,127
    Quote Originally Posted by enforcerviper View Post
    The issue can be replicated simply by using a TL-SG108E v1.0 and EAP225. I hope TP-LINK will release updated firmware, but I'm not holding my breath.
    Never-ending story with the fixed Default_VLAN 1 of TL-SG105E and TL-SG108E/PE. I did give up trying to convince them that it is indeed a bad idea to use a fixed native VLAN.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.