Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 8 of 8
  1. #1

    TL-SG108E Locks up with Access Points

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    I am using a TL-SG108E to provide individual VLAN's to offices with shared internet. Basically I configured as VLAN101 port 1&8, VLAN102 port 2&8 etc with port 8 connect to Virgin Media router. An ethernet cable from port 1 to a network switch in the first office, port 2 to a Belkin Wifi Access point in the second office, port 3 to a switch in the 3rd office.
    All worked well for a few weeks and it has done what I intended, stopping printers etc in one office being accessible from the others.
    The problem came when a put in another Wifi Access Point in the 4th office. It works as expected for about 20min then both Wifi access points cannot connect to the internet (or the router). The ports not connected to an access point (1 & 3) still work fine. Rebooting the SG108E restores access or another 20 minutes or so. I have tried 2 different routers (set as access points) and the same happens with both. Both access points have DHCP disabled and have different ip address & different SSIDs.

    What is going wrong? I was expecting a smart switch to help improve the reliability of the network by (partially) isolating the separate offices but it has made it worse. How can an access point (or any other device) on one VLAN effectively shut down another VLAN?

    Any help would be greatly appreciated.

    JD

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Which firmware are you using on the TL-SG108E? What IP assignments (static? dynamic?) are stationary and mobile devices are using?

    Without detailed descriptions it is not possible to help, but I guess it could be a config problem if you are still using older firmware with a Default_VLAN 1 and DHCP being used for mobile devices connecting to the APs. TO do a quick check, assign a mobile device a static IP and test wether it also loses Internet access after 20 minutes.

  3. #3
    Okay, I'll try and give you more information.
    The main router is a Hitron CGNV4, it has IP of 192.168.1.1 and DHCP enabled 192.168.1.100 - 200. This is connected to port 8 of the TL-SG108E.
    The TL-SG108E is
    Device Description TL-SG108E
    MAC Address 18: D6: C7: D7: B2:85
    IP Address 192.168.1.202
    Subnet Mask 255.255.255.0
    Default Gateway 192.168.1.1
    Firmware Version 1.0.2 Build 20160526 Rel.34615
    Hardware Version TL-SG108E 2.0
    Static IP address
    VLANs set up as
    VLAN ID VLAN Name Member Ports Tagged Ports Untagged Ports Delete
    1 Default_VLAN 1-8 1-8
    101 Port_1 1,8 1,8
    102 Port_2 2,8 2,8
    103 Port_3 3,8 3,8
    104 Port_4 4,8 4,8
    105 Port_5 5,8 5,8
    106 Port_6-7 6-8 6-8






    Port 1 goes to a 5 port unmanaged switch, 3 PC's & 1 network printer. All work fine all the time
    Port 4 goes to a single PC, always works fine
    Port 2 goes to a Belkin Access Point (static IP), wired to 2 PC's & 1 printer, Wifi to a printer and a couple of iPhones this worked fine until the addition of the following
    Port 3 goes to a SR102 router (static IP) acting as an access point, wifi connection to 2 laptops, a printer & a couple of phones

    As I said, before adding the SR102 everything was fine. Now after about 20 mins both the Belkin & the SR102 seems to loose connection to the router. Anything already connected looses internet and new devices (eventually) get a strange IP like 169.254.120.240. If I manually set an IP in range and ping the TL-SG108E it gets a reply, pinging the router 192.168.1.1 results in a timeout. Pings to another device on the same VLAN are successful and this then restores internet access after about 20 seconds. I can then ping router and the "no internet" warning disappears from the PC's

    Have have tried using another access point instead of the SR102 and I get similar results.
    If I remove the TL-SG108E and connect the access points directly to the main router everything works fine (but obviously no VLAN's).

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by J-D View Post
    Now after about 20 mins both the Belkin & the SR102 seems to loose connection to the router. Anything already connected looses internet and new devices (eventually) get a strange IP like 169.254.120.240.
    This are "self-assigned IPs" meaning the (renew-) DHCP requests from those devices are not answered for whatever reason. Could be caused by using an IP on more than one device by accident. You have no real VLANs in this setup, all ports are always members of Default_VLAN 1, so two devices using the same IP could invalidate each other's ARP entry on the switch. Just a guess.

    Upgrade to latest firmware TL-SG108E(UN)_V3_20171214 (you can install this on HW v2, too). Use MTU (Multi-Tenant-Unit) VLAN, assign port 8 as the uplink. If it still shows disconnects caused by the SR102, trace the DHCP packages from clients connected to this AP.

  5. #5
    Hi R1D2,
    Thanks for your reply. There should not be 2 devices using the same IP as everything is DHCP assigned and if I don't use the TL-SG108E and connect the access points directly to the router there is no problem. I never really understood why there is a "Default_VLAN 1" which cannot be edited or deleted. This set-up does seem to work as intended, ie you cannot connect to the printers in the other offices despite VLAN1. I set it up using this guide https://www.tp-link.com/us/faq-788.html, just ignoring the parts about a second switch.
    I could try MTU, I have only just looked up what it is. I think it would mean ports 6&7 wouldn't be able to connect to each other (I was planning on connecting them to 2 offices in the same department) but I guess I could add a unmanaged switch to sort that. I don't know how to trace DHCP packages, I'll have to do some research.
    Are you sure I can put V3 firmware on V2? I don't want to brick it.
    Thanks
    JD
    Just thought of something. There is a person who works in both offices and I think their iphone might be able to connect to both access points so if they move from one office to another with their wifi on it would connect to V102 then later connect to V103. Would that cause this problem?

  6. #6
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by J-D View Post
    I never really understood why there is a "Default_VLAN 1" which cannot be edited or deleted. This set-up does seem to work as intended, ie you cannot connect to the printers in the other offices despite VLAN1.
    Yes, this fixed default VLAN did cause lot of headache, but finally TP-Link changed it after a year of complaining. As for the connections: you're right regarding unicast traffic, but not for broadcasts from the router: they are still send to all devices. To isolate VLANs completely, every VLAN would need to carry its own subnet only, but I understand that this is not what you want to achieve.

    I set it up using this guide https://www.tp-link.com/us/faq-788.html, just ignoring the parts about a second switch.
    I could try MTU, I have only just looked up what it is. I think it would mean ports 6&7 wouldn't be able to connect to each other (I was planning on connecting them to 2 offices in the same department) but I guess I could add a unmanaged switch to sort that. I don't know how to trace DHCP packages, I'll have to do some research.
    Right, MTU VLAN will split ports 6 and 7 into two separate VLANs. To trace DHCP use tcpdump on Unix/Linux or wireshark on Windoze.

    Are you sure I can put V3 firmware on V2? I don't want to brick it.
    Yes, I'm sure. See the thread about VLAN1 fix some posts below. I updated a TL-SG108E HW v2 with software v3 and it works. Status page will show it as HW v3 later on.

    Just thought of something. There is a person who works in both offices and I think their iphone might be able to connect to both access points so if they move from one office to another with their wifi on it would connect to V102 then later connect to V103. Would that cause this problem?
    Could be if ARP/MAC tables are not flushed, albeit a proper network driver should issue a gratuitous ARP reply every time an interface is going up/down or an IP address changes, which should flush old ARP entries on all switches/routers. From time to time I experience this on an old, overloaded MacBook if changing WiFi networks, but it doesn't last for 20 minutes then.

  7. #7
    Hi R1D2,
    Many thanks for your help. I think I am getting somewhere. I stayed behind after everyone had gone and it so far has been stable. I'm thinking maybe several people may have both wifi codes and if they move out of range it might not correctly disconnect from one network then connect to the other.
    Before getting this smart switch I tried using a router behind a router, I read about double NATs problems but it seemed to work well for a while, including things like teamviewer which I thought might be a problem, it happened to be already programmed for a LAN 10.0.?.? This appeared to give me good isolation but strangely after a few weeks the internet connection slowed right down then eventually stopped. Rebooting restored connection but the problem would randomly reoccur so I thought a smart switch was the way to go.

    I think the 20 mins delays come from the fact that after the internet has gone down there will be a delay before I get to reboot things. This means that after it comes back on people with stay at their desks for a while to catch up before wandering off to another office or the coffee machine. If it is something like this I would have thought it would have just blocked the one IP, not shut down everything on that port. So if this is the problem how do I solve it? I can stop most people but there are times when people move offices to help out, they will probably just pull the LAN cable out of their laptop, move office and plug in to a different VLAN. To do proper isolation as you suggested, with separate subnets, will need more equipment and I am trying to keep things as simple and reliable as possible. If I go down the MTU VLAN route will that be more stable, or using the V3 firmware and removing VLAN1 from most ports?
    Thanks again
    JD

  8. #8
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by J-D View Post
    they will probably just pull the LAN cable out of their laptop, move office and plug in to a different VLAN.
    That should be no problem since caches are flushed if the link goes down. As soon as the interface comes up again in another VLAN, the router behind a switch will learn the new location. If switching VLANs with my laptop (I do this very often), I select the appropriate IP profile with a static IP for the VLAN. On a MacBook, see "Locations" in the Apple menu. This always works perfectly.

    If I go down the MTU VLAN route will that be more stable, or using the V3 firmware and removing VLAN1 from most ports?
    Not necessarily, but I if not, it can further help to isolate the problem. I had lot of unexpected (similar) connectivity problems with this fixed port assignment to the Default_VLAN 1 and in fact couldn't actually use three TL-SG108E/PE in an existing infrastructure because of this. Fortunately it had been accepted as a bug now by TP-Link's R&D and just few days ago even the TL-SG108PE's firmware was released, so I can use all those switches in my office as intended.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.