Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 7 of 7
  1. #1

    Question Need help understanding Easy Smart Switch 802.1q config.

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Easy Smart Switch Configuration Utility Ver. 1.0.4.3
    Easy Smart Switch TL-SG1024DE 3.0 with Firmware 1.0.1 Build 20170530 Rel 39402

    The "802.1q VLAN" page allows creating associations between VLANs and ports. The ports can either be marked as Tagged, Untagged, or neither (meaning "non-member" port). I have assumed these to be "Egress Rules" which apply to packets being transmitted.

    My understanding of "Egress Rules": A port marked as Tagged will pass packets containing the VLID and INCLUDE that VLID unaltered in packets transmitted on the port. A port marked as Untagged will pass packets containing the VLID but will REMOVE the VLID from transmitted packets transmitted on the port (packets are transmitted without a VLID).

    The "802.1q PVID Setting" page allows setting a PVID for each port. I have assumed is this is the "Ingress Rule" for the port.

    This is my understanding of "Ingress Rules". Any untagged packet received by the port will be tagged with the assigned VLID.

    Based upon my experiments trying pings between nodes on ports using various egress and ingress rules, my assumptions and understandings do not seem to be the case.

    Can someone please explain how the tagged/untagged port associations work and what purpose does the PVID assignment serve?

    Thank you!

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Quote Originally Posted by tx350z View Post
    The "802.1q VLAN" page allows creating associations between VLANs and ports. The ports can either be marked as Tagged, Untagged, or neither (meaning "non-member" port). I have assumed these to be "Egress Rules" which apply to packets being transmitted.
    Strictly speaking, they apply to ingress and egress traffic. If a tagged frame arrives on a tagged port, the tag is unaltered and if the port is a member of this VLAN, it is being forwarded, else it is dropped.

    If an untagged frame arrives on a tagged port, the PVID is added to the frame and handled like a tagged frame (see above).

    My understanding of "Egress Rules": A port marked as Tagged will pass packets containing the VLID and INCLUDE that VLID unaltered in packets transmitted on the port. A port marked as Untagged will pass packets containing the VLID but will REMOVE the VLID from transmitted packets transmitted on the port (packets are transmitted without a VLID).
    Correct.

    The "802.1q PVID Setting" page allows setting a PVID for each port. I have assumed is this is the "Ingress Rule" for the port.
    That's correct for so-called "access" ports (member of exactly one VLAN) only. On so-called "trunk" ports (member of several VLANs), a tagged frame will keep its tag if it is not equal to the primary VLAN ID (PVID). If it equals the PVID, the tag gets removed from the frame on egress on most switches, but there are also other switches on the market (even some older TP-Link ones), which keep the tag on egress. On more expensive switches such as the T series you can choose either way and probably on TL-SG108E you could do so by assigning the trunk port to the native VLAN as untagged, but I have not tested this (yet).

    That's why it is important to upgrade the Easy Smart Switches to latest firmware: after one year of feature requests R&D could be convinced to let users remove ports from the Default-VLAN.

    This is my understanding of "Ingress Rules". Any untagged packet received by the port will be tagged with the assigned VLID.
    Yes and no. The 802.1Q standard defines a native VLAN, which must be able to handle untagged frames: If untagged frames arrive on a trunk port, they must be tagged with the native VLAN ID. Whenever such (originally untagged) frames leave the switch on any other port (which can only be an access port assigned to this native VLAN or a trunk port), the tag must be removed.

    That almost certainly was the reason for TP-Link to always keep all ports in the Default_VLAN aka native VLAN. But since this caused many troubles with existing network topologies, the changed it in the way that ports now may be removed from the Default_VLAN, which perfectly makes sense.

    Based upon my experiments trying pings between nodes on ports using various egress and ingress rules, my assumptions and understandings do not seem to be the case.
    Update the firmware of TL-SG108E or else you will go crazy. I did so and hardly recovered from this.
    Last edited by R1D2; 03-13-2018 at 21:30.

  3. #3
    I found my 108E's needed the firmware update. All is good there. However, my TL-SG1024DE's firmware all appear to be up to date (1.0.1 Build 20170530 Rel.39402) and there is no option to remove ports from Default_VLAN. Is there a firmware update coming for the 1024DEs?

  4. #4
    On so-called "trunk" ports (member of several VLANs), a tagged frame will keep its tag if it is not equal to the primary VLAN ID (PVID). If it equals the PVID, the tag gets removed from the frame on egress on most switches, but there are also other switches on the market (even some older TP-Link ones), which keep the tag on egress. On more expensive switches such as the T series you can choose either way and probably on TL-SG108E you could do so by assigning the trunk port to the native VLAN as untagged, but I have not tested this (yet).
    Assuming the latest firmware is in installed, how do the TL-SG108E and TL-SG1024DE handle tags equal to the PVID? The option switch you mention in the T series seems like a simple feature and should maybe find it's way to the TL series switches?

  5. #5
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Quote Originally Posted by tx350z View Post
    I found my 108E's needed the firmware update. All is good there. However, my TL-SG1024DE's firmware all appear to be up to date (1.0.1 Build 20170530 Rel.39402) and there is no option to remove ports from Default_VLAN. Is there a firmware update coming for the 1024DEs?
    Best would be to contact TP-Link support and ask for correction of SG1024DE firmware, too. See Rain's post here: http://forum.tp-link.com/showthread....l=1#post227797

    Assuming the latest firmware is in installed, how do the TL-SG108E and TL-SG1024DE handle tags equal to the PVID? The option switch you mention in the T series seems like a simple feature and should maybe find it's way to the TL series switches?
    See also the recent update of my post above: probably you can choose even on TL-SG108E to define the exact behavior (tagged/untagged egress) for Ethernet frames tagged with the native VLAN. I have not tested this, since in my VLAN-only environment there are no untagged frames coming in or going out over trunk ports. A native VLAN is only relevant if you have servers such as some HP models, which communicate certain protocols untagged even on trunk ports, or if a server uses QoS priorities encoded in VLAN frame headers, but does actually not use VLANs.

    Also see this FAQ related to the port behavior: http://forum.tp-link.com/showthread....l=1#post229035
    Last edited by R1D2; 03-13-2018 at 21:46.

  6. #6
    Thanks R1D2. I appreciate you sharing your knowledge and experience with these switches. I'm still very happy with them because they are the only affordable managed switches on the market (I'm building out a network for a charity).

    I'm just going to do initial config of new switches with a directly connected workstation. Like you, I will have no untagged packets on trunk ports. The only snag seems to be when 802.1q is enabled on a new switch. Since there are no VLANs defined at that moment, connectivity to the switch is lost if the workstation is not directly connected or it's access port is not configured for VLID 1. That's a small issue I can live with.

  7. #7
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Quote Originally Posted by tx350z View Post
    Since there are no VLANs defined at that moment, connectivity to the switch is lost if the workstation is not directly connected or it's access port is not configured for VLID 1.
    This can be tricky if the switch uses a mgmt VLAN, which is not directly accessible, but only through a trunk port. But the TL-SG108E's web UI can be reached through any VLAN if you use the static IP. So if you have at least one access port (untagged), you always can manage it. Just plug your laptop into an access port and set a static IP on your laptop, too. That's really easy (thus Easy Smart Switch ).

    Those switches are ideal for small networks and small budgets. I use two of them for my family's home network to separate private, guest and IoT networks from each other. Together with a Linux-based router the VLAN capabilities of the switch are very useful. And bandwidth limits for guest access are helpful, too.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.