Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 6 of 6
  1. #1

    TL-SG108E Multiple VLAN help

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hello, my name is Tomberg.

    I'm currently developing a prototype box that uses the TL-SG108E switch, that is a little hard to explain, I'll start with what each port has:

    1 = gateway router for internet connection
    2 = other switch for users
    3 = ADMIN port
    4 = Pi1 (Virtual Router)
    5 = Pi2
    6 = Pi3
    7 = Pi4
    8 = Pi5

    So I have Port 1, connecting to Port 4. I call that Vlan101. In working order, it gives my virtual router access to the internet, and allows distribution to my semi-DMZ areas. This having IP Addresss 192.168.0.3

    Then I have Port 4, connecting to Ports 2,5-8. This giving the Pi's, and the user's supplied, and semi-controlled internet under new IP Address 10.0.3.1/26

    Then I need Port 3 and 4 to connect for a secure ADMIN Port for my vRouter, and its privatized web server.

    I have tried setting:

    VLAN101 = 1,4
    VLAN102 = 2,4-8
    VLAN103 = 3,4

    But I've gotten no use, and I feel I'm not getting the hang of this. I can set PVID to certain ports, but how do I set multiple VLANS on the same port? I kind of need it for that Port 4. If anyone has a working setting for this switch to allow this, I would appreciate it. This has kept me up for the past few nights.

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Quote Originally Posted by Tomberg View Post
    I have tried setting:

    VLAN101 = 1,4
    VLAN102 = 2,4-8
    VLAN103 = 3,4

    But I've gotten no use, and I feel I'm not getting the hang of this. I can set PVID to certain ports, but how do I set multiple VLANS on the same port?
    You already have it: port 4 is a member of all VLANs 101, 102 and 103, therefore making it a trunk port. The virtual router needs to have a trunk port, too, or in other words: it must be capable of processing tagged Ethernet frames. For most Linux/UNIX systems this is no problem: just create a VLAN-enabled interface to connect the router with the switch's trunk port.

    Also make sure you use latest firmware of early 2018, which lets you remove ports 1-3 and 5-8 from the Default_VLAN 1. Only port 4 should be member of VLAN 1 and this only to be able to assign it a PVID of 1, so effectively dropping untagged frames arriving over the trunk port. See this thread for an explanation.

  3. #3
    Thanks! So I've been working on this all day. I started fresh on all my Pi's. I have my vRouter Pi setup on the Vlans (102, and 103), and I have it assigning proper dhcp now., along with static IP's for all Pi Servers.

    I'm working on my IPTables to be able to transfer the basic ports for everything on DMZ, to the Outer net. I have a lot of services running though, and really I don't even know how much the Pi's can handle.

    I'll look into the firmware upgrade after I clone my OS's. I did notice the whole PVID 1 problem, but I will try to set it to Port 4 only.

    Would that affect my access to the switch? I've been locked out of it before.

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Quote Originally Posted by Tomberg View Post
    Would that affect my access to the switch? I've been locked out of it before.
    Not if you use static IPs on your laptop. If using different DHCP server for different VLANs, then yes, it could lock out your laptop from the switch.

  5. #5
    So... I think I got it. I have vlan 101,102,103, and 104
    101 connects port 1 to port 4 (Internet to linux vRouter)
    102 connects port 4 to ports 5-8 (vRouter to DMZ Servers)
    103 connects port 4 to port 2 (vRouter to Users port [up to 60~ish users but probably limit to 25])
    104 connects port 4 to port 3 (vRouter to Admin port)

    I am happy to say that I have my Vlans, iptables, and dhcp all set up enough to be able to ping all Vlan connected devices outside to the network on port 1.

    I'm pretty set with my tp-link switch settings now, thank you. The rest of my work involves getting this iptables complete.

  6. #6
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,638
    Glad it works. Have fun with the switch (and iptables setup)!


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.