Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 24
  1. #1

    TL-SG108E (v2) question about (default) VLAN1

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hello,

    I just bought a TL-SG108E (v2).
    But i see that i can't remove the default VLAN1 from the ports.
    All ports are untagged member of VLAN1
    What do i need to do to remove the VLAN1 on the ports?
    I don't want to use VLAN1.

    thanks

  2. #2
    Members Mr.J is on a distinguished road
    Join Date
    Aug 2016
    Posts
    117
    Haha,dude, vlan1 is the default vlan for management. You cannot remove it.

  3. #3
    Quote Originally Posted by Mr.J View Post
    Haha,dude, vlan1 is the default vlan for management. You cannot remove it.
    I don't ment to remove the default VLAN1, i junst want to "unmember" al my ports of VLAN1.

  4. #4
    If assign of some port value of PVID to different from 1, will force UNTAGED packets to other VLAN

  5. #5
    Quote Originally Posted by lexxai View Post
    If assign of some port value of PVID to different from 1, will force UNTAGED packets to other VLAN
    So i have to change for al ports the PVID to a VLAN different from 1?
    Is this the only way to do this?
    It would be a great feature that you can exclude ports out of VLAN1 in the VLAN setttings in de webinterface menu.

  6. #6
    Will add, that IP of switch can be accessed from any VLAN !!!
    Need just set static IP of same network that and switch.
    Because switch have all ports in VLAN1.

    No secure use it switch in WAN connect solution.
    Especially if user can change VLAN w/o any AUTH : http://forum.tp-link.com/showthread....uthentication.
    use PVID !=1 not help in this case.

  7. #7
    Quote Originally Posted by lexxai View Post
    Will add, that IP of switch can be accessed from any VLAN !!!
    Need just set static IP of same network that and switch.
    Because switch have all ports in VLAN1.

    No secure use it switch in WAN connect solution.
    Especially if user can change VLAN w/o any AUTH : http://forum.tp-link.com/showthread....uthentication.
    use PVID !=1 not help in this case.
    Adding PVID!=1 does help... a little. Untagged packages will be put on different LAN and won't reach the switch, but tagged packages are still able to reach the switch interface. The Vlan(Q) tagging wasn't made for security on those switches.

  8. #8
    Junior Member fabrizziosoares is on a distinguished road
    Join Date
    Jan 2017
    Posts
    1
    Quote Originally Posted by sanosis View Post
    Adding PVID!=1 does help... a little. Untagged packages will be put on different LAN and won't reach the switch, but tagged packages are still able to reach the switch interface. The Vlan(Q) tagging wasn't made for security on those switches.
    I'd tried this. I put port 6 on VLAN 200 and defined PVID = 200, but if I put a IP Address in same network of switch management tool, I can reach web tool.
    Is there any way to limit access to switch gui only for specific VLAN?

  9. #9
    Quote Originally Posted by fabrizziosoares View Post
    I'd tried this. I put port 6 on VLAN 200 and defined PVID = 200, but if I put a IP Address in same network of switch management tool, I can reach web tool.
    Is there any way to limit access to switch gui only for specific VLAN?
    Forgot about it device until new firmware will be. I have same problem, and I use it switch just as unmanaged.

  10. #10
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,132
    Quote Originally Posted by lexxai View Post
    Forgot about it device until new firmware will be. I have same problem, and I use it switch just as unmanaged.
    I don't understand why TP-Link uses a valid VLAN ID 1 for a default VLAN anyway. Shouldn't untagged packets have no VLAN ID at all (i.e. PVID=0 -> no tag)?

  11. #11
    No way to do that. It just a easy smart switch that allow all VLAN to access its web page. Management switch could do that.

  12. #12
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,132
    Quote Originally Posted by johnson View Post
    No way to do that. It just a easy smart switch that allow all VLAN to access its web page. Management switch could do that.
    Of course there would be a way to do it: by TP-Link changing the firmware. Even cheap business-class WiFi APs such as those running PharOS let you change the VLAN ID for access to their web UI after a firmware upgrade by TP-Link and Easy Smart switches are classified as business-class devices, too.

    This "Default VLAN" could be a policy decision of TP-Link for model separation, but it makes it difficult to sell EAPs, CPEs and Easy Smart switches to small businesses in existing hotspot systems, which already use VLAN 1 for another purpose and need a Multi-SSID setup. Those SMB customers would be willing to buy a TL-SG108E/PE to connect the EAPs/CPEs, but not a much more expensive manageable switch with plenty of functions they don't need at all.
    Last edited by R1D2; 01-22-2017 at 13:40.

  13. #13
    No news on topic? TP-LINKers, shame on you!

  14. #14
    I also requested the source code form them so that I can make the changes. Got rejected!


    This is a really bad business decision for not letting users to:

    a. remove vlan1
    b. allow tag support on vlan1
    c. un-member ports belonging to vlan1


    Shame on tp-link for not taking action!

  15. #15
    see the URL below to disable vlan1. Instruction is one page 5.

    https://forum.pfsense.org/index.php?topic=123324.60


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.