Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 4 of 4
  1. #1

    Ping a PC from VLAN101 to another PC in VLAN102 accepted!

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hi,
    By configuring VLAN 101 and VLAN 102 according to Figure1 and Figure2 and having connected Internet from Router TP-LINK TL-WR2543ND direct to Port 1 of the Switch, I can still ping a PC from VLAN 101 to another VLAN 102 PC and vice versa. Is there anything wrong with configuring this communication between VLANs?
    Thank you.
    Attached Images    

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,205
    Quote Originally Posted by jeryroman View Post
    By configuring VLAN 101 and VLAN 102 according to Figure1 and Figure2 and having connected Internet from Router TP-LINK TL-WR2543ND direct to Port 1 of the Switch, I can still ping a PC from VLAN 101 to another VLAN 102 PC and vice versa. Is there anything wrong with configuring this communication between VLANs?
    Yes. Port 1 is a member of all VLANs (1, 101 and 102). Therefore ingress untagged packets will be tagged with the PVID of the corresponding ports, then being forwarded to member ports (including port 1). Before forwarding to the TL-WR2534 the tag will be removed b/c it's an untagged port. The router then will route it to the destination and forward the packet back to port 1 where it now will be tagged with PVID 1 and so its reaches it destination even if it is in another VLAN.

    To isolate the VLANs you have to output tagged packets to your router and to route them into two independent, separated subnetworks. You can't share an untagged connection (port 1 to a router) with both VLANs 101 and 102 in a single network.

  3. #3
    R1D2 thanks for your reply.
    I need to share the Internet from the Router TL-WR2543ND (which has the DHCP server activated) for VLAN 101 and VLAN 102 (which should not be seen) without using other routers.
    I saw in other posts that it is possible to do this with 1 router and 1 manageable switch using the configuration that I posted.
    I noticed that the TL-WR2543ND Router I use does not support the 802.1Q protocol. Does this fact influence the ability to segment in VLANs?
    Thank you.
    Attached Images    

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,205
    Quote Originally Posted by jeryroman View Post
    I need to share the Internet from the Router TL-WR2543ND (which has the DHCP server activated) for VLAN 101 and VLAN 102 (which should not be seen) without using other routers.
    Not possible. With your setup you not only share Internet access, but also the common subnet the devices in both VLANs are members of.

    I saw in other posts that it is possible to do this with 1 router and 1 manageable switch using the configuration that I posted.
    Which manageable switch? There are a lot of different devices out there. If the manageable switch is a Layer 3 switch, then yes, it could handle different VLANs, different broadcast domains, access control and even DHCP and routing services between different VLANs/subnets.

    But the TL-SG108E does not offer such features. It is a smart switch, not a manageable switch. To do such fancy things like separating devices into different VLANs for access control/separation, you will need a router (or a manageable L3 switch with routing functionality) in order to create own subnets for different VLANs. It does not make much sense to separate the same subnet into VLANs. VLANs are used primarily to combine two logical, but independent subnets on one physical cable, not to replace access control lists (ACLs).

    See this post if you want to implement VLANs with a SOHO router such as the TL-WR2543ND. But you will have to install OpenWRT on it (if possible at all; I didn't check availability of OpenWRT on this particular device):

    http://forum.tp-link.com/showthread....l=1#post194548
    Last edited by R1D2; 03-05-2017 at 16:17.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.