Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 13 of 13
  1. #1

    Need hel with VLAN configuration on TL-SG108E

    Model : TL-SG108E

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    I am trying to get to grips with configuring VLANs on my new TL-SG108E.

    I can't at the moment see any use for 8021Q mode, however I'm sure it must do *something* vaguely useful.

    If I configure a VLAN, lets use ID 2 and assign some ports to it that shows up fine in the table, so far so good. However since every port is a member of VLAN ID 1 and that can't be changed what difference does the bit I have
    added make? A packet arriving on the port I have assigned to VLAN ID 2 will get sent to the other ports I have assigned to it, but it will also get sent to those same ports (and every other port) because they are all on VLAN ID 1.

    In fact, at the moment, I can't see how this differs from an unmanaged switch, any untagged packet arriving on any port will get sent to all the other ports regardless of how I configure things. Am I misunderstanding something?


    Maybe the PVID is significnat. If I set things up as follows:-

    VLAN ID 2 - Ports 2 and 3 are in VLAN ID 2
    Set the PVID for port 2 to VLAN ID 2, set 'untagged'.

    If a packet arrives at port 2 where does it go?

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by chrisisbd View Post
    A packet arriving on the port I have assigned to VLAN ID 2 will get sent to the other ports I have assigned to it, but it will also get sent to those same ports (and every other port) because they are all on VLAN ID 1.
    No, untagged packets arriving on untagged port 2 will be forwarded to the VLAN defined in the PVID of port 2, not to any other VLAN this port is also a member of. So, if PVID of port 2 is 1, all untagged packets will be forwarded only to the default VLAN 1, not to any other VLAN. If PVID is 2, all untagged packets will be tagged with VID 2 and therefore will be forwarded only to VLAN 2 members.

    To have the switch forward all untagged packets arriving on untagged ports 2 and 3 into VLAN 2, you would have to set both PVIDs of port 2 and 3 to the VID 2.

    Setting PVID to 1 makes only sense for untagged ports not belonging to any VLAN or for tagged ports to handle untagged packets and send them to the default VLAN (= any ports on TL-SG108E, but not on other switches, such as for example the TL-SG2008).

    Maybe this table makes it somewhat clearer what happens with various settings:

    Name:  Untitled1.png
Views: 0
Size:  87.8 KB
    Last edited by R1D2; 06-09-2017 at 22:09.

  3. #3
    Thanks for that very helpful reply, I'm slowly beginning to understanf VLANs.

    I have just a 'standalone' TL-SG108E, it's the only VLAN aware device on my system. So it seems to me that using 802.1q VLANs doesn't win me anything compared with port based VLANs, is that right?

    If I understand correctly using 802.1q I can only really have untagged ports because nothing else on my LAN will understand tagged packets, thus (as far as I can see) 802.1q doesn't offer anything different from port based VLANs. It also means that you can only really have a maximum of 8 VLANs as the only way to use them is to have a por with the PVID set to the VLAN. Do I have this right?

  4. #4
    Sorry, a second reply, I've been looking at your table a little harder. It's what happens *within* the switch that I'm still not clear about.

    In my case *all* packets will be received from 'outside' untagged so the port that receives the packet will add the PVID. Then what happens to the packet? It's 'inside' the switch and it does now have a tag.
    All my ports will be untagged as nothing else on my LAN will understand tagged packets. So I *think* the packet will go to any/all ports that are in the VLAN given by the PVID that has been added to the packet.
    Is this right? If no port is a member of the VLAN given in the PVID then the packet will be dropped. Thus, as I said in my other reply, there is absolutely no use (in my 'standalone' case) for more than 8 VLANs.

  5. #5
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by chrisisbd View Post
    So I *think* the packet will go to any/all ports that are in the VLAN given by the PVID that has been added to the packet.
    Is this right?
    This is right. And since all ports in factory settings are always members of the Default VLAN 1 (sometimes also called Native VLAN) and every PVID is 1, too, the switch behaves in factory setting like any other (unmanaged) switch.

    If no port is a member of the VLAN given in the PVID then the packet will be dropped.
    Theoretically, yes. But in practice: if no port is a member of a given VLAN, you cannot set this VID as PVID for any port. The switch's UI does not allow this. To be able to set a PVID N, not only the VLAN N must exist, but the port to be assigned this PVID N must also be a member of VLAN N.

    In other words: you can have a VLAN 20 with no member port, but you can't assign this VID 20 to any port in this case, therefore - if you only use untagged packets outside the switch - no packet inside the switch will ever get tagged with this VID 20. It could arrive tagged already, but that's another story.

    Thus, as I said in my other reply, there is absolutely no use (in my 'standalone' case) for more than 8 VLANs.
    I'm not sure what you mean with 8 VLANs. For unmanaged mode you need no VLAN at all, even while the switch internally uses the Default / Native VLAN 1 to accomplish forwarding of untagged traffic. Packets then will arrive untagged at the switch and will leave the switch untagged. From the outside perspective, It is much the same as having no VLAN tags at all (and in fact outside the switch you indeed don't have VLAN tags).

    As long as you don't need more than one subnet handled by the switch, you don't need 802.1Q VLANs at all. If you need two segmented subnets, you need two VLANs and a third one for untagged packets. If you need 25 segmented subnets you need 26 VLANs including the one for untagged packets.

    If you just want to separate ports for security reasons into different segments in the same subnet, use MTU VLANs (Multi-Tenant Unit VLANs). Then you have 7 VLANs for 7 ports and a single port shared by those 7 VLANs, which then totals 8 VLANs.
    Last edited by R1D2; 06-10-2017 at 12:02.

  6. #6
    Thsnks again for your very helpful reply.

    > Theoretically, yes. But in practice: if no port is a member of a given VLAN, you cannot set this VID as PVID for any port.
    > The switch's UI does not allow this. To be able to set a PVID N, not only the VLAN N must exist, but the port to be assigned this PVID N must also be a member of VLAN N.

    Of course! :-)

    > If you just want to separate ports for security reasons into different segments in the same subnet, use MTU VLANs (Multi-Tenant Unit VLANs). Then you have 7 VLANs for 7 ports and a single port shared by those 7 VLANs, which then totals 8 VLANs.[/QUOTE]

    I see, this just gives 7 isolated segments that can't talk to each other but can send/receive from the 'upload' port.


    What I'm actually after is a mix of segments, some of which can talk to each other and some can't. I may not be able to achieve all I want with just
    the managed switch but (with the help I've received here) I think it will do quite a lot of what I need.

  7. #7
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by chrisisbd View Post
    I see, this just gives 7 isolated segments that can't talk to each other but can send/receive from the 'upload' port.
    That's correct.

    What I'm actually after is a mix of segments, some of which can talk to each other and some can't. I may not be able to achieve all I want with just
    the managed switch but (with the help I've received here) I think it will do quite a lot of what I need.
    There is still another VLAN mode, it's called "Port-based VLAN". This probably will do what you need by allowing mixed segments. I never tried this mode, since I need 802.1Q VLANs, but maybe you want to play with it to see wether it will work the way you want.

  8. #8
    > There is still another VLAN mode, it's called "Port-based VLAN". This probably will do what you need by allowing mixed segments. I never tried this mode, since I need 802.1Q VLANs, but maybe you want to play with it to see wether it will work the way you want.

    Yes, however TP-Link don't seem to have implemented that correctly, or at least they haven't implemented it the way that everyone else implemsnts it! In the TP-Link Port Based VLAN each port can only belong to one VLAN, in everyone else's implementation ports can belong to multiple VLANs.

  9. #9
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by chrisisbd View Post
    >In the TP-Link Port Based VLAN each port can only belong to one VLAN, in everyone else's implementation ports can belong to multiple VLANs.
    If a port is a member of more than one VLAN, it is not Port-based anymore, but an 802.1Q-based VLAN. It does not make any sense to me to have an untagged port with membership in more than one VLAN if the device connected to such untagged port can't handle VLAN tags at all.

  10. #10

    Similar problem: Tagging VLAN 1

    I'm seeing a related weird problem in that there appears to be no way to tag VLAN 1 or remove it from a port as it possible on all other switches I own (mostly NetGear).

    I have multiple networks on separate VLANs where, for a given port, one VLAN will be the default (PVID + untagged), but the others will be available tagged for devices that know about them.

    The problem comes up when I don't want my office network (VLAN 1) available on a port dedicated to the guest network (VLAN 87)

    What I want is:

    PVID=87 Untagged: 87 Tagged: 1, 50

    Is there any way to do that with this switch without rearranging all the VLANs on the network?

  11. #11
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by sgs View Post
    I'm seeing a related weird problem in that there appears to be no way to tag VLAN 1 or remove it from a port as it possible on all other switches I own (mostly NetGear).
    Yes, that's what bothers me the most with TL-SG108E, too.

    We have > 1,000 WiFi routers in the field which use VLAN 1 for the LAN and a VLAN trunk to the APs for Multi-SSIDs. We can't switch away from VLAN 1 being the LAN and therefore can't use TL-SG108E/PE in this case, b/c even trunk ports are fixed untagged members of VLAN 1 on this switch. So we are forced to use Netgear GS108E to carry VLAN tagged traffic from our TP-Link WiFi routers to the TP-Link EAPs if the customer demands an inexpensive 8-port switch.

    Is there any way to do that with this switch without rearranging all the VLANs on the network?
    No. Using VLAN 87 instead of 1 as the default VLAN for untagged packets would require to be able to define this VID for the default VLAN. You could use it as a "secondary default VLAN", but even then VLAN 1 is still not useable for tagged traffic on a trunk port.

    IMHO, if a VLAN is assigned manufacturer-specific semantics, then at least a higher VID should be used (>4090) rather than VID 1.
    Last edited by R1D2; 07-09-2017 at 17:41.

  12. #12
    Bummer, sounds like I should have used a Netgear GS108PE for this application -- I was just looking for a smart switch with a couple PoE ports to power a downstream switch.

    I alos noticed the switch becoming unreachable for management under circumstances I couldn't figure out.

    This seems more like a lame assumption in the UI -- it makes total
    sense for factory reset to set all ports to VLAN 1, but this is the only switch I'v ever seen that won't let you move ports to other VLANs.

    I agree that, it there's going to be a dedicated management VLAN (if that's what they're trying to do), it should be configurable or at least, as you suggest, be pretty much anything but 1.

  13. #13
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,135
    Quote Originally Posted by sgs View Post

    This seems more like a lame assumption in the UI -- it makes total
    sense for factory reset to set all ports to VLAN 1, but this is the only switch I'v ever seen that won't let you move ports to other VLANs.
    Yes. Given the fact that the web UI is written in Javascript, changes are that it might be possible to remove a port from VLAN 1 or to even use it on a trunk port with the right command on the cmdline. So I tried to establish a serial connection to the SoC chip directly, but with no success so far. OTOH, if a customer does a factory reset, such changes could be reverted again, so it is not really an option. Interestingly, on a TL-SG2008 it is possible to remove ports from VLAN 1.

    I tried to convince TP-Link twice to change this in the TL-SG108E's firmware, but still have no response to the second ticket I did open regarding default VLAN 1.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.