I’m putting together a VLAN setup for the first time with a Balance 20 (firmware 8.0.2).
I have two vlans: VLAN20, VLAN30 (plus the untagged LAN). All VLANs have their own DHCP server for now.
Inter-VLAN routing is enabled on all networks.
No extra firewall rules beyond the default are enabled.
For ports:
1: Access / untagged (upstream unmanaged switch connected)
2: Access / VLAN20
3: Access / VLAN30
4: more later
In this configuration, plugging a laptop into ports 2 or 3 get an IP in the correct subnet and can communicate with other devices as expected. No issues.
Next, I add a managed switch (TP-SG108E) with a static IP in the default LAN.
That switch has:
VLAN20 (ports 2, 8), port 2 is untagged, port 8 is tagged
VLAN1 (default, all ports untagged)
Port 8 is connected to port 4 on the balance 20
This is based off one rough example in the TP-SG108E manual
On the balance 20, I set port 4 to Trunk / VLAN20
In this configuration, plugging a laptop into port 2 of the smart switch can communicate with the balance and gets an IP in the VLAN20 subnet as expected. However, it cannot communicate with the smart switch itself. In fact no one can talk to the smart switch. I think this is expected since the Balance port is set to only VLAN20.
Next, I tried changing balance port 4 to Trunk / Any, and then nothing works. I also tried Trunk / Untagged + VLAN20. Still nothing works.
The only way I have found to be able to communicate with the smart switch on port 4 is if the port is set to Access.
It seems that I have the VLAN working correctly, but the default LAN is not right. Can someone provide some guidance?
Thanks!
HI and welcome to the forum!
yes
this is the right approach.
This currently feels like a switch config issue. First thing to check is the VLAN mode the TP-SG108E is in. You want it set to 802.1Q VLAN not MTU or Port based VLAN modes (but from what you’ve said I think you’re in the right mode).
On the switch then (in VLAN > 802.1Q VLAN page) you want to:
- Leave as default VLAN ID 1 with all ports (apart from port 2) as untagged members.
- Add VLAN20 with port 2 as an untagged member and port 8 as a tagged member
- Then navigate to VLAN > 802.1Q VLAN PVID Setting Set Port 2 as PVID20
I suspect you are not setting the PVID and thats why connecting a laptop to Port 2 on the switch isn’t working. Is that the case?
Have a play and let us know how you get on. Screenshot the switch config pages and paste them here if you still have issues. Good luck!
1 Like
Martin,
Thanks for this prompt reply. It sounds like I’m close. I am using 802.1Q as you surmised. I did in fact have the PVID set correctly on Port 2 of the switch. One thing I noticed was that I also had Port 2 as a member of the default VLAN. I fixed that today, but to no avail.
As a reminder, Port 8 on the switch is the uplink to Port 4 on the Balance 20. VLAN20 works fine (ie. I can plug into Port 2 on the switch, get an automatic address in the correct subnet and communicate with everyone as expected, except the switch itself which has a static address in the untagged subnet).
Here’s the Switch VLAN setup:
As a new user, I can only post one image, so look for more replies with the other configs.
Hopefully, someone’s astute eye will catch something that I’ve missed.
I guess as a fallback plan, I could put everything in a tagged VLAN, and probably get the config to work, but that sounds overly burdensome.
Thanks,
Jonathan
Here’s the switch PVID Setup:
And, finally, the Balance 20 Port setup:
Yup. that looks exactly like how I would have done it.
Just for the sake of sanity and completeness, please show the vlan20 network config on the balance.
So the current issue is you can’t access the switch on its web ui right? And the webui is on untagged VLAN?
1 Like
Ignore that bit - since you said VLAN20 is working.
1 Like
@jonashbrook, While I do not have your same equipment, I have a (Netgear GS108Ev3) which is most likely very similar. I just pulled it off the network the other day, but just checked my settings on it. You are on the right track, I think you need to just adjust some of the untagged/tagged ports, and adjust the membership settings for those groups to access the web interface of the managed switch. Additionally, an internal firewall rule might need to be added, but I do not have one active at the moment.
Attached are screen shots of my setup. 1 is the untagged main uplink, 3 is a camera VLAN, and 22 is a secondary VLAN similar to your VLAN 20. I can confirm access from VLAN 22 with this setup.
-Jeff
1 Like
Well, I’ve tried every combination of settings on both the Balance 20 and the TP-Link switch. As soon as I turn on VLAN (even with only the default) on the switch, the Balance 20 can no longer communicate with the switch over the untagged interface. I did the simplest thing on the switch where VLAN is enabled and all ports are in the default vlan. I tried both tagged and untagged on the uplink port. Neither work. My understanding is that I probably want the uplink port untagged for the default VLAN so that the tags are stripped. However, neither setting works.
Very aggravating because I can’t tell if this is a problem with the switch or the Balance 20. The VLANs work, just not the untagged network.
I guess my options are to not have any untagged traffic on the switch (everyone is in a tagged VLAN) or ordering a Netgear switch and see if it’s any better.
It seems like the SG108E and the Balance 20 cannot properly communicate untagged traffic if VLANs are enabled.
Craig (and Jeff and Martin),
Thanks for your help on this topic. Craig’s mention of firmware versions on his switch made me wonder if I had flashed the new switch. I dug up the latest TP-Link firmware for my switch which was only ~2 months newer. However, I flashed it just to be sure. The firmware version is the same (1.0.0), but the date and the release are newer (thanks to TP-Link for their misleading versions).
After the firmware upgrade on the switch, everything just works as expected. I haven’t explored very far yet, but here’s the current switch setup:
Port 2 PVID is set to 20. Uplink to the Balance is on Port 1. The Balance has the uplink port set to Trunk/Any (which is what I was expecting it to be). Everyone can talk to the switch (untagged LAN). PCs on the VLAN20 (but plugged into different switches) can communicate with each other and devices in the untagged LAN. There’s no VLAN isolation yet as I’m just getting pieces in place.
Amateur waste of time of my own time… I think I just got a corner cut off my engineering card.
2 Likes
