[RESOLVED] Need basic port based vlan help

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

skeal

Part of the Furniture
Hi
I have three TL-SG108E smart switches. Named as: North, South, and Main. On North and South I have identical settings. 2 x 802.1q port based vlans. They are setup, one has a PVID of 2 the other 8. I setup two 802.1q vlans on the Main switch to separate the North and South switches, all without using tagging. It works. Things are seperated. However the two vlans named PVID 8 I would like to talk to each other. What do I have to do to allow these two identical vlans on North and South to communicate with each other through the Main switch while PVID 2 stays separated?
 
Last edited:

abailey

Very Senior Member
Hi
I have three TL-SG108E smart switches. Named as: North, South, and Main. On North and South I have identical settings. 2 x 802.1q port based vlans. They are setup, one has a PVID of 2 the other 8. I setup two 802.1q vlans on the Main switch to separate the North and South switches, all without using tagging. It works. Things are seperated. However the two vlans named PVID 8 I would like to talk to each other. What do I have to do to allow these two identical vlans on North and South to communicate with each other through the Main switch while PVID 2 stays separated?

How do you have the switches physically connected? Also, just to make sure, you are using 802.1q VLAN tagging and not port based tagging, right? They are two different things.
 

skeal

Part of the Furniture
How do you have the switches physically connected? Also, just to make sure, you are using 802.1q VLAN tagging and not port based tagging, right? They are two different things.
The switches are connected by Ethernet always using port 1 as the uplink. The VLAN I'm using is called 802.1q and has tagging available. Just not being used yet. There is a section on just port VLAN but I'm not using it, I'm using the 802.1q version. Think this way, Main switch is connected to port 1 of my Asus router. The Main switch has 2 vlans one for the north switch and one for the south. This seperation is desirable but I need an exception so I can connect two computers. One on the south end of my house, the other the north.
 

skeal

Part of the Furniture
The north and south switches are again connected by ethernet to port 2 and 3 of the Main switch.
 

skeal

Part of the Furniture
Oh and the switches have a web based configuration utility. To make it idiot proof, however not for this idiot....LOL
 

coxhaus

Part of the Furniture
The only way I setup VLANs is with tags and networks. This works well no matter how many switches you have.
 

CaptainSTX

Part of the Furniture
I would suggest that you look for the info you need on the TP-LINK site. They have some good instructions and examples of how to set up and use 802.1Q VLANS with port tagging and PVID.

If you still can't get it to do what you want then I found their tech support by e-mail responsive and knowledgeable.
 

abailey

Very Senior Member
Ok I'll give it a shot. First a few thoughts:

Your setup is not ideal and is lacking in security because it appears you will be using the same subnet for all VLANs. Also I believe your router is not VLAN aware thus you will be mixing traffic from all VLAN's when you exit the Main switch going to your ASUS. But for your use case that might be acceptable. Also, I assume that all your ports are members of VLAN 1 and that cannot be changed (seems like that is how it is on TP-Link switches).
Because of the limitations above, I cannot promise that my instructions will work, as I have never designed a network like what you are trying to do it.

I'm not saying this is the only way to do it but here is what I would try:

On switch North - it sounds like you have your VLAN ID's set up as 1 (Default), 2 and 8. You have assigned the ports to each VLAN you want the device in and set the PVID to that VLAN number. Ok. Now on this switch I would Make your uplink port (Port 1?) an untagged member of VLAN 1 (which I think it has to be anyhow) with a PVID of 1. Then make port 1 a TAGGED member of both VLAN 2 and 8 (and make sure it is not an untagged member of 2 and 8).

On switch South - it sounds like you have set it up like the North switch. Because you do not have a VLAN aware router you will need to change the setup slightly so that VLAN2 will not be able to talk to VLAN2 on the other switch. I realize right now it does not, but the changes I am telling you to make would allow VLAN2 to talk across switches, thus you need to change the config a little here. So on this switch instead of VLAN2 use a different VLAN, lets say VLAN4. So create a VLAN4 and change everything on VLAN2 over to VLAN4 and get rid of VLAN2. Now on your uplink (port1) - set port 1 as an untagged member of VLAN1 with a PVID of 1. Then set it as a TAGGED member of both VLAN4 and VLAN8.

On switch Main -
You should have VLAN1 (default), VLAN2, VLAN4, and VLAN8 defined as VLANs.
Port 2 which connects to the North switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 2 and 8.
Port3 which connects to the South switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 4 and 8.
Port 1 (your uplink to the ASUS router) should be an untagged member of VLAN1, VLAN2, VLAN4, and VLAN8 with a PVID of 1.

Once again can't promise it will work.
 

skeal

Part of the Furniture
Ok I'll give it a shot. First a few thoughts:

Your setup is not ideal and is lacking in security because it appears you will be using the same subnet for all VLANs. Also I believe your router is not VLAN aware thus you will be mixing traffic from all VLAN's when you exit the Main switch going to your ASUS. But for your use case that might be acceptable. Also, I assume that all your ports are members of VLAN 1 and that cannot be changed (seems like that is how it is on TP-Link switches).
Because of the limitations above, I cannot promise that my instructions will work, as I have never designed a network like what you are trying to do it.

I'm not saying this is the only way to do it but here is what I would try:

On switch North - it sounds like you have your VLAN ID's set up as 1 (Default), 2 and 8. You have assigned the ports to each VLAN you want the device in and set the PVID to that VLAN number. Ok. Now on this switch I would Make your uplink port (Port 1?) an untagged member of VLAN 1 (which I think it has to be anyhow) with a PVID of 1. Then make port 1 a TAGGED member of both VLAN 2 and 8 (and make sure it is not an untagged member of 2 and 8).

On switch South - it sounds like you have set it up like the North switch. Because you do not have a VLAN aware router you will need to change the setup slightly so that VLAN2 will not be able to talk to VLAN2 on the other switch. I realize right now it does not, but the changes I am telling you to make would allow VLAN2 to talk across switches, thus you need to change the config a little here. So on this switch instead of VLAN2 use a different VLAN, lets say VLAN4. So create a VLAN4 and change everything on VLAN2 over to VLAN4 and get rid of VLAN2. Now on your uplink (port1) - set port 1 as an untagged member of VLAN1 with a PVID of 1. Then set it as a TAGGED member of both VLAN4 and VLAN8.

On switch Main -
You should have VLAN1 (default), VLAN2, VLAN4, and VLAN8 defined as VLANs.
Port 2 which connects to the North switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 2 and 8.
Port3 which connects to the South switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 4 and 8.
Port 1 (your uplink to the ASUS router) should be an untagged member of VLAN1, VLAN2, VLAN4, and VLAN8 with a PVID of 1.

Once again can't promise it will work.
Thanks I'm a bit busy but will get at this a couple hours. It looks doable to me.
 

skeal

Part of the Furniture
Ok I'll give it a shot. First a few thoughts:

Your setup is not ideal and is lacking in security because it appears you will be using the same subnet for all VLANs. Also I believe your router is not VLAN aware thus you will be mixing traffic from all VLAN's when you exit the Main switch going to your ASUS. But for your use case that might be acceptable. Also, I assume that all your ports are members of VLAN 1 and that cannot be changed (seems like that is how it is on TP-Link switches).
Because of the limitations above, I cannot promise that my instructions will work, as I have never designed a network like what you are trying to do it.

I'm not saying this is the only way to do it but here is what I would try:

On switch North - it sounds like you have your VLAN ID's set up as 1 (Default), 2 and 8. You have assigned the ports to each VLAN you want the device in and set the PVID to that VLAN number. Ok. Now on this switch I would Make your uplink port (Port 1?) an untagged member of VLAN 1 (which I think it has to be anyhow) with a PVID of 1. Then make port 1 a TAGGED member of both VLAN 2 and 8 (and make sure it is not an untagged member of 2 and 8).

On switch South - it sounds like you have set it up like the North switch. Because you do not have a VLAN aware router you will need to change the setup slightly so that VLAN2 will not be able to talk to VLAN2 on the other switch. I realize right now it does not, but the changes I am telling you to make would allow VLAN2 to talk across switches, thus you need to change the config a little here. So on this switch instead of VLAN2 use a different VLAN, lets say VLAN4. So create a VLAN4 and change everything on VLAN2 over to VLAN4 and get rid of VLAN2. Now on your uplink (port1) - set port 1 as an untagged member of VLAN1 with a PVID of 1. Then set it as a TAGGED member of both VLAN4 and VLAN8.

On switch Main -
You should have VLAN1 (default), VLAN2, VLAN4, and VLAN8 defined as VLANs.
Port 2 which connects to the North switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 2 and 8.
Port3 which connects to the South switch should be untagged in VLAN1 with a PVID of 1. It should be TAGGED in VLANs 4 and 8.
Port 1 (your uplink to the ASUS router) should be an untagged member of VLAN1, VLAN2, VLAN4, and VLAN8 with a PVID of 1.

Once again can't promise it will work.
Winner winner chicken dinner!! ;):) It's exactly what I needed. I backed it all up and have a general understanding of what you helped me with. Thanks for your patience. You have no idea how long I struggled with this. If I have a special problem with this configuration I'll start a conversation with you, thanks again!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top