Based on the list of Asus devices that support VLAN it appears to be significantly less expensive to buy a few managed switches to connect to your nodes rather than replace your nodes (the managed switches I use are $18 USD at Amazon). As far as size goes the 8-port switches are pretty small so they're fairly easy to make unobtrusive. As well, the TL-SG108E switches that I use have a function to turn off the LEDs if that's a concern, so I'm assuming the TL-SG105E (5-port version) also has that function.
Good discussion!
- Yes if it’s simply down to cost then the switches attached to each node (as I concluded in one of my two options above) work out far cheaper, there’s no denying that.
- I have the TL-SG105E and yes it’s pretty small.
- Disabling the LEDs is a function I really wanted and was a strong reason for selecting that make and model. It’s surprising how many Switches do not have that capability. On the 8 port equivalent you can do the same but beware that on many other of the TP-Link Switches you cannot disable them, so if it’s important to you, check the manual.
…. I just couldn't wrap my head around the configuration, but then I found a post on one of the TP-Link forums by a guy that made it very easy to understand and walked through the process step-by-step so I was able to get them dialed in.
If you still have that link it’d be useful for future reference, thanks.
As
@jksmurf pointed out it's much cleaner if you can VLAN tag using your AiMesh nodes but I'm not going to spend hundreds of dollars per node to upgrade them all when I can drop $25 on switches like these and accomplish the same thing.
True. If you’re upgrading anyway, it makes sense but TBH I thought there were a lot more VLAN capable units than
@visortgw listed from ASUS source. I thought there’d be some of the ZenWifi internal antenna type of models that are “stuff it under the bed and antennas can’t be wrecked by a 3-year old” friendly.
As well, my house is wired with Ethernet so I've got wired devices in places where there aren't nodes, so the switches let me add those devices to the Guest Network VLANs without being directly connected to any of the Asus hardware.
That is almost identical to my remotely managed (my folks house) setup. Hence the 3 to 5 switches, currently there are 3 nodes but 5 Ethernet jacks.
@jksmurf By the way, maybe I misunderstood your previous post but when you added the managed switch to the mix did you plug the AiMesh node into the managed switch and then run an uplink from the managed switch to the main router? If so, I'm curious why you did that instead of plugging the managed switch into one of the node's LAN ports and then just connect whatever devices you wanted tagged to the managed switch instead of the node.
Excellent question. Yes I did put the switch between the router and the node, initially. Why? Two reasons and no blame here btw, I always wanted to get a managed switch to try this
- @bennor asked in this post further up the thread if I’d seen ASUS recommendations on putting a managed switch between Router and Node. So after I bought the little TL-SG105E as a trial, I did exactly that and this is what the spiel above was all about i.e. that it did not work for me, as the Node (apparently) can’t just be on 3006, it must be VLAN-capable (so it begs the question why do you even need the switch, but maybe there’s other reasons you might).
- @visortgw suggested in this post that I might be able to replace the (8 port) unmanaged switch (see picture in the post above it) with a managed switch I.e “I am suggesting a single managed switch to replace the unmanaged switch. On my TP-Link managed switch, VLAN IDs are replicated properly once configured. Even if AiMesh nodes run 3004 (or 386) firmware, the managed switch can restrict traffic to the entire AiMesh node (i.e., you wouldn't be able to configure VLANs for separately individual LAN ports on the AiMesh nodes)”.
- I only tried the ASUS configuration mentioned above (switch between router and node), as my primary focus was to see if i could get Node ports to assign a specific subnet to attached devices.
- I did not try any other configuration on the switch e.g. “to restrict traffic to the entire mesh node” as this was not my primary focus. It might be useful to do that at my folks place anyway, but on that system I wanted to attach ESP32s to the mesh node and have them on the IoT network.
I believe that
@jksmurf wanted to prevent access to unrestricted ports on the AiMesh nodes.
As above and apologies for not being clear on this in the beginning, that was not my primary focus (but I might look at how to do that anyway, somewhere down the line). The nodes have all 3 VLANs for Wi-Fi devices.
So assuming I'm correct, I'd argue having less hops for the backhaul is not only more efficient/clean but eliminates the possibility that any configuration issues on the managed switch will cause the node to disconnect like
@jksmurf described.
Agree. So in order of fewer hops preference for a system that would give you ports on a specific subnet (on Node or Switch), my take would be VLAN Router-VLAN Node, VLAN Router-Node-Switch, VLAN Router-Switch-VLAN Node.
I know the pain, when I wasn't fully dialed in on how to configure the VLANs on the managed switch I ended up blocking myself from being able to access it several times due to erroneous configuration and had to factory reset each time so I could start over.
I’m glad I wasn’t the only one struggling with this. I think the way e.g. ASUS FAQ says to configure which ports are tagged or untagged vs the way the Switch GUI configures these using VLAN IDs, then ports, is confusing.
. Step 3 was particularly useful i.e.“Step 3: Now assign port 1 as a tagged member of VLAN 10 and 80 and remove ports 2-4 as members of VLAN 1 (check "Not member"). Leave ports 1 and 5 untagged in VLAN 1 so you don't get disconnected on port 1 (or use another port)”. I.e. due to idiosyncrasies in the way the TP Link configures members/non-members for VLAN 1 initially, you have to add them all, then remove the ones you don’t want afterwards. Neat.
