Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TP-LINK Smart Switches anyone?

    Scheduled Pinned Locked Moved Hardware
    239 Posts 54 Posters 194.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      Harvy66
      last edited by

      I got an HP Procuve 1810v2-24g(J9803A) http://www.newegg.com/Product/Product.aspx?item=N82E16833316731 for $210. All ports can be a trunk. While it does have 2 "uplink" ports, they're just normal ports, just with the option to use a fiber adapter as uplinks tend to need more range. I assume the TP-Link is the same.

      Technically, you could just tag a port to have all VLANs and manually make sure all switches have the same VLAN ids. Still best to create a proper trunk.

      1 Reply Last reply Reply Quote 0
      • R Offline
        robi
        last edited by

        This HP model costs twice than the TP-Link, in my area. Also, is the HP fanless?

        Guys, an "uplink" port on these cheap switches means only that it can be connected to another switch using straight cables, meaning the port is autosensing. These days, all the ports can be "uplinks"… Tagging of the traffic has nothing to do with this feature.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          I disagree for a couple of reasons.

          There is no need for an uplink port such as you describe on a Gigabit switch since all ports are auto-MDX. Unless the switch has a single fibre or 10Gig port for that purpose, these dont.

          I have never seen a switch that had VLAN capability that couldn't do a VLAN 'trunk'. Even those really cheap Netgear switchs that require a Windows utility to control them. (Edit: These are quite a bit cheaper though)

          What would be the purpose of a switch that recognised VLAN tags but was unable use a trunk port?
          1. You could divide the switch in to separate groups of ports that formed, in effect, separate switches.
          2. You could possibly pass VLAN tagged traffic without stripping the tags.
          Neither of those seem particularly useful in common applications.

          The 'uplink' port referred to in the instructions is specifically for VLANs.

          Just to define it by 'VLAN trunk' I mean a connection carrying traffic with multiple different VLAN tags such that when connected to a pfSense box each of those VLANs can appear as a separate interface.

          Of course I still haven't used one so I stand to be corrected. ;)

          Steve

          1 Reply Last reply Reply Quote 0
          • H Offline
            Harvy66
            last edited by

            @robi:

            This HP model costs twice than the TP-Link, in my area. Also, is the HP fanless?

            Guys, an "uplink" port on these cheap switches means only that it can be connected to another switch using straight cables, meaning the port is autosensing. These days, all the ports can be "uplinks"… Tagging of the traffic has nothing to do with this feature.

            It is fanless. The TP-Link looks fine, feature wise. I only went with HP because my last job used HP and I had nothing but good experiences, plus I've read nothing but good reviews with customer support and warranty support.

            1 Reply Last reply Reply Quote 0
            • R Offline
              robi
              last edited by

              Stephen, we're in the same boat. What I just wrote is that there's no "dedicated" uplink port these days anymore. Back in the old times (15 years ago) some switches and hubs had an additional dedicated uplink port (regardless of tagging features) where port connection was crossed internally, so that people could use straight cables to connect switches to each other or to routers. That port was nothing more than just the first or the last port on the switch duplicated to a cross-connected RJ-45 socket on the board, nothing more, and it was literally printed below it, the word "uplink". Pretty much like the SFP ports double ports 15 and 16 on the TL-SG2216. Maybe we could call these as uplinks dedicated - but only when using fibre optics.

              Apart from that, you can use any port as "uplink" today, on these cheaper switces. Not on Ciscos, the Ciscos still require cross-cables to connect to each-other.

              There are two types of TP-Links we're discussing in this topic:
              Easy Smart Switches: http://www.tp-link.com/en/products/?categoryid=2878
              Smart Switches: http://www.tp-link.com/en/products/?categoryid=223

              I've looked into the manual of the TL-SG1016DE Easy Smart Switch, and the manual of the TL-SG2216 Smart Switch, and noticed quite a lot of differences. Perhaps I misunderstood, but it seemed to me that the Easy Smart model is not capable of transferring multiple VLANs through a port. What's the point of having such a switch I don't know, and I don't really care.
              What I opened this topic for is to be sure which one to buy, to be as sure as possible that it will work with pfSense and tagged VLANs.

              I ordered a TL-SG2216 yesterday btw. I'll test, and if it's OK, I'll order a second one later. And of course will post back here my experiences. This will not answer wether the TL-SG1016DE Easy model can or can't do this, however.

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                Yes, a lot of the HP switches are fanless.  I have one.  :-)

                I saw one of the TP-Link switches at the local Fry's.  Seemed interesting.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  I'm sure the TL-SG2216 will be fine for what you need.
                  I think I'll probably get a TL-SG108E when they become generally available in the UK. They're so cheap that they are comparable to an unmanaged switch from other manufacturers. Looking at the manuals for the TL-SG108E and the TL-SG1016DE (both Easy Smart type) the 16 port appears to have some sort of web interface but I fear the 8 port may be Windows utility only. With the demise of XP I no longer have a Windows box readily available.  :-
                  Anyway if get one I'll let you know for sure what it can and can't do.  ;)

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • V Offline
                    verigoth
                    last edited by

                    @robi:

                    Apart from that, you can use any port as "uplink" today, on these cheaper switces. Not on Ciscos, the Ciscos still require cross-cables to connect to each-other.

                    I'm not sure which Cisco switches you're using but every one I've used that was made in the last decade has worked just fine using straight-through cables on "trunk" links.

                    Let me know how you like the TP-Link - I've been eyeing the TL-SG3216.

                    1 Reply Last reply Reply Quote 0
                    • R Offline
                      robi
                      last edited by

                      OK trying to figure it out, seems to be able to do what I need but it's a bit cumbersome:
                      TP-LINK: How to configure 802.1q VLAN on Smart Switches?

                      1 Reply Last reply Reply Quote 0
                      • H Offline
                        Harvy66
                        last edited by

                        @verigoth:

                        @robi:

                        Apart from that, you can use any port as "uplink" today, on these cheaper switces. Not on Ciscos, the Ciscos still require cross-cables to connect to each-other.

                        I'm not sure which Cisco switches you're using but every one I've used that was made in the last decade has worked just fine using straight-through cables on "trunk" links.

                        Let me know how you like the TP-Link - I've been eyeing the TL-SG3216.

                        I agree. I cannot remember the last time I saw a non-auto MDI-X port on a 1gb switch. Even the cheapest of the cheap can detect. My integrated NIC even supports detecting and adjusting for wrong polarities. You can actually mix up the solid and striped wires on the crimp and it'll still work, just get the colors correct.

                        1 Reply Last reply Reply Quote 0
                        • R Offline
                          robi
                          last edited by

                          Tested TL-SG2216 with a pfSense box, it works handling multple VLANs on a port.

                          Tp-Link has a substantially different approach to implementation of the 802.1Q VLAN standard seen from the user's perspective, but the results seem to be the same as the other swithces.

                          The main idea is (as can be probably seen in the article I linked in the post above) that you have to consider the VLANs as the "owners" of the ports, and not the other way around, as Cisco thinks of it. Because of this, you can't simply define a port as a "trunk" (cisco-like, containing all VLANs) or an access port. You have to add the ports to the various VLANs, and the way you add it to them causes traffic to pass through accordingly.

                          You can add a port to a VLAN in three ways, from the outgoing (egress) perspective of the port:

                          • "Untagged": traffic coming in, which has no VLAN tag, will go into VLAN specified at PVID option. Traffic going out will have no VLAN tag
                          • "Tagged": traffic coming in, which has the VLAN tag set, will go into that VLAN. Traffic going out will have the VLAN tag set accordingly.
                          • "Not member": port does not handle traffic with tag number of the selected VLAN.

                          It's like multidimensional matrix where you have to tick the corresponding rows and columns between the VLAN and the ports.

                          As you see this approach makes it a bit more difficult to have an overview of how to set it up but it's possible.

                          Here's an example where you'd set up port 16 as a Cisco-like trunk (port containing multiple VLANs, 10 and 20) and ports 2 and 3 as access ports for VLANs 10 and 20 respectively.

                          1. First you define all your existing VLANs in the network. In the web interface go to menu VLAN→802.1Q VLAN→VLAN Config and create VLAN 10 and VLAN 20.

                          2. Select in the list VLAN 10. In the table below (VLAN Membership) select "Untagged" for port 2 and set PVID to 10. This will make port 2 catch all the traffic and push it into VLAN 10. Also select "Tagged" for port 16. This will make port 16 push out VLAN 10's traffic with vlan tag set in the headers.

                          3. Select in the list VLAN 20. In the table select "Untagged" for port 3 and set PVID to 20. This will make port 3 catch all the traffic and push it into VLAN 20. Also select "Tagged" for port 16. This will make port 16 push out also VLAN 20's traffic with vlan tag set in the headers.

                          That's it! You have now both VLANs tagged traffic present on port 16.
                          I tested this by creating these VLANs on a pfSense box's nic, added some static IP addresses to these new interfaces in pfSense, connected that nic to port 16, and I was able to ping them separately from PCs connected to ports 2 and 3.

                          One thing to consider though.

                          Port 16 is also a member of VLAN 1, which is the default VLAN of the switch, factory preset. It passes the traffic of VLAN 1 untagged, together with the tagged VLANs 10 and 20. This allowed me to ping pfSense's box nic directly from any other port than 2 or 3 (because these all belong to VLAN 1 by default). I tried to avoid that by removing port 16 from VLAN 1 (setting it to "NotMember"), but it wouldn't let me do that, because port 16's PVID is set to VLAN 1. Changing the PVID first to any other VLAN allowed me to remove it from VLAN 1, but unfortunately broke the functionality, as it only forwarded traffic belonging to that other VLAN.
                          So it seems that you have to keep a dummy VLAN (can remain VLAN 1) where your cisco-like "trunk" ports have to be untagged - in this case it's probably advisable to remember not to put any sensitive traffic on that VLAN which can be accessed on the port untagged.

                          The TL-SG2216/TL-SG2424/TL-SG2424P/TL-SG2452 switches also have a CLI interface (both Telnet and SSH). I looked into the CLI Reference Guide and quickly noticed that the majority of the commands are similar to Cisco's! Moreover, the security approach is very similar, it's got User EXEC Mode, Privileged EXEC Mode, Configuration Modes just like the Cisco Catalyst series. Very funny, here's how I re-created the above example from CLI interface:

                          login as: admin
                          Further authentication required
                          admin@x.x.x.x's password:

                          TL-SG2216>

                          TL-SG2216>enable

                          TL-SG2216#

                          TL-SG2216#conf

                          TL-SG2216(config)#

                          TL-SG2216(config)#vlan 10

                          TL-SG2216(config-vlan)#exit

                          TL-SG2216(config)#interface gigabitEthernet 1/0/2

                          TL-SG2216(config-if)#switchport general allowed vlan 10 untagged

                          TL-SG2216(config-if)#switchport pvid 10

                          TL-SG2216(config-if)#exit

                          TL-SG2216(config)#vlan 20

                          TL-SG2216(config-vlan)#exit

                          TL-SG2216(config)#interface gigabitEthernet 1/0/3

                          TL-SG2216(config-if)#switchport general allowed vlan 20 untagged

                          TL-SG2216(config-if)#switchport pvid 20

                          TL-SG2216(config-if)#exit

                          TL-SG2216(config)#interface gigabitEthernet 1/0/16

                          TL-SG2216(config-if)#switchport general allowed vlan 10 tagged

                          TL-SG2216(config-if)#switchport general allowed vlan 20 tagged

                          TL-SG2216(config-if)#exit

                          TL-SG2216(config)#exit

                          TL-SG2216#copy running-config startup-config
                          Start to save user config…...

                          Saving user config OK!

                          TL-SG2216#

                          I was looking at the web interface too after entering the commands, refreshing the page in the browser showed all the steps just like I would have done them there. Very nice.

                          I think this switch suits my needs so I'm definitely considering purchasing a second one.
                          Further investigations I need to do are related to multicasting, I have high hopes there related to multimedia content, because I see there's quite a lot configuration possibilities.

                          Another very positive aspect of TL-SG2216 is that it runs really cool. At living room temperature you can hardly notice any heating on the top/surface with your hand.

                          Edit: my switch shipped with the very first firmware version, v1.0_20120528. The first thing I did was to upgrade to versions v1_130925 and v1_131031. Reason was that config file of the first version is not compatible with further versions (as stated on the manufacturer's website and read in a review too), + a good couple of new features are present in the updates.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Thanks for the write up.  :)
                            The VLAN config looks almost identical to that of most other small managed switches (in my very limited experience). All except Cisco perhaps.  ::)

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • M Offline
                              mikeisfly
                              last edited by

                              Looks pretty good to me. Has most of the features that you would want and the back plane is fast enough to support all the ports transmitting a full bandwidth. Has support of VLAN tagging and LAG as well as rapid spanning tree. I think you will be good. The only thing I didn't see which is a shop stopper is radius support. If I could offer some suggestions.

                              When you connect to switches together via a tagged port (Cisco call it trunk port, but more proper to call it a tagged port) you should not put untagged traffic on the same port. If you have untagged traffic on a tagged port then make sure that both switches have the same pvid on both sides otherwise you will have traffic from one vlan getting onto another.

                              P.S.

                              Modern Cisco switches will automatically cross over the connection just make sure  you have the command: mdix auto under the interface

                              1 Reply Last reply Reply Quote 0
                              • R Offline
                                robi
                                last edited by

                                I agree that my view may be distorted, as my (not so wide) experience on VLANs was almost exclusively based on Cisco Catalyst series. That's still what they teach nowdays on CCNA training… And, to be honest, Cisco's implementation is indeed very confortable and easy to maintain.

                                What I'm missing from this TP-Link VLAN implementation, is something like Cisco's VTP (VLAN Trunking Protocol), where you can set master/slave relationship between switches, and if you add a VLAN to the master switches, it will automatically created on the slaves too. This makes it easy and fast to maintain if you have dozens of switches connected to each other, plus minimizes mistakes.

                                I can of course live without VTP in my lab, but I think it's trivial to have it in a corporate environment.

                                1 Reply Last reply Reply Quote 0
                                • R Offline
                                  robi
                                  last edited by

                                  @mikeisfly:

                                  When you connect to switches together via a tagged port (Cisco call it trunk port, but more proper to call it a tagged port) you should not put untagged traffic on the same port. If you have untagged traffic on a tagged port then make sure that both switches have the same pvid on both sides otherwise you will have traffic from one vlan getting onto another.

                                  I didn't find a way to avoid that. As I wrote, it seems you can't have a port with tagged-only traffic, a PVID must be set. That means you'd have to sacrifice a (dummy) VLAN number to catch the untagged traffic. Not a big problem as you can have up to 512 VLANs simultaneously (on the Smart series).

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    They can't use VTP since that's a proprietary Cisco protocol. Wikipedia suggests the standards based equivalent is GVRP or MVRP. Neither appear to be supported.  :(

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • C Offline
                                      charliem
                                      last edited by

                                      @stephenw10:

                                      They can't use VTP since that's a proprietary Cisco protocol. Wikipedia suggests the standards based equivalent is GVRP or MVRP. Neither appear to be supported.  :(

                                      Steve

                                      Then next model up, ie, full layer 2 managed switch like TL-3216, do appear to support GVRP.  Haven't read deep enough to see what else you get with those over their 'smart switch' line.  Seems like the TL-SG2216 is pretty capable.

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        mikeisfly
                                        last edited by

                                        Just my experience with GVRP and MVRP, they don't compare to VTP. With that being said VTP can get you in big trouble so it might be a good thing not to have it. Sounds a little crazy that you can't have a port without a pvid but a way to get around that would be not to assign that vlan to that port. On most every switch except Cisco there are a couple of things that you need to know about vlans.

                                        1. When you add a vlan to a port it can be tagged or untagged.
                                            a. Tagged is like a trunk port in cisco using the command switchport trunk allowed vlan x only the vlans specified by x will be on the trunk
                                            b. untagged is like a access port in cisco
                                        2. You then need to assign a pvid to a port which tells the switch what vlan to put the traffic on when untagged traffic enter that port. The similar command in Cisco would be switchport trunk native vlan x

                                        Hope this helps :)

                                        1 Reply Last reply Reply Quote 0
                                        • R Offline
                                          razzfazz
                                          last edited by

                                          @robi:

                                          I didn't find a way to avoid that. As I wrote, it seems you can't have a port with tagged-only traffic, a PVID must be set. That means you'd have to sacrifice a (dummy) VLAN number to catch the untagged traffic. Not a big problem as you can have up to 512 VLANs simultaneously (on the Smart series).

                                          Can't you just set the PVID to 4095 (the "discard" VLAN)?

                                          1 Reply Last reply Reply Quote 0
                                          • R Offline
                                            robi
                                            last edited by

                                            No because the PVID appears as a dropdown box in the GUI, and it contains only the defined VLANs. Could work in CLI though, but I guess that may cause unpredictable results when looking at the GUI…

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.