Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TP-LINK Smart Switches anyone?

    Scheduled Pinned Locked Moved Hardware
    239 Posts 54 Posters 170.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robi
      last edited by

      There's a new firmware available for TL-SG2216. Updating the device automatically restores it to factory default so a double-check is needed that a config backup has been done before the operation. Don't know how the other models behave, but I guess it's similar.

      Unfortunately it also returns to the 192.168.0.1 IP address without gateway set, so if you have to do it remotely make sure you have a telnet-capable machine somewhere connected close, . A good idea would be to keep the default '1' vlan as it is just for management later (keep it as untagged 'native' vlan on the 'trunk' ports between the switches and pfSense), and when it returns to factory defaults, you only need to telnet in, set a default gateway by CLI and you can access the web interface from other networks if that's the case, to restore the config.
      But I think copying the entire contents of the config file to clipboard and pasting it to the telnet window would do the same.

      If 'trunking' vlans to pfSense, as I said above I suggest to keep vlan 1 untagged on that port. In pfSense assign the IP address 192.168.0.254 to the physical port which connects to the switch. This way, you can always telnet in your switch wihout any routing from an SSH window on pfSense.

      1 Reply Last reply Reply Quote 0
      • R
        robi
        last edited by

        It's worth upgrading, as I see the firmware contains lots of new multicast and IPv6 features (like MLD snooping).

        1 Reply Last reply Reply Quote 0
        • C
          cwesterfield
          last edited by

          http://www.tp-link.com/en/products/details/?categoryid=2878&model=TL-SG108E

          New owner of a TL-SG108E here.

          The device has no way to configure other than windows program.

          The device is currently operating in the following fashion:

          Port 1 is plugged into a Staff router (Asa 5505) - Vlan 1
          Port 2 is plugged into a Public use router (WRT54gV2) - Vlan 50 - PVID 50
          Port 8 is plugged into a Ubiquiti AP - PVID 1 - Public Wifi sent through VLAN 50, Staff through VLAN 1

          I've attached an image.

          If you want to know why this abomination was necessary, read this: http://goo.gl/WTv0ah

          Hopefully this helps with some of the questions presented here.

          VLAN.PNG
          VLAN.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Well at least that's an answer to the earlier question, there is no web interface on the cheapest model. Disappointing.

            Steve

            1 Reply Last reply Reply Quote 0
            • R
              robi
              last edited by

              You don't have to buy the cheapest one, really. Price difference is very minimal - pfSense's average user base should really avoid the cheapest models because they are not intended as target market for them.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                That's certainly true for many but not everyone. One thing that makes pfSense, and its community, different from other projects is the very widely varying user base. Some are using it to replace $10K commercial routers and others with hardware gathered from scrap. The latter group are often asking about the cheapest way to add interfaces and using VLANs can be that especially as VLAN capable switches become ever cheaper.
                Netgear seem to be threatening to put a webgui on their GS105e so that may remain the cheapest and easiest way to add VLANs.

                Steve

                1 Reply Last reply Reply Quote 0
                • C
                  cwesterfield
                  last edited by

                  @robi:

                  You don't have to buy the cheapest one, really. Price difference is very minimal - pfSense's average user base should really avoid the cheapest models because they are not intended as target market for them.

                  As a smart man once said, "Nobody puts Baby in a corner."  :)

                  $30 for vlan support could come in handy for a number of situations. In my case, it is just a stop gap. I wont feel bad about it going unused later on because it was so cheap.

                  1 Reply Last reply Reply Quote 0
                  • R
                    robi
                    last edited by

                    I agree, but in that case, it's unfair to be disappointed that there's no CLI or webif available for it.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      That's true. Doesn't stop me hoping to be pleasantly surprised though.  ;)

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • T
                        thetallkid
                        last edited by

                        I bought a TL-SG2424 and finally got several vlan's setup and working using the web gui only. Robi's posts helped me figure out what I was doing wrong.

                        To help others I am posting the steps which worked for me.

                        Setup vlan/s on pfsense. There are many tutorials on how to accomplish this task, so I will not cover that.

                        Plug cable from pfsense into port #1

                        Login using the default

                        1.  VLAN –> 802.1Q --> Create  a new vlan

                        2.  Enter VLAN ID number and description.
                                      Select the ports which will be members of the vlan. Include port #1
                                      Click on Apply to create the vlan

                        3.  In the top of the web page, click on Port Config
                                      Select port #1. Change "Link Type" to General
                                    Click on Apply

                        4.  In the VLAN table, select your newly created vlan, click on Edit
                                      Change Egress type of port #1 to TAG
                                      Click on Apply

                        5.  Save Config

                        Now, connecting an ethernet cable to any of the ports assigned to that vlan will provide an ip address for that VLAN

                        To create a second VLAN repeat steps 1, 2 & 4

                        Traffic for VLAN 2 will now flow to the designated ports for that VLAN.

                        After creating my first VLAN, I went to System --> System Info --> System IP
                        Changed the Management VLAN and IP address to match. Doing this allows me to manage the switch from my LAN.

                        1 Reply Last reply Reply Quote 0
                        • R
                          robi
                          last edited by

                          I enabled yesterday SNMP on the 2216 switch, and got very nice graphs for each interface in my munin-monitoring system.

                          On the switch, all I had to do is enabled SNMP in the web interface, on the "SNMP Community" tab added a new read-only community with the name "public" and that's all.

                          On the system running munin, it was as simple as running```
                          munin-node-configure --shell --snmp switch_name | sh

                          
                          Added to /etc/munin/munin.conf an entry like this:```
                          [switch_name]
                              address 127.0.0.1
                              use_node_name no
                          ```and restarted the munin-node service.
                          
                          Getting great graphs with traffic and errors for each interface, netstat and switch uptime. Each measured parameter has detailed description and current port speed specified. This all works with Munin version 2.0.19-2 out of the box, and the default standard SNMP MIBs from the system (Ubuntu 12.04). From TP-Link's website extra MIBs can be downloaded for the switch which allow for polling even more details from the device, but I didn't try those out yet.

                          1 Reply Last reply Reply Quote 0
                          • R
                            robi
                            last edited by

                            Another yummy feature I just noticed is that if you add descriptions to the interfaces on the switch, they will appear as graph titles in Munin.

                            1 Reply Last reply Reply Quote 0
                            • F
                              finnest
                              last edited by

                              @robi:

                              I agree, but in that case, it's unfair to be disappointed that there's no CLI or webif available for it.

                              You can use the config software with any JRE enabled system (Pure Java). See info at http://pastebin.com/DwB4uaPR

                              These switches don't have any internal CPU to execute a server (like CLI, Web, etc.) or execute monitoring tasks (like STP), just the plain switch silicon. The software only set/get register from the internal switch silicon… like home routers do with the internal hardware switch (with tools like swconfig, http://wiki.openwrt.org/doc/techref/swconfig=). No more, no less!  ;)

                              1 Reply Last reply Reply Quote 0
                              • S
                                stefan.ponik
                                last edited by

                                Hi,

                                We use in the company I work in about 10 Smart switches TL-SG2424  and even non manage 48 port for over a year and haven't had any issues regards performance and stability.
                                They are cheep and cheer-full.

                                VLANs are fine and working with pfSense for us no problem.

                                1 Reply Last reply Reply Quote 0
                                • A
                                  a1bert
                                  last edited by

                                  dumb tp-link switches are:

                                  | | idle | load |
                                  | TL-SL2218WEB | 6 W | 8 W |
                                  | TL-SG1024 | 8 W | 8 W |
                                  | TL-SG1016D green | 6 W | 8 W |

                                  source: http://diit.cz/clanek/spotreba-porovnani-zaver

                                  TL-SG1016DE is max 12.55W (220V/50Hz) (source: tech. spec)

                                  but what is the TL-SG2216 power consumption, can you measure it?

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    Escorpiom
                                    last edited by

                                    +1 for robi, you have pretty much saved my life with that excellent explanation about vlan setup on the TP Link.
                                    Mine's a TL-SL2428 and I couldn't figure out how to setup the trunk port.
                                    Even the manual didn't help.
                                    With your guide I was up running in minutes after hours of fiddling.

                                    Also, as you stated, I have left the default vlan as empty as possible.
                                    I've changed the switch management vlan so it will be less vulnerable.

                                    Cheers.

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      robi
                                      last edited by

                                      Cheers!  ;)

                                      But keep in mind that if you do later a firmware upgrade, it's going to return to factory defaults, with all ports and management in VLAN1 and factory IP address. To save from headaches if you want to upgrade remotely, I suggested to keep the default IP address range on VLAN1, and leave VLAN1 as default on the trunks, and also leave the management in VLAN1. That way, if you need to upgrade from remote location, after it reboots with factory defaults, all you have to do is telnet in, set the new IP address and gateway, and bang! you're able to restore the config without having to move from your seat.

                                      1 Reply Last reply Reply Quote 0
                                      • DerelictD
                                        Derelict LAYER 8 Netgate
                                        last edited by

                                        @robi:

                                        Cheers!  ;)

                                        But keep in mind that if you do later a firmware upgrade, it's going to return to factory defaults

                                        Quality gear.

                                        Chattanooga, Tennessee, USA
                                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          robi
                                          last edited by

                                          Life is always full of compromises. For that price, a 32GBps switch with SFP ports and all gigabit copper ports, it's worth the compromise.

                                          I wouldn't say they are of bad quality - got a pair of TL-SG2216s running for almost 4 months now without any single issue. And I must say, software bugs are present in much more expensive gear too - just remember the openssl heartbleed vulnerability… Many like Juniper or Cisco simply took it for free and incorporated it as it way in gear worthing 10s of 1000s of dollars...

                                          1 Reply Last reply Reply Quote 0
                                          • DerelictD
                                            Derelict LAYER 8 Netgate
                                            last edited by

                                            I wouldn't call resetting to factory defaults on every firmware upgrade a bug.

                                            Chattanooga, Tennessee, USA
                                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.