TP-LINK Smart Switches anyone?
-
I bought a TL-SG2424 and finally got several vlan's setup and working using the web gui only. Robi's posts helped me figure out what I was doing wrong.
To help others I am posting the steps which worked for me.
Setup vlan/s on pfsense. There are many tutorials on how to accomplish this task, so I will not cover that.
Plug cable from pfsense into port #1
Login using the default
1. VLAN –> 802.1Q --> Create a new vlan
2. Enter VLAN ID number and description.
Select the ports which will be members of the vlan. Include port #1
Click on Apply to create the vlan3. In the top of the web page, click on Port Config
Select port #1. Change "Link Type" to General
Click on Apply4. In the VLAN table, select your newly created vlan, click on Edit
Change Egress type of port #1 to TAG
Click on Apply5. Save Config
Now, connecting an ethernet cable to any of the ports assigned to that vlan will provide an ip address for that VLAN
To create a second VLAN repeat steps 1, 2 & 4
Traffic for VLAN 2 will now flow to the designated ports for that VLAN.
After creating my first VLAN, I went to System --> System Info --> System IP
Changed the Management VLAN and IP address to match. Doing this allows me to manage the switch from my LAN. -
I enabled yesterday SNMP on the 2216 switch, and got very nice graphs for each interface in my munin-monitoring system.
On the switch, all I had to do is enabled SNMP in the web interface, on the "SNMP Community" tab added a new read-only community with the name "public" and that's all.
On the system running munin, it was as simple as running```
munin-node-configure --shell --snmp switch_name | shAdded to /etc/munin/munin.conf an entry like this:``` [switch_name] address 127.0.0.1 use_node_name no ```and restarted the munin-node service. Getting great graphs with traffic and errors for each interface, netstat and switch uptime. Each measured parameter has detailed description and current port speed specified. This all works with Munin version 2.0.19-2 out of the box, and the default standard SNMP MIBs from the system (Ubuntu 12.04). From TP-Link's website extra MIBs can be downloaded for the switch which allow for polling even more details from the device, but I didn't try those out yet. -
Another yummy feature I just noticed is that if you add descriptions to the interfaces on the switch, they will appear as graph titles in Munin.
-
I agree, but in that case, it's unfair to be disappointed that there's no CLI or webif available for it.
You can use the config software with any JRE enabled system (Pure Java). See info at http://pastebin.com/DwB4uaPR
These switches don't have any internal CPU to execute a server (like CLI, Web, etc.) or execute monitoring tasks (like STP), just the plain switch silicon. The software only set/get register from the internal switch silicon… like home routers do with the internal hardware switch (with tools like swconfig, http://wiki.openwrt.org/doc/techref/swconfig=). No more, no less! ;)
-
Hi,
We use in the company I work in about 10 Smart switches TL-SG2424 and even non manage 48 port for over a year and haven't had any issues regards performance and stability.
They are cheep and cheer-full.VLANs are fine and working with pfSense for us no problem.
-
dumb tp-link switches are:
| | idle | load |
| TL-SL2218WEB | 6 W | 8 W |
| TL-SG1024 | 8 W | 8 W |
| TL-SG1016D green | 6 W | 8 W |source: http://diit.cz/clanek/spotreba-porovnani-zaver
TL-SG1016DE is max 12.55W (220V/50Hz) (source: tech. spec)
but what is the TL-SG2216 power consumption, can you measure it?
-
+1 for robi, you have pretty much saved my life with that excellent explanation about vlan setup on the TP Link.
Mine's a TL-SL2428 and I couldn't figure out how to setup the trunk port.
Even the manual didn't help.
With your guide I was up running in minutes after hours of fiddling.Also, as you stated, I have left the default vlan as empty as possible.
I've changed the switch management vlan so it will be less vulnerable.Cheers.
-
Cheers! ;)
But keep in mind that if you do later a firmware upgrade, it's going to return to factory defaults, with all ports and management in VLAN1 and factory IP address. To save from headaches if you want to upgrade remotely, I suggested to keep the default IP address range on VLAN1, and leave VLAN1 as default on the trunks, and also leave the management in VLAN1. That way, if you need to upgrade from remote location, after it reboots with factory defaults, all you have to do is telnet in, set the new IP address and gateway, and bang! you're able to restore the config without having to move from your seat.
-
Cheers! ;)
But keep in mind that if you do later a firmware upgrade, it's going to return to factory defaults
Quality gear.
-
Life is always full of compromises. For that price, a 32GBps switch with SFP ports and all gigabit copper ports, it's worth the compromise.
I wouldn't say they are of bad quality - got a pair of TL-SG2216s running for almost 4 months now without any single issue. And I must say, software bugs are present in much more expensive gear too - just remember the openssl heartbleed vulnerability… Many like Juniper or Cisco simply took it for free and incorporated it as it way in gear worthing 10s of 1000s of dollars...
-
I wouldn't call resetting to factory defaults on every firmware upgrade a bug.
-
A feature then? ;)
Steve
-
Thanks for the insights, much appreciated.
I was wondering, what is the behavior of the TP Link switch with both tagged and untagged traffic?Lets say, we create two vlans 10 and 20.
Select vlan 10 and configure port 5 untagged and 16 tagged so it behavious as a trunk.
On the same port, traffic arrives tagged with vlan 20.
What will happen?- packet is dropped because it is tagged and port is set for untagged
- packet is accepted but the tag is stripped and it gets the vlan 10 tag
- packet is accepted and will be forwarded to the port with vlan 20 tag
In essence, is it possible to configure the port for both tagged and untagged packets by selecting the vlan?
Related to this is the second question.
Let's say that apart from the pfsense box on port 16, I would like a file server on port 15.
Logically the clients have to have access to both Internet and file server.
Is it correct that we can configure "two trunk ports" by tagging port 16 and 15 for the corresponding vlan?Cheers.
-
In both cases the frame should be dropped because the port is not configured to service VLAN 20, tagged or untagged.
There are typically three different configurations for a switchport with regard to VLANs:
1 untagged, or access port - traffic arriving on the port is placed on the configured VLAN. Traffic for the VLAN is sent out the port with the tag stripped (untagged). If the switch does anything with received tagged traffic it should drop it. Else it should strip the tag and place it on the access VLAN.
2. tagged, or trunk port - traffic arriving on the port should be tagged with a configured VLAN else dropped. It's possible to configure a port to accept traffic for any VLAN. Traffic for a configured VLAN on the port is sent out with the VLAN tag intact (tagged). Traffic received for an unconfigured VLAN should be dropped.
3. hybrid, or general, or dual-mode port. Behaves like a tagged/trunk port except a Primary VLAN (PVID) is configured. Untagged traffic received by the port is placed on the primary VLAN. Tagged traffic for configured tagged VLANs is processed like a trunk port. Traffic for configured VLANs is sent out the port with the VLAN ID intact (tagged) except for traffic on the Primary VLAN. The switch strips the VLAN tag for the PVID before transmitting and sends it untagged.
In my limited experience, you will be happier in the long run as your network grows if you stick with method 1 or 2, and should only resort to method 3 if absolutely necessary.
-
Thanks for the explanation.
The PVID stands for Primary Vlan ID or Port Vlan ID?
It appears TP-Link has their own definitions.Cheers.
-
Thanks for the explanation.
The PVID stands for Primary Vlan ID or Port Vlan ID?Primary VLAN ID.
It appears TP-Link has their own definitions.
Cheers.
Why am I not surprised.
-
Sorry but I should rectify something.
Elsewhere on this board I posted about my experience with TP-Link switches and the Gb port changing to 100Mbit sometimes.
It appears now that the switch is not at fault, but the Ubuntu drivers for my server's Marvell nic.A few weeks ago there was a kernel update for Ubuntu 14.04.1 and since then the connection to the switch has been stable at Gb speeds.
I hate it when a product gets a bad rap due to issues that are unrelated. So here's the correction.Cheers.
-
TP-Link Smart switches got a firmware update recently, v1.0.4 Build 20140811 Rel.50404(s). Changes:
1. Improved stability of the system;
2. Optimized management of Memory usage."Updating from v1.0.3 to v1.0.4 didn't require a settings restore anymore. Tested on two TL-SG2216 boxes.
-
TL-SL2428 has no updated firmware. December 2013 is the last release.
Perhaps a newer version will be released later.I was wondering, does this switch support IPv6?
As it is a level 2 switch, it should be of no importance to the switch.
But what about the switch IP address itself? I couldn't find anything in the manual and data sheet.Cheers.
-
I agree, but in that case, it's unfair to be disappointed that there's no CLI or webif available for it.
You can use the config software with any JRE enabled system (Pure Java). See info at http://pastebin.com/DwB4uaPR
Hi,
I have checked your howto, It works, but …
On linux, the utility doesn't discover any switch.
I've done some network captures and strace and I found out why.
On linux, to receive broadcast udp packet, the application must bind INADDR_ANY, the TP utility bind the nic IP addr.
To allow discovery works, you must use a nat rule :
iptables -t nat -D PREROUTING -p udp -d 255.255.255.255 --dport 29809 -j DNAT --to <@IP your host>:29809
It would be nice if you add this information in your howto ...
