TP-LINK Smart Switches anyone?

jahonix

@Derelict:

What VLAN is the switch supposed to place an untagged packet on if the switch port is configured with multiple untagged VLANs?

The one with the PVID, of course. The other is used for "listening" only.

In the setup I'm referring to both VLANs on a port are untagged. One has PVID, the other doesn't (of course). Yes, untagged.  ;-)
If I have some spare time someday I'll sketch it up to show you.
It's a really fascinating setup with the switch in L3 mode, overlapping subnets and all kind of unusual things.
The system is engineered this way and working rock-solid! We are distributing IP-TV channels through a larger venue with 120Mb/stream and a max. latency of 30ms @1080p50.
Because the setup is so unusual (and most users cannot figure out how to setup the switch correctly) JustAddPower offers a program to configure the switches for you.
Here's a screenshot of a rather simple (one switch) configuration taken from their tutorial video.
Look at the VLAN subnets as compared to the transmitter's subnets…


jahonix

For clarification of usage and to be back on VLAN tagging again:

Transmitter1 has VLAN10 and VLAN11(PVID) on its port. A receiver port for stream1 has VLAN10(PVID) and VLAN11.
Exchange VLAN11 with VLAN12 for the second stream, VLAN13 for the third, etc.
To switch a receiver's stream from TX1 to TX2 all I have to do is remove VLAN11 from this receiver's port and add VLAN12 instead.

Derelict

Sounds like some sort of asymmetric VLAN scheme, with the second VLAN not really used as a VLAN but to group ports instead.

jahonix

It's not asymmetric at all, more like a ring.
Dig deeper!  :P  Hint: switch is in L3 mode and doing quite some routing.

robi

@kk003:

I did not get the email notice of the answer, sorry to write back so late.
Thanks Robi, the thing is I'll use the same pcs on these two networks.
I can't go and plug or unplug them.

Any coment?
Thanks.

Rule of thumb: one network connection always belongs to one single Layer II network. In that case, the correct setup would probably be to enable VLANs on the network interfaces of the PCs (Intel network cards support VLANs in Windows aswell), this way, although you only have one cable plugged from the PC to the switch, you'll have two virtual network adapters, each belonging to its own network. On the switch you'll have to set these ports to send both VLANs tagged.

Or, if you don't want to mess with this, you'll have to plug a second network card in each PC, and connect them with new cables to the new network.

Having multiple IP address pools on the same Layer II network might work, but 100% you'll run into troubles later. It's against the standard. Don't do this, especially if public internet is involved, because if your ISP will detect this, they will shut your services off immediately. What you do in your private LANs is your responsibility…

willyy

Apologies for reviving the discussion, but did we come to a conclusion as to whether the easy switches are able to support VLAN trunking?

marcf

The TP Easy Smart switches do support trunking (if by trunking you mean tagging multiple vlans on a single port to carry those networks to another managed switch).

I'm running two of this in a production environment and there is a trunk line between them to carry the VLANs. Have not had a single problem.

I'm purchasing a Netgear ProSafe smart switch to try out - it has a built in webUI instead of relying solely on a windows utility for configuration like the TP-LINK. For the price point though I've been happy with TP-LINK.

jahonix

@marcf:

…built in webUI instead of relying solely on a windows utility for configuration like the TP-LINK

A utility program, really? Never used them myself.
I find the TP-Link TL-SG3210 quite reasonably priced. They have a WebGUI and a CLI on Telnet/ssh/serial.
But it's probably already overkill for some.

Edit:
There are "Smart Switches" as well like the TL-SG2008 with WebUI and CLI (the TL-SG108E is an "Easy Smart Switch").
FWIW

willyy

@marcf:

The TP Easy Smart switches do support trunking (if by trunking you mean tagging multiple vlans on a single port to carry those networks to another managed switch).

I'm running two of this in a production environment and there is a trunk line between them to carry the VLANs. Have not had a single problem.

I'm purchasing a Netgear ProSafe smart switch to try out - it has a built in webUI instead of relying solely on a windows utility for configuration like the TP-LINK. For the price point though I've been happy with TP-LINK.

Thanks Marc, actually purchased a couple and am using them in production as well. Price point was excellent at about £20 a switch so I don't mind the lack of WebUI either, that netgear does look interesting though.. I do like a serial port!

robi

Chek out: http://www.tp-link.com/en/products/biz-cat-35.html

• Managed Switches - these have web ui, cli via serial console cable, telnet and ssh
• Smart Switches - these have web ui and cli via telnet and ssh
• Easy Smart Switches - these are managed by external utility running on PC

I mainain networks containing "Managed" and "Smart" series of TP-Link switches. The cli syntax is very similar to cisco IOS, but there are little differences. Web UI is best for the "Managed" series, and it's a bit reduced in functionality in the "Smart" series.
I don't have any personal experience with the "Easy Smart" series at all.

I'm very satisfied with them, and I recommend them at any new places I have to deploy networks because they are indeed hassle-free and very well priced.

marcf

Hi robi,

Thanks for the clarification. Yes, I was speaking specifically toward the EasySmart switches from TP-LINK requiring software which runs only on windows based PCs at the moment.  In the same location I've also setup a TP-LINK SG3216 which had a CLI (with very familiar commands).

I've been happy with the TP-Link Products. Just picked up a NetGear ProSAFE GS105E - the webUI is much more handy but the price difference is significant (compared to TP-Link EasySmart 5-port - same functionality without webUI).

aleatorvb

Since this thread is easily found by google I just wanted to add the the "windows java management application" is actually just a java app that can be used in linux too.

To run in ubuntu (for example) you need to:

• copy the exe from a windows install to linux
• rename exe to .java
• install java 8 at minimum:

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

• enable forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

• use iptables to route  udp packets to correct interface

iptables -t nat -A PREROUTING -p udp -d 255.255.255.255 --dport 29809 -j DNAT --to [your ip address]:29809

Tested last night and confirmed to be working

More details here : http://sadevil.org/blog/2015/08/30/managing-tp-link-easy-smart-switches-from-linux/ (i've put the short version here in case that page dissapears)

Qinn

Just bought a TL-SG108E and I am somewhat lost with 802.1Q and 802.1Q PVID Setting and could use some help.

In pfsense I have 2 NIC's WAN(EM0) and LAN(Em1). I've created a 2 VLAN's on EM1, VLAN101 and VLAN102.  In pfsense I have created the following rules:

WAN on default rule

LAN on default rule (so can go everywhere)

VLAN101 can not go to VLAN102 and VLAN101 can go everywhere but the LAN.

VLAN102 can not go to VLAN 101 and VLAN101 can go everywhere but the LAN.

So basically the VLAN101 and VLAN102 can only go to the WAN eg Internet.

Now I have to configure the smart switch  and I am lost between tagged, untagged and the 801.1Q PVID setting :-[

http://nl.tp-link.com/res/down/doc/TL-SG108E_V2_UG.pdf

Can someone point me in the right direction on how to setup the switch?

wbond

@Qinn:

Just bought a TL-SG108E and I am somewhat lost with 802.1Q and 802.1Q PVID Setting and could use some help.
eone point me in the right direction on how to setup the switch?

I don't have the same switch, but it's a TP-Link so the settings should be similar.  The screen shot shows the vlan settings on my tl-sg2008 switch.  In my case switch port 1 is wired to the pfsense port for lan/opt1/opt2 which are setup in pfSense as vlans 10, 20, & 30.

The switch ports 2,3, & 4 carry the to/from the rest of the network segments.  The PVID setting tags the incoming packets to the switch with the vlan tags so that they're tagged when they hit pfSense and it can sort them out.

Switch port 1 is a member of all 3 vlans, while 2, 3, & 4 are only members of their respective vlans.  Ports 5-8 are for internal traffic only, so can be ignored in this context.

It seems in your case that you don't have LAN on a vlan and then have two vlans.  I think you can make this work if you don't tag those LAN packets with a vlan id when they enter the switch, so the settings would be slightly different than what I'm using.  As I recall I had it setup this way originally, but then moved LAN to its own vlan so that I wasn't moving both tagged and untagged packets to/from pfSense.

Hope this helps,
Bill


robi

@aleatorvb:

Since this thread is easily found by google I just wanted to add the the "windows java management application" is actually just a java app that can be used in linux too.

Thanks! Nice find!
8) 8) 8) 8)

Qinn

@wbond:

@Qinn:

Just bought a TL-SG108E and I am somewhat lost with 802.1Q and 802.1Q PVID Setting and could use some help.
eone point me in the right direction on how to setup the switch?

I don't have the same switch, but it's a TP-Link so the settings should be similar.  The screen shot shows the vlan settings on my tl-sg2008 switch.  In my case switch port 1 is wired to the pfsense port for lan/opt1/opt2 which are setup in pfSense as vlans 10, 20, & 30.

The switch ports 2,3, & 4 carry the to/from the rest of the network segments.  The PVID setting tags the incoming packets to the switch with the vlan tags so that they're tagged when they hit pfSense and it can sort them out.

Switch port 1 is a member of all 3 vlans, while 2, 3, & 4 are only members of their respective vlans.  Ports 5-8 are for internal traffic only, so can be ignored in this context.

It seems in your case that you don't have LAN on a vlan and then have two vlans.  I think you can make this work if you don't tag those LAN packets with a vlan id when they enter the switch, so the settings would be slightly different than what I'm using.  As I recall I had it setup this way originally, but then moved LAN to its own vlan so that I wasn't moving both tagged and untagged packets to/from pfSense.

Hope this helps,
Bill

Thanks for you time. I tried to set it up (from the console) as you described. So VLAN101 (em1), VLAN102(em1) and VLAN 105(em1) where VLAN101 was connected to port 1, but no IP's were given. The switch was configured as in the screenshots below.


jahonix

You don't want VLAN1 on ports 1-8 untagged at all and
you need VLAN 101 untagged on port2, VLAN102 untagged on port3 and vlan105 untagged on port4.
You probably want VLAN101 (your LAN) untagged on ports 5-8 as well.

Basically, what you're doing is this:
-use EM1 as trunk port (think carrier) that transports the VLANs to your switch. The switch has one port that receives all VLANs TAGGED (port 1 in your case).
-access each VLAN on one port of the switch that has this and only this VLAN UNtagged.

Qinn

@jahonix:

You don't want VLAN1 on ports 1-8 untagged at all and
you need VLAN 101 untagged on port2, VLAN102 untagged on port3 and vlan105 untagged on port4.
You probably want VLAN101 (your LAN) untagged on ports 5-8 as well.

Basically, what you're doing is this:
-use EM1 as trunk port (think carrier) that transports the VLANs to your switch. The switch has one port that receives all VLANs TAGGED (port 1 in your case).
-access each VLAN on one port of the switch that has this and only this VLAN UNtagged.

With the tl-link sg108e you cannot remove the untagged 1-8 setting it's grayed out. I have returned this one to the store.

whosmatt

@aleatorvb:

Since this thread is easily found by google I just wanted to add the the "windows java management application" is actually just a java app that can be used in linux too.

To run in ubuntu (for example) you need to:

• copy the exe from a windows install to linux
• rename exe to .java
• install java 8 at minimum:

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

• enable forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

• use iptables to route  udp packets to correct interface

iptables -t nat -A PREROUTING -p udp -d 255.255.255.255 --dport 29809 -j DNAT --to [your ip address]:29809

Tested last night and confirmed to be working

More details here : http://sadevil.org/blog/2015/08/30/managing-tp-link-easy-smart-switches-from-linux/ (i've put the short version here in case that page dissapears)

This is awesome. Thanks!

Qinn

Maybe a stupid Q to ask in a thread that has the name TP-LINK. But has someone a good advise for a reasonable priced switch say 8 ports that has all the "proper settings" so not something stupid like the greyed out VLAN 1 untagged setting on all ports. (Btw the way I had a lot of badpackets with the sg108e)