TP-LINK TL-SG108E VLAN configuration issue
-
@mcury
Ok,
I've set the port (port 2) for TL-SG108E to TL-AX6600 to PVID 1 VAN1 untagged
I've connected back-haul (second port) from TL-AX6600 to TL-SG108E to port 3 VLAN untagged.I've set the static IP address on TL-AX6000 to 10.28.28.3
Ping Results
PING 10.28.28.3 (10.28.28.3): 56 data bytes--- 10.28.28.3 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossNada.
A couple of thoughts / questions (could one or all of these things be wrong) :
- The AX600 has a VLAN option. Vlan ID and Vlan priority. Should I set these to VLAN ID 1 and Priority 0 ? As of now, I've left it unset
- The TL-AX6600 is still in "router mode," Should it be changed to AP mode?
Here are the options:
-
Yes, put the TL-AX6600 in bridge mode, and connect the cable coming from the TL-SG108E in a LAN port, do not use the WAN port.
First problem I see is you used the VLAN28 address range for MGMT...
You need at least two networks.Management network is the network in which you will access the TL-SG108E GUI page to configure it, so, this is only used for management, nothing else, this will be VLAN1.
The second network is going to be the users in the WIFI, which as I understood, will be VLAN28.
TL-SG108E port that connects to pfsense:
Currently settings:
PVID 1
Untagged VLAN1
Now, add VLAN28 as TAGGED for that port.TL-SG108E port that connects to TL-AX6600, we will change things here, as I just noticed that this device is not VLAN capable.
PVID 28
Untagged VLAN28After that, users in the WIFI will be able to browse the Internet, but only if DHCP is enabled in pfsense and Firewall rules are allowing.
NAT will be created automatically.Edit:
In pfsense, you need to change the Igb2 address from 10.28.28.1 / 24 to 10.1.1.1 / 24 (assuming that 10.1.1.0/24 is the network you chose for management).
Then, set the IP in pfsense for VLAN28 to 10.28.28.1 / 24In the TL-SG108E, change the IP address to 10.1.1.2 / 24.
Doing this, you will have both networks I mentioned.
-
@mcury
I am a little confused. is this a different person?You said, "We are not creating a VLAN yet ok?" *
So, I deleted VLAN28 and started fresh, see below.let's review where I am
Pfsense current
-
WAN (igb0) to fiber -WORKING GREAT
-
LAN (igb1) to TL-SG1024DE ("10.27.27.1/ 22"wired network) -
WORKING GREAT. -
OPT1 (named VLAN1) interface set to igb2 (10.28.28.1/24) (no DHCP server)
no VLAN port yet established (see your comment above*)
Iot Network I am trying to create
TL-SG108E (Port 1) connected to OP1 (igb2) (Static IP 10.28.28.2)
DHCP Disabled
VLAN1 PVID 1 untagged - ping workingTL-SG108E (port 2) connected to TL-AX6600 LAN port
VLAN 1 PIVID 1 - untaggedTL-AX6600 - Static IP 10.28.28.3 (LAN port to SG108E (port 2)
DHCP enabled, currently in router mode. When I moved the cable from WAN port to LAN port, per your instructions, it started working to broadcast but I still can't ping it at 10.28.28.3 from pfsense, but I see traffic going . -
-
@mitch-rapp I didn't ask you to create a VLAN1, I asked you to edit interface Igb2 and add an IP address there, this is considered VLAN1, or native VLAN, its pretty hard to explain these things to a person that is starting... :(
Man, lets start over then.
Delete that VLAN1.
Do this:
TL-SG108E port that connects to pfsense:
PVID 1
Untagged VLAN1
VLAN28 as TAGGED for that port.TL-SG108E port that connects to TL-AX6600,
PVID 28
Untagged VLAN28pfsense: Go to interfaces, Igb2, and put a static IP of: 10.1.1.1 / 24.
Then, create VLAN28 and add the IP of 10.28.28.1 / 24, tick enable to enable the interface.
Create a firewall rule allowing all in Firewall > Rules > VLAN28
Check if DHCP is enabled in that interface, if its not, enable it.Check if internet is working in the WIFI.
Don't forget to put the TL-AX6600 in AP mode, and connect the cable coming from the TL-SG108E in a LAN port, do not use the WAN port.
-
@mcury
Brother, I am so sorry. I haven't grasped all of the concepts yet, obviously. you have the patient of Job.This is what I've just done.
-
TL-SG108E port 1 to pfsense -PVID1 untagged VLAN1
ADDED VLAN28 as tagged to port 1. -
TL-SG108E port 2 to AX66000 PVID 2 untagged VLAN28.
-
Created OPT1 (igb2), enabled, Static IP 10.1.1.1 /24
-
Created VLAN28 (igb2 OPT1 as parent interface) Tagged 28
under "interface assignments," VLANs" tab.
5.Created VLAN28 interface, "VLAN 28 on igb2 - opt 1 (VLAN28)"
enabled, set IP to 10.28.28.2 /24,-
Created firewall rule for VLAN28 allowing protocol "any" for VLAN28.
-
VLAN28 - DHCP enabled, range 10.28.28.10 to 10.28.28.254.
My TL-SG108E is set to 10.28.28.2 * AX6600 is set to 10.28.28.3. -
TL-AX6600 is on the LAN port to TL-SG108E (port 2)
Is any of that correct? :-)
No wifi now. It has a signal but no internet connectivity. Should I reset the AX6600 to "bridge mode" or use the VLAN feature on it?
-
-
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
TL-SG108E port 1 to pfsense -PVID1 untagged VLAN1
ADDED VLAN28 as tagged to port 1.Ok, perfect.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
TL-SG108E port 2 to AX66000 PVID 2 untagged VLAN28.
You mean PVID 28, right?
Should be PVID28 and untagged VLAN28@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Created OPT1 (igb2), enabled, Static IP 10.1.1.1 /24
Ok, perfect.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Created VLAN28 (igb2 OPT1 as parent interface) Tagged 28
under "interface assignments," VLANs" tab.Ok, perfect.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
.Created VLAN28 interface, "VLAN 28 on igb2 - opt 1 (VLAN28)"
enabled, set IP to 10.28.28.2 /24,Ok, perfect
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Created firewall rule for VLAN28 allowing protocol "any" for VLAN28.
Ok, can you show that firewall rule? It should be Protocol any, Source: VLAN28 net, to destination any
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
VLAN28 - DHCP enabled, range 10.28.28.10 to 10.28.28.254.
My TL-SG108E is set to 10.28.28.2 * AX6600 is set to 10.28.28.3VLAN28 - DHCP enabled range 10.28.28.10 to 10.28.28.254 - Ok, perfect
TL-SG108E should have an IP address of 10..1.1.2.
TL-AX6600 should have an IP address of 10.28.28.X where X is from 2 to 9, you can choose.@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
TL-AX6600 is on the LAN port to TL-SG108E (port 2)
Ok, perfect.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
No wifi now. It has a signal but no internet connectivity. Should I reset the AX6600 to "bridge mode" or use the VLAN feature on it?
Can you connect a phone to that wifi network and confirm if its getting an IP from the 10.28.28.0/24 network?
-
@mcury said in TP-LINK TL-SG108E VLAN configuration issue:
Ok, can you show that firewall rule? It should be Protocol any, Source: VLAN28 net, to destination any
Ok, check this firewall rule for VLAN28 before I proceed.
action = Pass
Address family = Ipv4
Interface = VLAN28
Protocol = Any
Source = VLAN28.net
Destination = any -
@mitch-rapp It seems correct, did you have to write VLAN28.net or did you select it from the drop down menu when creating the firewall rule?
You can post a screenshot of that rule -
@mcury I selected it from the drop-down menu
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
@mcury I selected it from the drop-down menu
So, its correct..
Can you connect a device to that wifi network, and confirm if its getting an IP address from the DHCP ? It should get an IP from pfsense DHCP, check that then we proceed. -
@mcury
Ok, I can ping the switch at 10.1.1.2
Can't ping the Deco at 10.28.28.3 -
Those pings you mentioned, you are pinging from pfsense, right?
Go to pfsense Status > DHCP Leases, and check if the deco 10.28.28.3 shows there, it should have a MAC address, if it shows incomplete its because there is a problem.
This Deco, does it have a gateway configured? Check if it shows with the MAC address in pfsense, Diagnostics > ARP tableEdit: In addition to what has been said above, make sure TL-AX6600 is configured to AP mode with the DHCP is disabled...
-
Ah! I was pinging from CMD on LAN (igb1).
Let me check ping from pfsense.
And check for DHCP lease. -
@mcury
On the Deco gateway, yes, I set the gateway to 10.28.28.1
IP to 10.28.28.3
255.255.255.0
DNS servers? I used 1.1.1.1 & 8.8.8.8 -
@mitch-rapp Thats right..
Did you connect a device to the wifi network as suggested above? Internet should be working now...
If its not working, please confirm if the device you connected to the wifi network got an IP address from the 10.28 network.. -
@mcury No Deco!
-
@mitch-rapp Deco is connected to TL-SG108E, but in a different port than the port we configured, right?!
I asked you to test the WIFI connectivity from TL_AX6600... Did you test that?
Please, test it... -
@mcury
No internet connection.
Also, the IP address cannot be set in Deco AP mode,
So I’m trying the VLAN setting on Deco.
Vlan ID = 28
VLAN priority. = ? -
The wifi network where Alexa is connected to, is that working?
DHCP, is it disabled in the TL-AX6600?
Is TL-AX6600 configured in AP mode?