TP-LINK TL-SG108E VLAN configuration issue
-
@mcury
I don't think you can disable NAT in this particular Deco model. :-(Would there by any advantage to changing it from the way it is now? I don't think I will need Port forwarding on any of my wireless devices.
I am still curious what the VLAN feature is on the Deco, in Router mode only. You can set a VLAN ID and a priority (0-7) . Is that even useful to me?
One question I do have is about QoS for my Wifi network. It has always confused me. Would that be set at the SG108E, the Main Deco (10.28.28.2) , or in Pfsense.
And, depending on the answer, if at the switch, would the Main deco be given the priority, and if at the Main Deco, would the switch be given the priority? or, perhaps something different?
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
I don't think you can disable NAT in this particular Deco model. :-(
Would there by any advantage to changing it from the way it is now? I don't think I will need Port forwarding on any of my wireless devices.I wouldn't change, I would use all Decos in AP mode as they are now.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
I am still curious what the VLAN feature is on the Deco, in Router mode only. You can set a VLAN ID and a priority (0-7) . Is that even useful to me?
That VLAN feature, based on what I observed in the documentation, seems to be only for IPTV, and not VLAN like you saw in the TL-SG108E.
Some WIFI devices like Unifi, you can create up to 8 WIFI networks and assign a different VLAN to each one of them.. This is not the case here.@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
One question I do have is about QoS for my Wifi network. It has always confused me. Would that be set at the SG108E, the Main Deco (10.28.28.2) , or in Pfsense.
I wouldn't set that at all, in any place... The QoS is for very specific situations.
-
@mcury
Ok, forget that then.
Questions:- Can I allow my Wi-Fi device network to communicate with my LAN network without compromising security? If so, how do I do it?
example: "Alexa, turn on the home theatre."
Alexa - Wi-Fi (10.28.28.X) Home theatre - LAN (10.27.27.X)- I would like to add a server to my home network.
How should I go about doing that?
VLAN from LAN on TL-SG1024DE ?
I already have a mini pc intel quad core, with windows 10 pro, for this purpose.
-
@mitch-rapp VLAN28 is going to the TL-SG108E, you can pass additional VLANs to that switch, no problem there.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Can I allow my Wi-Fi device network to communicate with my LAN network without compromising security? If so, how do I do it?
Yes you can, but I'm not experienced with Alexa... I would suggest you to put everything that Alexa needs to control in the same network, this would make things easier for Alexa to detect devices by mDNS, DLNA or whatever Alexa uses for that..
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
I would like to add a server to my home network.
You can add as many servers as you need, you have the option to create another VLAN for them, but this could lead to a throughput problem.
Note that all the routing between VLANs will go through the pfsense, and traffic in the same VLAN goes through the Switch.
So, if you have a Plex server for instance, which is for video streaming, you can put this server in the same network as the TV, this wouldn't need to go to the pfsense (1Gbps port), and come back to the other VLAN, you see? -
@mcury
I think I do. Let me see.
So, in your example, the server would use a pfsense interface, then through switch, to server, which might cause a throughput speed issue. Therefore, you are saying to add a server, such as a plex, on my LAN network, am I correct?Or, are you saying that any VLAN, no matter how its connected (router interface port or switch), would have to pass through pfsense, then switch to server.
I do want to add a Synology NAS, with Plex, so I will add it as you describe above, directly into my LAN network.
Assuming I have understood your explanation, how then would I connect a server that would contain personal files, storage, and other sensitive data, and keep it secure ?
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
So, in your example, the server would use a pfsense interface, then through switch, to server, which might cause a throughput speed issue. Therefore, you are saying to add a server, such as a plex, on my LAN network, am I correct?
All intervlan connectivity will have to go to pfsense, this happens because pfsense is the default gateway of the networks.
So, If one user in VLAN28 wants to send a file to a server in VLAN27, this file will go to the gateway, and the gateway will send this packet to VLAN27.Now imagine that during this file transfer, three other users in VLAN28 wants to download a file from the Internet ok?
What is going to happen is that depending on the file transfer speed, and your Internet speed, your 1Gbps Pfsense interface connected to the switch TL-SG108E wouldn't be enough and things would slow down..
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Or, are you saying that any VLAN, no matter how its connected (router interface port or switch), would have to pass through pfsense, then switch to server.
All connections in the same VLAN, wouldn't go to pfsense, it passes directly through the switch.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
I do want to add a Synology NAS, with Plex, so I will add it as you describe above, directly into my LAN network.
I would add this server in the same VLAN as the clients that will access this server are, thus using only the switch to make this connection.
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Assuming I have understood your explanation, how then would I connect a server that would contain personal files, storage, and other sensitive data, and keep it secure ?
From the Internet perspective, there is a default deny rule in your Firewall that will block all packets coming to it. So, your server will only be reachable from the Internet if you create a portforward to it. Only outbound connections are allowed by default.
From the users inside your network perspective, you can put the server in another VLAN/or network, but this may or may not cause the problem mentioned above, with the 1Gbps link.
Or, you can use the Synology NAS internal Firewall, to allow users to access specific services in the NAS.Also, there is another option that is authentication, for an example:
I have here a samba server, it works very similar to a Active Directory.
I created groups and these groups can access specific folders, services and etc..
Public folders are available to all domain users. -
Ah! I think I understand now. :-)
One other question, on pfsense, my WAN_DHCP(default) Gateway is working fine, however, the WAN_DHCP6 Gateway still says "pending."
Therefor none of my Ipv6 devices are getting an Ipc6 address.I'm pretty sure I must have something set incorrectly. any ideas?
-
Is the ISP modem in bridge mode? If so, pfsense should be receiving a public IP address in the WAN.
-
@mcury
There is no ISP modem. It's just a straight fiber run to the house, fiber to Ethernet converter, then ethernet straight to router.Ivp4 is fine.
-
-
@mcury
Yes.
However, under status, gateways, DHCP_6 is "pending." -
@mitch-rapp My ipv6 knowledge is weak unfortunately, so I'm not the best guy to explain you how it works or how you should configure it.
I know that my provider is using DHCP and not SLAAC, and that they only give me a /64, which means that I can use IPv6 in only one network..
You would have to try different settings there, or call your provider to see how it should be configured. Or maybe someone else here in the forum could assist you in that..
-
@mcury
Ok, Thank you! I just asked my ISP to have an IT guy call me. So, we'll see what happens.You're a Formula one guy, I see! :-)
Which team?
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
You're a Formula one guy, I see! :-)
Which team?That is a picture of Ayrton Senna, not me ehhe :)
He is a hero here in Brazil, but he is no longer between us, he died in 94.. -
@mcury
Oh yes, I know exactly who it is. Before they stopped the F1 races in Indianapolis, I used to go every year. I saw Felipe Massa drive numerous times, and Rubens Barrichello.Also, have you seen the movie, Senna (2010) ?
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Oh yes, I know exactly who it is. Before they stopped the F1 races in Indianapolis, I used to go every year. I saw Felipe Massa drive numerous times, and Rubens Barrichello.
I used to watch his races with my father, so its a family thing, very good memories...
Felipe Massa and Rubens Barrichello were good drivers, but in my opinion, Senna and Schumacher were the best in the history..@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Also, have you seen the movie, Senna (2010) ?
Sure :)
Edit: look at this... https://www.ayrtonsenna.com.br/en/sem-freios-so-com-uma-marcha-sem-pit-stop-as-vitorias-lendarias-de-senna/
That race using only one gear, he got so tired, that he almost couldn't lift the trophy.. -
@mcury
Agreed, Senna & Schumacher! I don't care much for Hamilton. I'm a Ferrari guy.
Same here. I used to go to the race every year with my father-in-law. Very good memories. Have you been to the Brazilian Grand Prix?That movie is fantastic! I saw it at the theater.
-
@mitch-rapp said in TP-LINK TL-SG108E VLAN configuration issue:
Have you been to the Brazilian Grand Prix?
Unfortunately I didn't, always watched the races through the TV...
It was a crazy thing those times, people used to speak about his races for at least one week...
People would gather in front of a small TV just to watch him.
