VLAN configuration example 1 – TL-SG108E

The TL-SG108E comes with a resource CD, which contains a utility (the Easy Smart Configuration Utility) that you will need to install in order to configure the switch (there is no web-based interface available for this switch). Unfortunately, the utility only runs under Windows (it does not seem to work with Linux even with the WINE emulator), so a Windows computer running XP Service Pack 3 or later is required. For the rest of the configuration, you will need to have this computer connected to the switch via an Ethernet cable.

When you run the TP-LINK Easy Smart Configuration Utility for the first time, the utility will display a table called discovered switches, which will show any switches the utility was able to find. This will include any switches to which the computer is connected, as well as any switches that were uplinked to those switches. If you click on the entry for the switch you want to configure, you will be prompted for the login credentials of the switch. We enter the admin username and password and click on the Login button.

If the configuration utility found the switch, it is physically connected to the current subnet. The utility will not let you log in, however, unless the switch's IP address matches the current subnet. You can change the IP address of the switch by clicking on the gear icon in the IP Setting column. This will launch a dialog box where you can change the IP address and subnet mask. You can also change the default gateway here, although it is not necessary.

Once you are logged in to the switch, the configuration screen will have several tabs. The user interface defaults to the System tab, which displays the MAC address, IP address, and current firmware version of the switch. There are also options on the sidebar to change the IP address, password, backup and restore the switch, reboot and reset the switch, and upgrade the firmware. Clicking on the Switching tab, initially displays a table showing the status of each of the switch's eight ports. We first need to configure a trunk for the switch, so we click on LAG on the left sidebar menu.

The LAG option was called Port Trunk in earlier versions of the software.

On the LAG page, we can configure up to two trunks, each having a minimum of two ports and a maximum of four ports. Mirroring and mirrored ports cannot be added to a trunk group. We only need one trunk, so we select Trunk1 in the Trunk ID drop-down box. Then, we click on ports 1 and 2 in the graphic below the drop-down box (you can select whichever ports you want for the trunk, as long as they don't conflict with any other port assignments) and then click on the Apply button. A confirmation dialog will appear, and we click on the Yes button in this dialog box. Trunk configuration is now complete.

Now we can begin VLAN configuration, while being mindful of the fact that two of the eight ports have already been allocated for the trunk. We click on the VLAN tab at the top of the page. The three VLAN options offered on the sidebar menu are MTU VLAN, Port Based VLAN, and 802.1Q VLAN.  Since 802.1Q is the official IEEE standard for tagging VLAN traffic and is supported by pfSense, we will utilize this method and we click on the 802.1Q VLAN option on the sidebar menu.

MTU VLAN is an option that allows us to have a single uplink port instead of having trunk ports, giving us an additional access port to which we can connect nodes. It is suitable if you want each port to be on its own VLAN.  Port Based VLAN is a VLAN configuration option in which Ethernet frames entering and leaving the port are not tagged. The VLAN to which a port is assigned in the switch configuration is what determines which VLAN to which the traffic should be sent. 

The 802.1Q configuration page has two sections: Global Config, where the only option is to enable or disable 802.1Q VLANs, and the 802.1Q VLAN Setting section, where we can enter information about our VLANs. Since we want to enable 802.1Q VLANs, we select Enable from the drop-down box and click on the Apply button, once again pressing the Yes button in the confirmation dialog box.

In the 802.1Q VLAN Setting section, we enter several parameters. They are:

  • VLAN (1-4094): This should match the VLAN ID(s) of the VLANs you created during the pfSense portion of the configuration.
  • VLAN Name: These can be any arbitrary names, but administration will be easier if the names match the names assigned to the VLANs in pfSense.
  • Tagged Ports: These ports are the ports on which outbound traffic will have 802.1Q tags attached. Therefore, they should match the trunk ports assigned during the previous step. We select 1 and 2 as the tagged ports for both VLAN2 and VLAN3.
  • Untagged Ports: These are the ports on which outbound traffic will have any 802.1Q tags removed. They should match the inbound ports for the VLANs. We are going to allocate three ports for each of our two VLANs, so we set ports 3 to 5 as the untagged ports for VLAN 2 (the DEVELOPERS VLAN), and we set ports 6 to 8 as the untagged ports for VLAN 3 (the ENGINEERING VLAN).

We enter VLAN ID, VLAN Name, Tagged Ports, and Untagged Ports for each of the VLANs, pressing the Apply button after the information for each VLAN is entered and clicking on Yes in the confirmation dialog box.

The next step is to click on 802.1Q PVID Setting on the left sidebar, which sets the port VLAN ID (PVID) of the port. This ensures that when the switch receives a packet without a VLAN tag, it adds a VLAN tag for the VLAN matching the PVID before sending the packet to the trunk ports. On the TL-SG108E, setting the PVID is necessary for 802.1Q tagging to work, and setting the PVID also determines the broadcast domain for a port – broadcast packets received by a port will be sent to all ports with a matching PVID.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset