Question How to separate two networks sharing a single cable?

[LevAnni]

Hi folks,



As shown here, I have an IPTV receiver and a NAS in the same room sharing only a single cable. I'm unable to connect the NAS device directly to my home router.



I'm experiencing loops or other problems if I somehow don't separate traffic individually for IPTV and Home network devices.



So can you please help me how to configure my two smart switches to separate two networks having same subnet in one single cable? IPTV traffic and NAS/Laptops traffic should be isolated from each other.



I have no access to ISP router. I can set home network to be different subnet if it's important. I have configured home router to not reach ISP router for DHCP requests. If I just set both switches in default mode (no VLANs) everything is still working but for some time, then because of the TTL errors I have to unplug the cable going from the home router to the switch to let devices access the internet again.

Any advice?

 

[kanewolf]

Hi folks,



As shown here, I have an IPTV receiver and a NAS in the same room sharing only a single cable. I'm unable to connect the NAS device directly to my home router.



I'm experiencing loops or other problems if I somehow don't separate traffic individually for IPTV and Home network devices.



So can you please help me how to configure my two smart switches to separate two networks having same subnet in one single cable? IPTV traffic and NAS/Laptops traffic should be isolated from each other.



I have no access to ISP router. I can set home network to be different subnet if it's important. I have configured home router to not reach ISP router for DHCP requests. If I just set both switches in default mode (no VLANs) everything is still working but for some time, then because of the TTL errors I have to unplug the cable going from the home router to the switch to let devices access the internet again.

Any advice?

VLAN2 should have a different IP subnet.

 

[Ralston18]

Possible network loop via Room 1?

 

[kanewolf]

Possible network loop via Room 1?

I am surprised the IPTV works with the ISP device set to bridge mode. Many times, setting bridging disables features like this.

 

[LevAnni]

VLAN2 should have a different IP subnet.

Then what's the point of separation of networks? But I also like to know the configuration of the switch. How to set up a link between switch A and switch B to move traffic between VLAN1 pairs and VLAN2 pairs?

 

[kanewolf]

Then what's the point of separation of networks? But I also like to know the configuration of the switch. How to set up a link between switch A and switch B to move traffic between VLAN1 pairs and VLAN2 pairs?

The ports that connect the two switches are configured as trunks. The device ports on the switches are mapped to a specific VLAN.

 

[bill001g]

Setting up the switches require you to understand the concept of packet tagging. Port that go to end devices you assign to a particular vlan. All the traffic that goes in and out of port like this would belong to that vlan but the end device have no knowledge of this. So if you were to hook a dumb switch to a port and assign it to vlan 1 all the devices hooked to the dumb switch would also be vlan 1.

In you case you want multiple vlans assigned to the same port between the switches. To keep the data straight the switch on one end inserts a few bytes of data with the vlan number...ie the tag. The switch on the far end removes this tag data and send the packet to the proper port in the remote vlan. This is greatly over simplified to avoid confusion with details.

On most consumer switches you just add the vlans to port going between the switch as tagged.

As others have mentioned I am not sure what you mean by bridge. There has to be 1 device that talks to the ISP.....unless you have some business plan where you get multiple IP addresses. If there is a third router above this then it might work.

If this was the more standard configuration where you plugged the asus into the ISP router you will have a IP conflict. It is not related to the vlan side since you have isolated that with the switches and proper cabling. The problem is you are going to get a IP address on the wan port of the asus router that is the same as the subnet it uses for the LAN. The router will complain about this. Some more commercial routers allow strange configs like this but it is just simpler to use a different subnet on the lan on the asus.

 

[LevAnni]

Thanks for replies

In the switch VLAN config I can configure specific ports to be part of VLAN id, but then it also requires other ports to be part of some VLAN. In this case, for example I want port 1 to be an uplonk to another switch, and port 2 and 3 iptv and lan traffic, how to do this? because if I set port 1 to be an uplink then it drops my VLAN config and vise versa.

 

[kanewolf]

Thanks for replies

In the switch VLAN config I can configure specific ports to be part of VLAN id, but then it also requires other ports to be part of some VLAN. In this case, for example I want port 1 to be an uplonk to another switch, and port 2 and 3 iptv and lan traffic, how to do this? because if I set port 1 to be an uplink then it drops my VLAN config and vise versa.

Have you read the configuration example in the user's guide -- https://static.tp-link.com/upload/manual/2023/202305/20230531/1910013259_Easy Smart Switch_UG.pdf Section 5.1
In that switch you just add multiple VLANS to the uplink port to create a trunk.

 

[LevAnni]

Have you read the configuration example in the user's guide -- https://static.tp-link.com/upload/manual/2023/202305/20230531/1910013259_Easy Smart Switch_UG.pdf Section 5.1
In that switch you just add multiple VLANS to the uplink port to create a trunk.

sadly that link isn't working.
So anyway, one of the ports should be configured as an uplink in order this to work, right?

 

[bill001g]

Just a comment to avoid some silly gotchas you find.

I would use vlan 10 and vlan 20. Now these are just numbers but vlan 1 tends to be a special one on many switches.

There are some complex concepts related to spanning tree and the need for a vlan to exist on every port that is untagged....including the truck ports. Tplink still has a very insecure implementation to try to support a dumb home consumer.
They allow access to the management IP on the switch from all vlans.

 

[kanewolf]

sadly that link isn't working.
So anyway, one of the ports should be configured as an uplink in order this to work, right?

OK, so google the "TL-SG105E" as I did and find the support tab, then download the user's manual. I guess they don't allow direct linking.

 

[LevAnni]

OK, so google the "TL-SG105E" as I did and find the support tab, then download the user's manual. I guess they don't allow direct linking.

Seems like my switch does not have ability make a truck in tagged VLANS :/

But I found another option which is MTU VLAN. It makes any port as trunk and also creates separate VLANs for each port. So VLAN1 on switch A can communicate to VLAN on switch B through this trunk port. Bad is that doc says no port can communicate with each other, but this is what I want. Have to try.

"MTU VLAN (Multi-Tenant Unit VLAN) defines an uplink port which will build up several VLANs with each of the other ports. Each VLAN contains two ports, the uplink port and one of the other ports in the switch, so the uplink port can communicate with any other port but other ports cannot communicate with each other."

 

[bill001g]

I really hate consumer switches they try to make things easy but they make things more confusing.

I have no idea what MTU lan is or how you make it work.

So the way I have done it many times before on tplink is on page 50 of the manual.

Lets take a simple example. We are going to connect 2 switches and configure them exactly the same. Ports 1-8 you want on vlan 10 and ports 9-15 you want on vlan 20. You connect the switch together with a cable on port 16.

What you do is type in "10" on the top and then click the boxes for port 1-8 as untagged. Then click port 16 and mark it as tagged. Leave all the other ports in not a member.

Save this and now key in "20" in the vlan id.

This time mark ports 9-15 untagged. Click port 16 as a tagged port. Again leave the other ports not a member.

This "should?" be all you need to do. Anything you plug in to the first group of ports on either switch will talk but not be able to talk to the devices on the second group of ports.

 

[LevAnni]

I really hate consumer switches they try to make things easy but they make things more confusing.



I have no idea what MTU lan is or how you make it work.



So the way I have done it many times before on tplink is on page 50 of the manual.



Lets take a simple example. We are going to connect 2 switches and configure them exactly the same. Ports 1-8 you want on vlan 10 and ports 9-15 you want on vlan 20. You connect the switch together with a cable on port 16.



What you do is type in "10" on the top and then click the boxes for port 1-8 as untagged. Then click port 16 and mark it as tagged. Leave all the other ports in not a member.



Save this and now key in "20" in the vlan id.



This time mark ports 9-15 untagged. Click port 16 as a tagged port. Again leave the other ports not a member.



This "should?" be all you need to do. Anything you plug in to the first group of ports on either switch will talk but not be able to talk to the devices on the second group of ports.

I've been playing with that until recently found this MTU mode, which is by the way working so far, no drops for about 2 hours.



In TL-SG105E, you can't have a port without membership to VLAN. So I made this for each switch:



Port 1,4,5 - Tagged VLAN1

Port 2 - Untagged VLAN2

Port 3 - Untagged VLAN3



Hooked them up by port 1 (could be 4 or 5 obviously)



Connected IPTV to port 2 and home network to port 3



This gave me nothing. Then I have also tried PVID, setting IDs like 1,2,3 accordingly for ports 1,2 and 3

no results. Maybe I missed something

 

[bill001g]

You need to add vlan 2 and vlan 3 to ports 1,4,5 tagged.
Now maybe that is what the MTU stuff does that it automatically adds all vlans tagged to those ports.

Be very careful. Even if you get it to work you need to confirm that it actually isolates the 2 vlans. Back a few years ago when I tried hooking tplink to commercial cisco switches I found they had vlan 1 on every port untagged. The only way vlan support worked was if your end devices supported tagged. It basically defeated the whole purpose of vlans.

They got stomped on reddit forums and their forums. There idiot customer service rep seem more worried that a end consumer might lose configuration access. You will still find those old switches with the same names as the new ones since they could not update the firmware.

 

[LevAnni]

You need to add vlan 2 and vlan 3 to ports 1,4,5 tagged.
Now maybe that is what the MTU stuff does that it automatically adds all vlans tagged to those ports.

Be very careful. Even if you get it to work you need to confirm that it actually isolates the 2 vlans. Back a few years ago when I tried hooking tplink to commercial cisco switches I found they had vlan 1 on every port untagged. The only way vlan support worked was if your end devices supported tagged. It basically defeated the whole purpose of vlans.

They got stomped on reddit forums and their forums. There idiot customer service rep seem more worried that a end consumer might lose configuration access. You will still find those old switches with the same names as the new ones since they could not update the firmware.

wait, so you are saying all 5 ports will be tagged, which one to consider as a trunk port?

 

[bill001g]

You have to be very careful how you think about this.

The vlans themselves do not actually have tags.

It is ports that have/use tags.

A end device does not support tags so end device can only be on a single vlan. Ports going to end devices need to know which vlan that end device is on but this assignment does not add tag.

Ports going between switches can have multiple vlans. To keep things separate the switch will insert a tag into the data.
This is what is sometimes called a trunk port. The tags only exist while the data goes over these ports the switch will remove the tags when it forwards the packet to the end user ports.

 

[LevAnni]

You have to be very careful how you think about this.

The vlans themselves do not actually have tags.

It is ports that have/use tags.

A end device does not support tags so end device can only be on a single vlan. Ports going to end devices need to know which vlan that end device is on but this assignment does not add tag.

Ports going between switches can have multiple vlans. To keep things separate the switch will insert a tag into the data.
This is what is sometimes called a trunk port. The tags only exist while the data goes over these ports the switch will remove the tags when it forwards the packet to the end user ports.

Thanks a lot!

I'm too lazy to mess up things again. Looks like it's working great in MTU mode. But I'm really curious to test your suggestion in the GNS3, I remember playing with it years ago having emulated switches and routers - cool thing.