0

I've recently purchased some TP-Link managed switches (two TL-SG1016DE and one TL-SG105E).

I purchased the two first and set it up using 802.1Q VLANs to segregate my DMZ and my LAN, using tagged/trunked ports to connect the switches.

I then had a need to add a couple more ports at a location with only one wire, so I purchased the second switch. My intention was to use ports 1-3 for the DMZ, port 4 for the LAN, and port 5 for the trunk to one of the other switches.

I tried to do what I did on the other switch and set port 5 to be a trunk, but there wasn't an option for port 5. I then tried port 1, and it said "you should add at least two ports." Which got my thinking: huh?

My understanding was that when the switch labeled a port a "trunk" it would honor the 802.1Q tags on ingress on that port; otherwise, it wouldn't. That does not seem to be the case. This leads me to an uncomfortable thought:

If any device tags a packet with 802.1Q, it will be routed to the appropriate VLAN.

I explicitly don't want that. I want certain ports, on ingress, to always be tagged with certain VLANs and want only those specific ports to egress traffic with the same tags, and I want only specific ports to have the ability to specify by tagging what VLAN they're on.

Am I understanding this correctly that the switch will allow anything? Or is there something I'm missing?

Improve this question

1 Answer 1

Reset to default
1

There are two different uses of the word 'trunk' on Ethernet switches, varying between vendors. Most devices use Trunk to mean a port carrying 802.1q tagged frames, but some other devices -- notably HP switches, and it looks like these TP-links -- use Trunk to refer to bundles of multiple physical ports into a single logical port for bandwidth aggregation -- 802.3ad / LACP / Ether-channel, in the lingo of the first camp.

On this switch, just ignore the section talking about trunks, and just worry about your inter-switch/uplink ports being tagged members of multiple VLANs, and the rest being untagged members of a single VLAN. Tagged frames ingressing an untagged ports should be discarded, and tagged frames ingressing a tagged port for a VLAN that port isn't a member of, should also be discarded.

Improve this answer
1
  • Interestingly, the bigger switch has a separate control for "trunk" and "LACP" but the smaller switch (with an older firmware) seems to have referred to them differently. Their documentation actually says the same things but they behave differently. I may have to experiment with this to be sure.
    – iAdjunct
    Commented Mar 11, 2016 at 3:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .