Let’s start by looking at the router config. After this is verified, we can check the switch.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Looks okay at first glance. Let’s look at the switch configuration. Please show the vlan assignments for the ports in question - specifically the trunk port(s) and the access ports - be sure to tell us what each port are connected to what. And don’t forget to show the pvid assignments, too.
currently, VLAN 2 is only present on port 8, so it doesn't have a connection to the router. Make port 4 (the router uplink port) a member of VLAN 2 -- tagged. That should fix the problem.
Still, remove it from vlan1 otherwise vlan1 traffic can still be sent to port 8 as it is a member if vlan1
PVID sets the ingress id for untagged traffic - does not effect egress, nor does it effect tagged ingress packets
Try setting more than one untagged vlan on your openwrt router - it won't allow it - the fact that TP-Link allows it doesn't make it correct
and ... having a single port on a vlan makes no sense either - you've made a dead end for vlan 2
I have a similar setup albeit with a 16 port switch - here's the dumbed down version (I actually have 5 vlans, and trunking happening, but that's irrelevant to your setup - I think)
This is incorrect. I have a variety of switches from tp-link and netgear which both allow a port to be a member of multiple networks as untagged and then have a pvid control. The pvid setting controls both ingress and egress. You can think of it as selecting the one network to be active out of a ‘menu’ of several that are available to be chosen.
This is not unique to tp-link and is true on the consumer series as well as the enterprise oriented switches.
That was why I said that vlan 2 needs to be added to port 4 (tagged)
So, why have you not done what you know you need to do?
As far as the other stuff goes - I'll just disagree with your assertions about multiple untagged vlans on the one port - try it on openwrt ... try it on cisco ... it makes no sense to do it
I agree that it is not allowed on openwrt, and Cisco has a different method, too. But I can tell you with certainty that it is valid and functions properly to use the pvid as I have described on netgear and tp-link devices. There are differences in implementation of the settings between the various brands. All that matters is that the end result is 802.1q compliant.
Also, I don’t disagree with you that it is preferable to only have a single untagged network specified, but I can confirm that there is no harm to having multiple, as long as the pvid is set correctly.
The singular benefit to this is that it makes for a physically neat appearance. But there is literally no value add from a network perspective. In fact, it can be considered a negative - you are consuming 2 extra switch ports and using an extra cable for your wan. You’re not really leveraging any value with the vlan capabilities of your router and switch.
Awesome. I figured that would be the only issue! Glad it works now.
There isn't much to gain from the rest of the thread after the suggestion that fixed the issue, but feel free to read it and ask questions if anything is not clear.
Meanwhile, please also mark the most helpful response as the solution.
