Fri Jan 21, 2022 11:10 pm
For the TPLINK.
(1) Trunk ports-->the default pVID of 1, stays in place do not remove.
(2) Access ports--> the default pvid of 1 is changed to the PVID of the vlan that will be tagged entering the switch heading to router and untagged as traffic leaves switch heading to dumb device.
(3) Add the IP address of the TPLINK manually and then add that address to the MT DHCP Server Lease for the vlan and Make it static, (hint right now the mac address of the tplink you will need it).
Your table is confusing.
For starters you need to decide what you want , trunk, access or hybrid ports.
Trunk ports, one or more vlans flow in and out of the port, data coming from another smart device (that can read vlans) or going to another smart device that can read vlans.
Access ports, can only have ONE vlan associated with the port and the switch tags traffic coming from the dumb device and then removes the tag on return traffic to the dumb device.
Hybrid ports are rarer as few devices are setup to receive and deal with one or more tagged vlans and one untagged vlan)
Clearly 1 is a trunk ports, Ports 3,4 look like access ports maybe? and port 5 is not used ?? and port 2 is confused and is setup like a hybrid port.
( I think the error here is is on your vlan100 setting, it should only be a member of ports 1,3 and should not be tagged for port 2)
Please verify the usage of each port. I think this is where your issues lie!!
I believe port1 is coming from the MT device.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Looking at the MT device.
Your interface list can use work
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN {remove not required not used in your config}
add name=MGMT
/interface list member
add comment=defconf interface=bridge list=LAN { remove not required covered by vlans to list=LAN }
add comment=defconf interface=ether1 list=WAN
add interface=main-vlan list=LAN
add interface=iot-vlan list=LAN
add interface=guest-vlan list=LAN
add interface=main-vlan list=MGMT
add interface=main-vlan list=VLAN { not required not used }
add interface=iot-vlan list=VLAN
add interface=guest-vlan list=VLAN
MISSING - which bridge port is GOING TO THE SWITCH ????
/interface bridge port
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether2 pvid=100
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether3 pvid=100
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=ether4 pvid=101
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
interface=ether5 pvid=100
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=wlan1 pvid=100
add bridge=bridge comment=defconf frame-types=\
admit-only-untagged-and-priority-tagged interface=wlan2 pvid=100
You have a problem with ETHER5 as exposed by bridge vlans.
NOTE ABOVE you state only allow tagged frames with an access port setting of PVID-100 doesnt compute!! (problem1),
/interface bridge vlan
add bridge=bridge comment=main-vlan tagged=bridge,ether5 untagged=\
ether2,ether3 vlan-ids=100 {if ether 5 was untagged for vlan 100 it would also be untagged on this line}
add bridge=bridge comment=iot-vlan tagged=bridge,ether5 untagged=ether4 \
vlan-ids=101
add bridge=bridge comment=guest-vlan tagged=bridge,ether5 vlan-ids=102
SO it appears you are using ether5 as a hybrid port to the switch???????
PROBLEM2
To fix this for ETHER5
bridge port
a. frame-types=only tagged keep, that is correct, (plus add ingress filtering for all bridge ports)
b. remove pvid of 100
bridge vlans (corrected)
/interface bridge vlan
add bridge=bridge comment=main-vlan tagged=bridge,ether5 untagged=\
ether2,ether3,wlan1,wlan22 vlan-ids=100
add bridge=bridge comment=iot-vlan tagged=bridge,ether5, untagged=ether4 \
vlan-ids=101
add bridge=bridge comment=guest-vlan tagged=bridge,ether5 vlan-ids=102
Summary,
Vlan100 the home vlan will going through port 5 to the switch, along with vlans 101 and 102.
Vlan100 will also go out the two WLANs on the router and well as probably to PCs on ports 2,3
Vlan102 will also go out on the router to an iot device on port 4.