Use the SFP+ port on the switch for WAN access.
Use the SFP+ port on the switch for WAN access.
It's an older discussion, but since my question remains similar, I thought we should keep it together. I now have a new TP-Link Omada setup with an OC200 controller, an ER605 router and a TL-SG2210P switch. I'm really trying to remove my ISP network box. People from this area have had success, but I'm having trouble. So far, I've connected two network cables from my STBs into the switch, and both TVs are working as expected—seems like the STB only needs an internet connection. However, I can't get my internet to function just by inserting the SFP into the switch and switching the uplink cable from the switch to the router. Right now, I still have the SFP in my ISP box, with a cable going from this box to my ER605 router's WAN port. Looking at my controller settings, I see an option to assign a VLAN to that WAN port. See this diagram. Should I configure a VLAN (say VLAN 40) for this WAN port? I've plugged the SFP into the switch (port 9), created a new VLAN (VLAN 40), set the right profile—I think I made a mistake earlier because I locked myself out of my network after putting half my devices on a disconnected port. Then I enabled that profile on port 9 of the switch (SFP port). I also changed the LAN1 profile on the switch to VLAN 40, and connected the WAN port of the router to LAN1. If both the router's WAN and the SFP port are in their own VLANs, should this work? Should I connect a cable from the router's LAN port to the switch's LAN2? Will the switch recognize this as the uplink cable it currently sees when the cable goes from WAN to LAN1? Do I need to keep LAN2 on the switch in a different VLAN than LAN1? If I set the VLAN on the SFP, should I connect LAN2 to LAN2 on the switch? Make sure the switch knows what the uplink cable is doing. Should I also create another VLAN for all other traffic? Would that mean I need two VLANs—one for the ISP uplink and another for everything else? Do you think this approach is correct?
You're looking to route traffic through your switch and then to the router, allowing data to move from SFP to copper connections. Yes, assign a unique VLAN for this path and maintain the existing configuration on the router's port for the LAN. The router's WAN interface would receive only the public IP address without additional details.
So something along the lines of what i put together in my first post? Wan port router-> vlan40 Sfp port on switch-> vlan40 Lan1 on switch->vlan40 Connect fiber to spf port on switch (vlan40) Connect wan to lan1 (now both on vlan40) Connect lan(router) to lan2(switch) (both ports on no vlan/default vlan)
For the router WAN and switch LAN1 link, you can choose how to configure it. You might assign LAN1 as VLAN40 without any tagging (essentially an access connection), meaning the router won’t need to handle VLANs at all—packets between router and switch stay untagged. Alternatively, you can configure both ports as tagged trunks for VLAN40, allowing the switch to manage VLAN separation while keeping the router unaware of the VLAN details. Since your goal is to maintain VLAN isolation on the switch only, I recommend keeping LAN1 untagged/access.
I tried to simplify everything for you. You’re looking at setting up your network without knowing much about it, so let’s break it down step by step. The goal is to move your internet connection onto a VLAN40, which is a specific network setup. You’ll need to decide what interface you use—whether it’s the WAN port or another port—and assign that VLAN. The switch will help manage the traffic and routing. For cabling, you want LAN1 to connect to the router via VLAN40, and LAN2 should link back to the switch. It’s a bit like organizing toys into groups, so everything flows smoothly. If you need more details on exact settings, just let me know!
On the router, nothing needs to be done—it seems like a regular Ethernet connection is arriving. On the switch, I’m not in a position right now, particularly since I lack experience with Omada. I could assist later, maybe late at night while working.
I patiently wait, no problem. I tried using a local forum and noone else will help me. I'm very eager to tryout various scenarios on my own but im afraid of locking myself out of the network.