How to Configure LAGG/LACP and VLANs using SFP Ports on Two TP-Link Switches
Photo by blickpixel from Pexels
I recently obtained the TP-Link T1500G-10MPS Power over Ethernet (PoE) smart switch (affiliate link) to use in my home network. A handful of devices that I currently own support Power over Ethernet. To minimize the cost, I chose the 8-port instead of the 24-port PoE switch. In the long run I probably will not need more than 8 ports, but I may eventually use all 8 ports. I also own the TP-Link T2600G-28TS switch (affiliate link) . The plan is to connect both switches together using link aggregation for increased redundancy and performance and to utilize VLANs across both switches.
SFP Ports
Both of my TP-Link switches have SFP ports which can be used to connect to other SFP devices such as other network switches. The nice thing about using these ports is that you do not have to use up any of your Ethernet connections. The SFP ports on the TP-Link switches are not shared with other Ethernet ports like it is with certain switches, which is nice because that means I will not have to sacrifice any of the Ethernet ports when using the SFP ports.
Of course there are other benefits of SFP ports such as higher than 1 Gbps bandwidth (on SFP+ ports), lower latency, and making long cable runs between switches using fiber optic cables instead of copper cables. For most home users, that is probably not a very common use case except perhaps for those who wish to run a wired connection to a detached garage or shed/workshop. If you are running a cable between two buildings, you may want to consider running a fiber optic cable instead of copper cables. You may be able to get away with running an outdoor rated copper cable between the buildings to save some money. Perhaps even putting that cable in conduit may be even better if you are planning to bury the cable. Just note that you should do some research to determine what is best for your situation and budget.
For home users, there is a thrifty option of using copper SFP cables called SFP DAC (Direct Attached Copper) cables instead of fiber optic cables. SFP DAC cables are useful for making short cabling runs since they are so cost effective. If both of your switches are in the same rack, it makes sense to use very short copper SFP cables. The network latency may be slightly slower than fiber optic cables, but I do not think it will matter a great deal in a home network. Unless you are running highly specialized applications that require extremely low latency, I do not forsee a problem using copper cabling. Most home networks are not running a small scale data center – if you are at that level you most likely beyond the scope of this website.
Since my TP-Link switches are next to each other in my server rack, I purchased two 0.5 meter SFP DAC cables from Amazon (affiliate link) . They are the shortest SFP cables I found on Amazon. I could have used 1 foot cables instead of 0.5 meter cables (1.6 feet) if they had any because they are a little bit too long since my switches are directly next to each other in the rack. When researching which cables to get, some comments said that the cables made for Ubiquiti switches will work fine with the TP-Link switches. There may be other ones that work correctly too, but I am not able to demonstrate that they work since I have not tried others. TP-Link switches do not have any special hardware requirements for SFP like some switches do so it allows generic cables to be used.
Link Aggregation (LAGG)
Multiple physical Ethernet/SFP ports can be grouped together as a single logical port. This is called link aggregation (LAGG). It is a simplistic, beneficial, and economic way to increase bandwidth and reliability between connected devices. The TP-link T1500G-10MPS has two SFP ports and the TP-Link T2600G-28TS has 4 SFP ports. I decided to use both ports on my T1500G-10MPS switch primarily to increase the bandwidth but also to provide a failover port if something bad happens (I am hoping this does not ever happen or at least not for a long time!).
Link aggregation can be set up using a static configuration or using LACP (Link Aggregation Control Protocol). Static LAGGs are the easiest to configure but is less ideal than using LACP. Cabling and hardware issues are more difficult to troubleshoot. Since LACP is a dynamic protocol, failures are easier to recognize and have less of an impact due to the redundancy provided by failover ports.
Configuring Link Aggregation using LACP
My primary switch is the TP-Link T2600G-28TS. My router and all other switches are connected to this switch. I suppose you could consider it my “aggregation switch” even though it is not technically considered a true aggregation switch. I will step through configuring the T2600G-28TS switch first and then the T1500G-10MPS. Keep in mind that my T2600G-28TS is a version 2 model so the web interface is not the latest and greatest like the T1500G-10MPS model.
Important note: You must configure the link aggregation on both switches before plugging in the cabling! The reason for this is that when two or more cables are plugged between two switches, you will create a broadcast storm (a network loop) that may take down your network. Please keep that in mind while you are configuring your switches. Fortunately I saw that important note when I was looking up the proper way to configure a LAGG using LACP.
Configuring LACP on the TP-Link T2600G-28TS
Go to the “Switching > LAG” page as shown below. There should not currently be any LAGGs displayed in the “LAG Table” section. You may change your hash algorithm if you desire. I chose “SRC IP+DST IP” after reading online about the various hash algorithms. Ultimately it probably does not make a huge difference on a home network but it is probably best to chose an algorithm that includes both the source and destination in the hash because it may theoretically distribute the network traffic more evening across your LAGG ports. I will show a screenshot later which helps demonstrate and validate that assertion.
Next click the “LACP Config” tab to set up the new LAGG. You may select both of your SFP ports at the same time to apply the same settings across both ports. I chose the admin key of 1, a system priority of 0, mode as “Active” and selected “Enabled” to enable LACP on the ports.
After clicking “Apply” you should now see the LAGG on the “LAG Table” section.
Configuring LACP on the TP-Link T1500G-10MPS
Configuring the LAGG on the TP-Link T1500G-10MPS is pretty similar to the TP-Link T2600G-28TS. The location of the items on the interface is the main difference. Go to the “L2 Features” tab, then click “LAG” from the left menu. There should be nothing in the “LAG Table” section. You may set the hash algorithm on this page as well. I do not know if it needs to be the same as the other switch, but it is not a bad idea to make it the same just in case it could cause problems.
Now go to the “LACP Config” section and configure it the same way as before. The main difference you will notice is that I set the mode to “Passive” mode on this switch. When reading online, I saw mention that many switches do not include passive mode and that it is ok to have both switches set to “Active” mode. I tried that but had issues with connectivity to the T1500G-10MPS switch for some reason. I cannot rule out some other misconfiguration, but things have been working great with the “Active-Passive” configuration. TP-Link’s own documentation shows a similar configuration so perhaps their switches work better that way. I made my main T2600G-28TS switch the active since if it goes down most if my network will be down anyway.
The “LAG Table” should show your newly created LAGG.
Configuring VLANs on the Newly Created LAGG
If you are using VLANs, it is time to configure new VLANs and/or update existing VLANs. Configuring VLANs on the LAGGs is similar to configuring VLANs on individual Ethernet ports. The LAGG is treated as a single logical interface even though it consists of two or more physical ports.
The first thing you should do is change the LAGG to be a trunk port instead of an access port on both switches. This allows VLAN traffic to flow through the port properly. You can think of needing trunks when VLAN traffic traverses between network infrastructure devices such as network switches and routers. Access ports are used for the devices connected to your network such as computers, printers, etc. Often these devices are not even VLAN aware and that is ok because the network switch is responsible for tagging the traffic that flows out of the access ports and it also strips out the VLAN tag for the incoming network traffic.
One thing to note is that with the older TP-Link firmware, you have to configure which ports are the trunks/tagged ports before creating new VLANs otherwise you will not be able to select any trunk/tagged ports. With the newer firmware, I have noticed that you can select any port you want to be a trunk/tagged port at the same time you set up the VLANs. This is more convenient, but I suppose there could be a greater risk of accidentally setting ports as tagged when they should not be.
To make a port a trunk port on the older firmware on the T2600G-28TS switch, go to the “VLAN” menu, then “802.1Q VLAN”, and click on the “Port Config” tab. Since we are wanting to allow VLAN network traffic between the two switches, you will need to select the “LAGS” section beside the “UNIT:” heading. You should see the LAGG that you just configured earlier. Check the box beside the LAGG and choose “TRUNK” from the dropdown menu. Click “Apply” to save the changes.
Now you can set up your VLANs in the “VLAN Config” tab. In the example in the screenshot, I have created a VIDEO VLAN and selected 3 untagged ports. These are the ports I will be attaching IP video cameras. In the tagged ports section, click on “LAGS” and then click the LAGG you have configured. This will allow the VIDEO VLAN network traffic to flow to our other switch. Click “Apply” once again to save your changes.
Next you will need to repeat this process on the second switch. Since it has the newer TP-Link firmware, you simply go to “L2 Features” and then click the “VLAN” menu. Add a new VLAN via the “VLAN Config” section. Select the ports used by your devices as the untagged ports. Ports 6-8 will be used for IP cameras. Click “LAGS” in the tagged section to select the LAGG you created so that traffic can flow between the switches.
One more thing that needs to be done with the newer firmware that is not necessary with the older firmware. The older firmware automatically set the PVID of the port once you added the port to a VLAN. For the newer firmware, I noticed that you have to go to the “Port Config” section and set the PVID of the ports to the VLAN IDs you have set up. In the example below, I set ports 6-8 to PVID 50 for VLAN 50.
If you have several VLANs, you will need to repeat the above process for each VLAN on both switches. Note that you only need to create the same VLANs on both switches with the same VLAN IDs if you have devices on both switches that you wish to be in the same VLAN. If an entire VLAN resides only on one switch, you do not need to create the VLAN on both switches. However, depending on how you connect your switches together, you may need to create the VLAN on both switches to ensure that the VLAN traffic can reach your router.
For example, I have my T1500G-10MPS connected to my T2600G-28TS and I have the T2600G-28TS connected to my router. My wireless access points are connected to my T1500G-10MPS switch. Because of this configuration, I need to have the same VLANs I set up on my APs (one VLAN per SSID) set up on both switches so that the VLAN traffic can traverse through the T1500G-10MPS SFP LAGG trunk port and through the trunk port set up on the T2600G-28TS that is connected to my router. It is important to ensure that you VLAN traffic can make its way through your network to have proper connectivity for your devices.
If all goes well, you should now have a higher bandwidth link with failover established between the two switches and also have VLAN traffic flowing between them! Your existing firewall rules for your VLANs should still be applicable since from a router’s point of view, all of the devices are on their respective networks regardless of the physical connections between the devices. If you created additional VLANs, you will of course need to update your firewall rules to add the desired restrictions.
Optionally Verify LAGG Network Traffic
If you like to take a peek at how your network traffic is being distributed between the two ports in your LAGG, you can go to the switch’s network monitor page. This will give you a good idea whether or not your network traffic is being evenly distributed or if it is only using one of the two ports. For the older TP-Link firmware, go to the “Switching” menu and then “Traffic Monitor”. You can see that the traffic is relatively evenly distributed between the two LAGG ports (ports 25 and 26).
For the newer firmware, go to “Maintenance” and then “Traffic Monitor”. You can see the traffic on the LAGG ports (ports 9 and 10) are pretty even.
