The TL-SG2216 supports up to 512 802.1Q VLANs, numbered from 1-4000, with three port types. An access port is assigned to a single VLAN and doesn't tag egress frames with a VLAN ID. A trunk port can be assigned to multiple VLANs and tags egress frames with a VLAN ID. A general port can be assigned to multiple VLANs and can be configured to tag or not tag egress frames per VLAN ID. The TL-SG2216 uses PVIDs (port VLAN ID) to assign the native VLAN on a general or trunk port.
I successfully tested 802.1Q trunking and VLAN traffic segmentation between the TL-SG2216 and a NETGEAR GS108T. My configurations were as follows:
- VLAN1 and VLAN2 were added to both switches
- A trunk port connecting the two switches was configured as a member of VLAN1 and VLAN2, with a PVID of VLAN1
The screenshot below from the TL-SG2216 shows three things. First, all ports except port 10 are members of VLAN1. Second, my trunk port, port 2, is a member of VLAN1 and VLAN2. Third, port 10 is only a member of VLAN2.
TP-LINK TL-SG2216 VLAN configuration
The screenshot below shows port 2 is a trunk port with a PVID of 1 and port 10 is an access port with a PVID of 2.
TP-LINK TL-SG2216 VLAN port assignments
As expected, devices connected to access ports on VLAN1 on the TL-SG2216 were only able to communicate with devices on VLAN1 on both the TL-SG2216 and the GS108T. Also as expected, a device connected to port 10 on the TL-SG2216 was only able to communicate with devices on VLAN2 on the GS108T.
This is a basic test of 802.1Q trunking and there are far more complex configurations for VLAN tagging and traffic separation. This test simply verified the TL-SG2216 properly applies and recognizes 802.1Q VLAN tags.
A simpler form of VLANs can be implemented on the TL-SG2216 with the Port Isolation feature. With this option, individual ports can be restricted to being able to send traffic to other ports by creating a simple point and click map. In the map shown below, port isolation hasn't been configured, thus all ports are permitted to send traffic to all other ports.
TP-LINK TL-SG2216 VLAN port isolation
The TL-SG2216 supports standard spanning tree protocol (STP), rapid STP (RSTP), and multiple STP (MSTP) to prevent switching loops when redundant links exist between switches. Up to eight MSTP instances are supported.
Spanning tree is disabled by default. Enabling standard STP is a matter of clicking enable in the global menu, then enabling it on all or selected ports.
Testing common spanning tree is easy. Simply connect two ports of the switch to each other to create a switching loop. With spanning tree disabled, the switch will possibly hang and traffic will drop or fail to pass through it. With spanning tree enabled, one of the two ports connected to each other will go into a blocking state and the switch will continue to function normally.
With spanning tree disabled, I was able to hang the TL-SG2216 using the above test. With spanning tree enabled, the above test caused no harm as STP took one end of the loop down, doing its job by detecting and preventing the loop.
I used ports 14 and 16 for my STP test. With STP enabled, as you can see in the circled section below, port 16 has gone into the STP port status of blocking, which is expected when STP detects a loop.
TP-LINK TL-SG2216 STP blocking
STP has some vulnerabilities, thus there are multiple techniques for optimizing STP and protecting against these vulnerabilities. The TL-SG2216 supports five STP security measures, including Loop Protection, Root Protection, TC Protect, BPDU Protect, and BPDU Filtering. Each of these measures can be enabled or disabled per port.
The TL-SG2216 supports up to six Link Aggregation Groups (LAGs) with up to four links per group. Although LACP (Link Aggregation Control Protocol) is referenced in the TL-SG2216 manual, the device provides only static LAG configuration options.
I was able to configure a static LAG using two ports between the TL-SG2216 and a NETGEAR GS108T. I configured port 14 and 16 on the TL-SG2216 to be members of LAG1, as shown below. I configured two ports on the GS108T similarly and the LAG came up between both switches without a hitch.