I can't seem to figure out why inter-VLAN traffic is not routing.
Settup:
Verizon FIOS (Have to use their ridiculous router for CATV / MOCA first)
EdgeRouter Pro:
Port 0 - WAN 1
Port 1 - WAN 2 (Failover Only) (Not Connected Yet)
Port 2 - LAN
Multiple EdgeSwitches
Port 23 & 24 are Trunk Ports between them
I can't ping between VLANs.
If I'm on the default VLAN, the ping gets sent to the Verizon router.
If I'm on any other VLAN, the ping never gets past the EdgeRouter.
Any help would be greatly appreciated!
Here is my config:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 1 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.2/24
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address dhcp
description "Internet 2"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description Default
duplex auto
firewall {
in {
modify balance
}
}
speed auto
vif 10 {
address 192.168.10.1/24
description RJH-Main
}
vif 20 {
address 192.168.20.1/24
description RJH-Guest
mtu 1500
}
vif 30 {
address 192.168.30.1/24
description RJH-Control
mtu 1500
}
vif 40 {
address 192.168.40.1/24
description RJH-CCTV
mtu 1500
}
}
ethernet eth3 {
description "Ethernet 3 - Unused"
duplex auto
speed auto
}
ethernet eth4 {
description "Ethernet 4 - Unused"
duplex auto
speed auto
}
ethernet eth5 {
description "Ethernet 5 - Unused"
duplex auto
speed auto
}
ethernet eth6 {
description "Ethernet 6 - Unused"
duplex auto
speed auto
}
ethernet eth7 {
description "Ethernet 7 - Unused"
duplex auto
speed auto
}
loopback lo {
}
}
load-balance {
group G {
interface eth0 {
}
interface eth1 {
failover-only
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
lan-interface eth2.10
lan-interface eth2.30
lan-interface eth2.40
rule 1 {
description Slingbox
forward-to {
address 192.168.10.254
port 5201
}
original-port 5201
protocol tcp_udp
}
rule 2 {
description PRO3
forward-to {
address 192.168.30.11
port 41794-41795
}
original-port 41794-41795
protocol tcp_udp
}
rule 3 {
description Lighting
forward-to {
address 192.168.30.12
port 41795
}
original-port 42795
protocol tcp_udp
}
rule 4 {
description HVAC
forward-to {
address 192.168.30.13
port 41795
}
original-port 43795
protocol tcp_udp
}
rule 5 {
description DM
forward-to {
address 192.168.30.111
port 41795
}
original-port 44795
protocol tcp_udp
}
rule 6 {
description PRO3-Web
forward-to {
address 192.168.30.11
port 80
}
original-port 80
protocol tcp_udp
}
wan-interface eth0
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1 {
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Default {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 68.238.112.12
dns-server 208.67.222.222
lease 86400
start 192.168.2.101 {
stop 192.168.2.254
}
}
}
shared-network-name VLAN-10 {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 68.238.112.12
dns-server 208.67.220.220
lease 86400
start 192.168.10.101 {
stop 192.168.10.254
}
static-mapping Slingbox {
ip-address 192.168.10.254
mac-address 00:0d:c5:ce:e1:ee
}
}
}
shared-network-name VLAN-20 {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 68.238.112.12
dns-server 208.67.220.220
lease 86400
start 192.168.20.101 {
stop 192.168.20.254
}
}
}
shared-network-name VLAN-30 {
authoritative disable
subnet 192.168.30.0/24 {
default-router 192.168.30.1
dns-server 68.238.112.12
dns-server 208.67.220.220
lease 86400
start 192.168.30.201 {
stop 192.168.30.254
}
}
}
shared-network-name VLAN-40 {
authoritative disable
subnet 192.168.40.0/24 {
default-router 192.168.40.1
dns-server 68.238.112.12
dns-server 208.67.220.220
lease 86400
start 192.168.40.101 {
stop 192.168.40.254
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
listen-on eth2.10
listen-on eth2.20
listen-on eth2.30
listen-on eth2.40
}
}
gui {
https-port 443
}
nat {
rule 5000 {
outbound-interface eth0
type masquerade
}
rule 5002 {
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name RJH
host-name RJH-Router
login {
user admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "Pyramid Sound"
level admin
}
}
name-server 68.238.112.12
name-server 208.67.222.222
name-server 208.67.220.220
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
package {
repository squeeze {
components "main contrib non-free"
distribution squeeze
password ****************
url http://ftp.us.debian.org/debian/
username ""
}
repository squeeze-updates {
components "main contrib"
distribution squeeze/updates
password ****************
url http://security.debian.org/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}