Hello everyone,
I’m having trouble with inter-vlan routing on a Balance 30 with firmware 6.3.1 build 3138.
We have two networks set up: Default LAN with IP range 192.168.0.0/24 and VLAN 30 with IP range 192.168.30.0/24.
Both interfaces have inter-vlan routing option checked and internal network firewall rule is set to allow any internal traffic (default rule untouched). There are no other firewall rules applied.
A PC in default lan can see the router via 192.168.30.254 which is its IP address for vlan 30, however that same PC cannot ping any other device in vlan 30. The same happens the other way round.
Does anyone know how to solve this problem?
Hi,
Can you share us the VLAN settings for the default LAN & VLAN30 here ?
Beside that, please check and make sure firewall is not turned on for the personal PC for the ping test. As a lot of time the personal firewall for the PC is blocking the traffics
Thank You
We are seeing this same issue. We were previously on some version of 6.2.X, and upgraded to 6.3.1 build 2256. Previously the LAN ports all had the same VLAN settings - if you wanted to use multiple VLANS you would set it up with VLAN tagging with a trunk port to your switch.
Since moving to this version there is now a Port Settings page under LAN settings, where it looks like you can set the individual LAN ports as either trunk or access ports - similar to other firewalls with multiple LAN ports. This allows you to do untagged VLANs if you want.
Anyways, it seems like this broke inter-VLAN routing, or changed it somehow. Previously we had the following VLANS:
192.168.1.X -Untagged Traffic
10.10.20.X - VLAN 4
192.168.40.X - VLAN 5
The LAN port connected to our switch was configured as a trunk port.
Now we cannot communicate between any of the VLANS. The untagged 192.168.1.X subnet can communicate out over the WAN connections, but clients on the VLAN 4 and VLAN 5 network cannot access the WAN at all.
I previously had firewall rules blocking certain traffic from VLANs 4 and 5 to the LAN (untagged subnet) but I removed these for troubleshooting, and since it looks like you know handle inter-VLAN routing rules in the Internal Network Firewall Rules section at the bottom of that page - I have not recreated those rules down there during troubleshooting, so the default any-to-any rule is there and I still cannot communicate properly with the VLAN’s.
There are no firewalls enabled on the machines I am trying to communicate with/from.
VLAN settings are as follows:
IP Address: 10.10.20.1 / 255.255.255.0
Name: VLAN 4
VLAN ID: 4
Inter-VLAN routing: Enabled
Captive Portal: Disabled
DHCP Server: Disabled
IP Address: 192.168.40.1 / 255.255.255.0
Name: VLAN 5
VLAN ID: 5
Inter-VLAN routing: Enabled
Captive Portal: Disabled
DHCP Server: Disabled
Unfortunately we cannot roll back to a previous version, as the firmware upgrade was done to resolve a separate issue.
In further testing, I tried changing the LAN Port Settings - by default all LAN ports were set as:
Port Type: Trunk
VLAN: ANY
I decided to take LAN port 2 and keep it as a trunk port, but set the VLAN to VLAN 5. I then connected LAN port 2 on both Peplinks (they are in an HA cluster) to untagged VLAN ports on our switch for VLAN 5 - setting it up like if we were doing all untagged VLANS. This resumed communication between VLAN 5 and the untagged VLAN, and also for VLAN 5 to the WAN connections.
Since this worked I decided to set up all the VLAN’s this way, so with the ports set like this:
LAN 1
Port Type: Trunk
VLAN: Untagged LAN
LAN 2
Port Type: Trunk
VLAN: VLAN 5
LAN 3
Port Type: Trunk
VLAN: VLAN 4
For each LAN connection I connected them to untagged VLAN port groups in the switch.
This broke communications out of the VLAN’s again.
I am going to try changing the port types to Access soon - this in theory should be what they are set to, but since it worked having them set to trunk ports previously I had left them that way. I just can’t make this change now because we are at a peak traffic time, and applying changes to LAN Port VLAN settings is rebooting the LAN switch and dropping all connections in and out of our network.
Hi sitloongs,
I can ping the PC on VLAN30 if I connect to it using another switch, so there’s no firewall issue.
default LAN: 192.168.0.0/24, Inter-vlan routing: enabled, DHCP server: enabled (192.168.0.10 - 192.168.0.250)
VLAN30: 192.168.30.0/24, Inter-vlan routing: enabled, DHCP server: enabled (192.168.30.10 - 192.168.30.250)
Hi,
Please share the screenshot for Port Settings (Network > Port Settings) in order for me to provide better advice.
Thank you.
Hi,
The VLANs configuration provided should be correct. We suspect the issue may cause by the interlink between the switches to the Balance 30. Can you please help to arrange the following test:
PC1 --Direct Connect–> LAN Port1 B30
PC2 --Direct Connect–> LAN Port2 B30
Please perform ping test for PC1 to PC2 and vice-versa. Do let us know the ping test results.
Thank You
Regards,
Sit Loong
Hey @MartinLangmaid, long time since I last requested some assistance.
I’m reviving this thread as Im being in the same situation.
Apparently the reason for the above issue is the HA configuration but I’ll try to elaborate.
I have two balance 210 in ha mode. they both connected to peplink sd switch and following the best practices that you guys provided here
the basic setup as described in the link is working perfectly. the problems start when you add additional vlans.
because you can only add one vrrp to the entire ha solution and not multiple (one for each vlan [subnet]) you can’t actually allow clients that assigned to vlans to access the default gateway
I can assign different DG for each vlan on each router but that loses the whole point as I want the client to work without manual changes when failing over
Cisco solved it with their HSRP solution by setting one virtual ip for each vlan/subnet.
is there any workaround for that? when I disable the HA everything works but I really need ha across both routers that supports multiple vlans.
Thanks a lot,
Franco
EDIT: adding @TK_Liew as well
1 Like