Inter-VLAN routing not working on Balance 20


#1

Not sure what I am doing wrong here but I cannot ping or access devices on VLAN 5 from the management VLAN (or any other VLAN). This is on a Balance 20 running latest firmware. As a precaution, I did a factory reset to rebaseline the system. I then set up my VLANs (1-5 with 1 as mgmt). Inter-VLAN routing is enabled for all of the VLANs. There are no firewall rules in effect at all and the default rule is set to “allow.”

I cannot access devices on VLAN 5 from a computer on VLAN 1 (Mgmt). I cannot ping devices on VLAN 5 from LAN or any other VLAN. If I put my computer on VLAN 5 I can easily access the devices there.

What am I missing here? This is almost exactly the same configuration on my Balance 200 (different network) and I did not encounter this problem there. Note that the Balance 20 is not yet connected to the Internet, but I don’t see why that should make a difference.

Thanks

MJB


#2

hi mjb87, the inter-vlan routing is enable on those vlans?


#3

Yes, as stated in the original message:

"Inter-VLAN routing is enabled for all of the VLANs. There are no firewall rules in effect at all and the default rule is set to allow.”

That is why I am confused.


#4

there is a switch between Peplink and PCs ? If yes, you have configured the port on which the peplink is connected in untagged vlan 1 and tagged vlans (2-5), then edit the ports on which the PCs are connected and configure them untagged on the vlan that interest you .

what is the fw version of Balance 20 ?


#5

Firmware version of Peplink is 7.1.1 – just checked for updates.

All ports on the Balance 20 are set to trunk/any. I tried setup with a unmanaged switch and then took the switch out of the loop. Note that I can easily access the devices on VLAN 5 if I plug the switch into existing Asus router. This is definitely not an issue with the devices (cameras) switches or cables. I’ve narrowed it down to the inability to connect across VLANs. Note that I cannot ping (using Balance 20 ping command) across VLANs.

There must be a setting somewhere that I’ve missed.


#6

from a PC on vlan 5, you reach the default gateway on vlan 1 via ping ?
can u share a screeshot how to configure the Peplink BPL20 ?
thanks


#7

Appreciate your help, asimula.

I cannot ping from any vlan to any other vlan. I’m using the ping feature within the router itself, not via the PC. I will try the connection you recommend and report back. May be a while before I can do that.

MJB


#8

the balance ping function does not allow testing between the various vlan. To do the tests you have to do them via the pc
PS. You need to use a managed switch for untag/tag the vlans

Regards
AS


#9

Thanks again.

I am using a managed switch for the actual network and have now put that in the network. The basic design is

  • Managed switch to Port 1 of Balance 20: Port 1 is set to Trunk/Any; same with opposite port on switch
  • Computer is plugged into Port 2 of Balance 20: Port 2 is set to Trunk/Any
  • Device on VLAN 4 is on a switch port set properly for VLAN 4

So far everything works perfectly. The device comes up on VLAN 4 with the appropriate IP address. The router sees everything exactly where it should be. Computer is on management VLAN and device on VLAN 4 and both are working. This is not a VLAN-design issue.

Everything works fine except I cannot ping the device on VLAN 4 on my computer (directly using command prompt or through the Peplink ping command) even though all VLAN’s have Inter-VLAN routing enabled and there are (as of now) no firewalls or other access restrictions.

To be clear, I CAN ping other devices on the management LAN (VLAN 1). If I plug my computer instead into a switch port configured for VLAN 4 I CAN ping the other devices on that VLAN.

Here is the Mgmt LAN setup:

Here is the Cloud setup (VLAN 4 – where the device is I am trying to access) – EXCEPT that the Inter-VLAN box is checked and enabled in the actual setup now.

Here is the firewalls page – nothing is set yet. (The router is not yet connected to the internet.):

I’ve set up a Balance 200 with almost exactly the same network design (just 10 times bigger) and it works perfectly. I must be missing something with my Balance 20. The only difference I can see is that the Balance 20 does not (yet) have a WAN connection. All of the other design elements are the same.

I’m grateful for any suggestions. Thanks.

MJB


#11

can you share a screen of network switch port configuration , where Balance 20 is connected ?


#12

All four of the Peplink ports are set to Trunk/Any. Except for the one switch port to which the device on VLAN 4 is connected all switch ports are set to Trunk/Any.

I get the exact same result if I take the switch out of the loop, plug the device into a Peplink port and set that port to Access/VLAN 4. The device comes up on VLAN 4 but can’t be pinged from the Mgmt VLAN.


#13

OK. I’ve played around. I think the problem is in hardware on LAN port 2 of the Balance 20 router. That is where my computer is connected. I can get the proper connection right now connecting the computer to LAN port 3. All of the LAN ports on the router have the exact same configuration. I can confirm that the computer is on VLAN 1 (Mgmt) and the device I am pining is on VLAN 4.

Seems like a minor hardware glitch. I can work around it.


#14

if under warranty open a ticket .


#15

Thanks. I spoke too soon. After a while the connection failed. I returned it to port 2 and it worked again for a while – and then failed.

Let me do a complete replacement of all cables and a reboot and see what happens. This will take a few days.