New Surf Soho user experiencing some odd issues (assigning ports to VLANs = no internet access)

I recently bought a surf soho v3 and I’m working on setting up my home network.

I have it online (connected to WAN via FIOS service) and I can connect clients via ethernet cable. However a few odd problems have popped up:

Problem 1
I am sporadically losing my WAN connection (failing health test). At first I thought this was only happening after connecting a wifi client, but that does not seem to the the case after all. This morning it happened after about 10 minutes after being online. I am going to change the health check to ping google rather than my ISPs DNS servers (maybe they sniff that out and drop the IP lease?)

Problem 2
I configured some firewall rules, and after this I can only use one specific computer to log in to the router. A computer that I previously used will no longer load the admin console, it gives me a “connection timed out” error (I am connecting via ethernet for admin)

Any ideas? I know this is vague, if there is any other info needed to troubleshoot please let me know.

ISP DNS servers can be flaky or otherwise have weird behaviors, I recommend to use Google’s DNS servers for the health check targets.

For the other problem you must have configured a firewall rule wrong. If you want to post them we can take a look.

1 Like

I also had to clone my old FIOS router’s MAC address due to DHCP lease problems, but I’ve since solved that issue. One more thing that might have been a problem.

I changed my DNS servers to google ( & ) and set health check to DNS lookup using the same.Let’s see how it goes for the next hour or so.

See my firewall rules below. I can pull the cable from this PC I’m on right now, plug it into my other and it will not get to the login page. I also set admin access to my primary LAN only via https on a specific port. Both PCs satisfy the requirements. I’m assuming I don’t need a rule for that port since the LAN firewall rule to allow all is enabled. Please correct me if I’m wrong.

Hi @Rlb,

Maybe a silly comment, but have you checked the LAN networkadapter settings in the PC that doesn’t seem to work?

I’ve caught myself forgetting this sometimes, after tweaking with some hardware, leaving the PC in a totally different IP range.
I would then get the same ‘connection timed out’ error when I’d try to reach an IP adress, in example.

1 Like

@Joey_van_der_Gaag it occurred to me to check, however it is now working. Not really sure what the problem was. It seems that everything was flaky using the cloned MAC and old DHCP lease. I left everything unplugged for a few hours this morning and now it seems like my first 2 problems have resolved themselves.

However, there’s a new one. I’m not getting any internet connection via wifi. I have one client connected at the moment. The SSID is pointed at my primary LAN, however the client has an IP address of 169.x.x.x while the primary LAN is in the 192.168.50.x range.

I also tried to connect my phone and it will not assign an IP address. Seems like I have something screwed up with DHCP?

Any ideas? Thanks a bunch for the quick help here!

Ok, some more info. I reset my router and started from scratch. My problems appear once I add a VLAN, another SSID, and I assign ethernet ports to VLANs. After that, as soon as I try to connect a wireless client to the “primary” LAN I get all sorts of connectivity issues, like no wireless clients get an IP address and my wired clients cant access the internet.

Right now I have 1 LAN and 1 SSID and I’m cruising along fine. Below are my steps for adding a VLAN & second SSID. Am I doing something wrong? I will start to narrow it down by process of elimination, but if anyone has other suggestions I’m open.

Create VLAN for guest network
On Network tab click “New LAN” (if this is not visible click the question mark on the LAN heading and enable)
Give an IP address to the LAN
Enter the name and give the VLAN an ID (Guest_VLAN; 2)
Uncheck inter-VLAN routing
Check DHCP Server Logging
Define an IP range
Click save then apply changes

On the network tab click the Untagged Network
Give it a name (Primary)
Uncheck inter-VLAN routing

Add an SSID for the new VLAN
Click the AP tab and add a new AP
Give an SSID
Assign a VLAN ID
Choose WPA2 Personal security policy (AES:CCMP)
Enter the PSK

Go to System >Admin Security and change the LAN connection access settings to allow only the primary LAN

Assign LAN port(s) to appropriate VLAN(s)
Network Tab>Port Settings
Choose LAN Port 1, port type (Trunk), and assign it to the primary LAN
Uncheck all other ports

Just thought of this (but no time to test it now). Does each LAN/VLAN need a different subnet mask? Might that be my problem? I need a better understanding of what implications the subnet mask has.

So I continued my setup by adding a VLAN then assigning ports to VLANs. Seems like assigning the ports is what’s causing all hell to break loose. Any ideas on what to do from here?

I want to do this, but with these settings no clients can access the internet

I have to leave it like this to get online: