Its seems to be getting an IP address, but internet not working.

It migth be becuase its getting DNS/DHCP from 172.16.0.3, maybe dns requests are blocked

Add

configure
set firewall name Guest_In rule 30 action accept
set firewall name Guest_In rule 30 destination address 172.16.0.3
set firewall name Guest_In rule 30 destination port 53
set firewall name Guest_In rule 30 protocol tcp_udp
commit

If all is ok, issue save

firewall {
all-ping enable
broadcast-ping disable
group {
address-group Bypass-VPN {
address 198.100.155.19
description "Hosts in this group bypass VPN"
}
address-group IoT-Devices {
address 10.10.11.92
address 10.10.11.93
address 10.10.10.50
address 10.10.11.113
address 10.10.11.118
address 10.10.11.126
address 10.10.11.125
address 10.10.11.128
address 10.10.11.129
address 10.10.11.153
address 10.10.11.130
address 10.10.11.135
address 10.10.11.136
address 10.10.11.138
address 10.10.11.146
address 10.10.11.147
description "IoT Devices"
}
address-group LANServerGroup {
address 10.10.10.150-10.10.10.155
address 10.10.10.50
address 10.10.10.160
address 10.10.11.135
description "All of the LAN Servers"
}
network-group BOGONS {
description "Invalid WAN networks"
network 10.0.0.0/8
network 100.64.0.0/10
network 127.0.0.0/8
network 169.254.0.0/16
network 172.16.0.0/12
network 192.0.0.0/24
network 192.0.2.0/24
network 192.168.0.0/16
network 198.18.0.0/15
network 198.51.100.0/24
network 203.0.113.0/24
network 224.0.0.0/3
}
network-group Blocklist {
description "BlockListed CIDRs"
}
network-group Wired-Group {
description 10.10.10.0/24
network 10.10.10.0/24
}
network-group Wireless-Group {
description 10.10.11.0/24
network 10.10.11.0/24
}
port-group GamePorts {
description "Ports for Games"
port 9988
port 17502
port 22990
port 42127
port 18000
port 18120
port 18060
port 27900
port 28910
port 20000-20100
port 1024-1124
port 9960-9969
port 3659
port 14000-14016
port 22991-23006
port 25200-25300
port 6881-6999
port 6112-6114
port 4000
port 9999
port 10100-10400
port 27014-27050
port 3074
}
port-group GamePortsUDP {
description "Ports for Games UDP"
port 27000-27015
port 27016-27030
port 4380
port 3478
port 4370
port 1500
port 3005
port 3101
port 28960
port 3659
port 27031
port 27036
port 3479-3480
port 500
port 3544
port 4500
port 88
}
port-group PlexServerPorts {
description "Plex Server Ports"
port 32400
}
port-group StandardWebPorts {
description "Standard Web Ports"
port 80
port 443
port 8080
port 3389
}
port-group SteamStreamingPorts {
description "Ports required to be open between Networks"
port 27031
port 27036
port 27037
}
port-group Unifi-Ports {
description "Unify Ports"
port 8081
port 8080
port 8443
port 8843
port 27117
port 2478
port 8881
port 8882
port 22
port 6666
port 7080
port 7443
port 7445
port 7446
port 7447
port 1935
port 3478
port 10001
}
port-group VOIP {
description TS,VENT,Other
port 9159
port 1337
port 5885
port 7540
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN2WIRELESS_IN {
default-action accept
description "packets from Wireless to the router"
enable-default-log
rule 10 {
action accept
description "Standard Web Ports"
destination {
group {
port-group StandardWebPorts
}
}
log disable
protocol tcp_udp
source {
group {
}
}
}
rule 20 {
action accept
description Ping
destination {
group {
}
}
log disable
protocol icmp
source {
group {
}
}
}
rule 30 {
action accept
description NVR
destination {
group {
address-group LANServerGroup
port-group Unifi-Ports
}
}
log disable
protocol tcp_udp
}
rule 40 {
action accept
description Nest
destination {
}
log enable
protocol all
source {
address 10.10.11.150-10.10.11.152
}
}
rule 50 {
action accept
description IoT
log disable
protocol all
source {
group {
address-group IoT-Devices
}
}
}
rule 60 {
action accept
description "Accepted Wired Traffic"
log enable
protocol all
source {
group {
network-group Wired-Group
}
}
state {
established enable
invalid disable
new disable
related enable
}
}
rule 70 {
action accept
description GRE
log disable
protocol gre
}
rule 80 {
action accept
description "PPTP TCP"
destination {
port 1723
}
log disable
protocol tcp
}
rule 81 {
action accept
description nvr2
destination {
group {
port-group Unifi-Ports
}
}
log enable
protocol all
source {
group {
network-group Wireless-Group
}
}
state {
established enable
invalid disable
new enable
related enable
}
}
rule 82 {
action accept
description NVR3
destination {
group {
network-group Wireless-Group
}
}
log enable
protocol all
source {
group {
network-group Wired-Group
}
}
state {
established enable
invalid disable
new disable
related enable
}
}
rule 83 {
action accept
description Plex
destination {
group {
port-group PlexServerPorts
}
}
log disable
protocol all
source {
group {
network-group Wireless-Group
}
}
state {
established enable
invalid disable
new enable
related enable
}
}
}
name LAN2WIRELESS_LOCAL {
default-action accept
description "packets from Wireless to the router"
enable-default-log
rule 2 {
action accept
description "Standard Web Ports"
destination {
group {
port-group StandardWebPorts
}
}
log disable
protocol tcp_udp
source {
group {
}
}
}
rule 6 {
action accept
description Ping
log disable
protocol icmp
}
rule 7 {
action accept
description "DNS port 53"
destination {
port 53
}
log disable
protocol tcp_udp
}
rule 8 {
action accept
description "Accept MDNS"
destination {
port 5353
}
log enable
protocol udp
state {
established enable
invalid disable
new enable
related enable
}
}
}
name LAN2WIRELESS_OUT {
default-action accept
description "Router to Wireless"
}
name LAN_IN {
default-action accept
description ""
}
name LAN_LOCAL {
default-action accept
description ""
}
name Protect-Router {
default-action drop
description Protect-Router
rule 1 {
action accept
description "Allow Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "DEFAULT DROP"
log disable
protocol all
}
}
name WAN_IN {
default-action drop
description "packets from Internet to LAN & WLAN"
rule 1 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action accept
description "Plex Port"
destination {
address 10.10.10.150
port 32400
}
disable
log enable
protocol tcp_udp
source {
}
}
rule 3 {
action drop
description "drop invalid state"
log enable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 4 {
action drop
description "Drop Blocklist"
log disable
protocol all
source {
group {
network-group Blocklist
}
}
}
rule 5 {
action drop
description "drop BOGONS source"
log disable
protocol all
source {
group {
network-group BOGONS
}
}
}
}
name WAN_LOCAL {
default-action drop
description "packets from Internet to the router"
rule 1 {
action accept
description "allow established session to the router"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log enable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 3 {
action drop
description "drop BOGONS Source"
log disable
protocol all
source {
group {
network-group BOGONS
}
}
}
rule 4 {
action drop
description "Drop Blocklist"
log disable
protocol all
source {
group {
network-group Blocklist
}
}
}
rule 5 {
action accept
description "Rate Limit ICMP"
limit {
burst 1
rate 50/minute
}
log enable
protocol icmp
}
rule 6 {
action accept
description "PPTP GRE"
log disable
protocol gre
}
rule 7 {
action accept
description "PPTP TCP 1723"
destination {
port 1723
}
log disable
protocol tcp
source {
port 1723
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 10.10.10.1/24
description LAN
duplex auto
firewall {
in {
name LAN_IN
}
local {
name LAN_LOCAL
}
out {
}
}
speed auto
}
ethernet eth2 {
address 10.10.11.1/24
description LAN2WIRELESS
duplex auto
firewall {
in {
name LAN2WIRELESS_IN
}
local {
name LAN2WIRELESS_LOCAL
}
out {
name LAN2WIRELESS_OUT
}
}
speed auto
}
loopback lo {
}
openvpn vtun0 {
description frootvpn-se
encryption aes256
firewall {
local {
name Protect-Router
}
}
mode client
openvpn-option "--auth-user-pass /config/auth/frootvpn.txt"
openvpn-option --pull
openvpn-option "--comp-lzo adaptive"
openvpn-option "--mute 5"
openvpn-option --tls-client
openvpn-option --route-nopull
openvpn-option --fast-io
openvpn-option "--verb 0"
openvpn-option "--reneg-sec 604800"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--hand-window 180"
openvpn-option "--ping 30"
openvpn-option "--auth-retry nointeract"
protocol udp
remote-host se-openvpn.frootvpn.com
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/openvpn/keys/frootvpn.com.crt
key-file /config/auth/openvpn/keys/frootvpn.com.key
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
lan-interface eth2
rule 1 {
description "Plex Server Foreward"
forward-to {
address 10.10.10.155
port 32400
}
original-port 32400
protocol tcp_udp
}
rule 2 {
description NVR
forward-to {
address 10.10.10.150
port 7080
}
original-port 7080
protocol tcp_udp
}
rule 3 {
description "NVR HTTPS Management"
forward-to {
address 10.10.10.150
port 7443
}
original-port 7443
protocol tcp_udp
}
rule 4 {
description "NVR HTTPS Streaming"
forward-to {
address 10.10.10.150
port 7446
}
original-port 7446
protocol tcp_udp
}
rule 5 {
description torrent
forward-to {
address 10.10.10.157
port 44022
}
original-port 44022
protocol udp
}
wan-interface eth0
}
protocols {
igmp-proxy {
interface eth1 {
alt-subnet 10.10.11.0/24
role downstream
threshold 1
}
interface eth2 {
alt-subnet 10.10.10.0/24
role upstream
threshold 1
}
}
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 10.10.10.0/24 {
default-router 10.10.10.1
dns-server 10.10.10.1
domain-name local
lease 86400
start 10.10.10.2 {
stop 10.10.10.50
}
static-mapping I_Know_God {
ip-address 10.10.10.11
mac-address 00:1f:bc:01:01:61
}
static-mapping LxUNMS {
ip-address 10.10.10.160
mac-address 00:15:5d:0a:2f:05
}
static-mapping SmarterThings {
ip-address 10.10.10.50
mac-address bc:60:a7:5a:85:81
}
static-mapping UniFi-CloudKey {
ip-address 10.10.10.252
mac-address 44:d9:e7:9f:13:a2
}
static-mapping WinTorr01 {
ip-address 10.10.10.157
mac-address 00:15:5d:0a:2f:01
}
static-mapping cubeComp {
ip-address 10.10.10.20
mac-address 00:25:22:ff:47:dc
}
unifi-controller 10.10.10.252
}
}
shared-network-name LAN2WIRELESS {
authoritative disable
subnet 10.10.11.0/24 {
default-router 10.10.11.1
dns-server 10.10.11.1
dns-server 4.2.2.4
lease 86400
start 10.10.11.50 {
stop 10.10.11.150
}
static-mapping Chromecast-Living-Room {
ip-address 10.10.11.129
mac-address 48:d6:d5:49:94:d6
}
static-mapping ESP_0BA17B {
ip-address 10.10.11.147
mac-address bc:dd:c2:0b:a1:7b
}
static-mapping ESP_16F441 {
ip-address 10.10.11.146
mac-address b4:e6:2d:16:f4:41
}
static-mapping Google-Home-Bedroom {
ip-address 10.10.11.130
mac-address 48:d6:d5:f3:cd:be
}
static-mapping Google-Home-Office {
ip-address 10.10.11.128
mac-address e4:f0:42:2c:1d:06
}
static-mapping Living-Room-Mini {
ip-address 10.10.11.136
mac-address 48:d6:d5:d9:ad:51
}
static-mapping NESTDownstairs {
ip-address 10.10.11.150
mac-address 18:b4:30:71:12:1a
}
static-mapping NESTProtectKitchen {
ip-address 10.10.11.152
mac-address 18:b4:30:31:d7:eb
}
static-mapping NESTUpstrairs {
ip-address 10.10.11.151
mac-address 18:b4:30:73:9e:b5
}
static-mapping Nestthing2 {
ip-address 10.10.11.138
mac-address 18:b4:30:a4:83:eb
}
static-mapping SteamLink {
ip-address 10.10.11.73
mac-address e0:31:9e:03:21:22
}
static-mapping UnifiAP {
ip-address 10.10.11.252
mac-address 04:18:d6:52:77:2d
}
static-mapping UnifiAPACPro {
ip-address 10.10.11.250
mac-address 44:d9:e7:fc:41:73
}
static-mapping UnifiAPInWall {
ip-address 10.10.11.251
mac-address 44:d9:e7:d8:20:3c
}
static-mapping Wink-Link {
ip-address 10.10.11.92
mac-address 88:07:4b:b5:9d:36
}
static-mapping WinkLight1 {
ip-address 10.10.11.93
mac-address 7c:e5:24:0f:82:05
}
static-mapping iHomeSmartPlug-29B3BC {
ip-address 10.10.11.113
mac-address 74:c6:3b:29:b3:bc
}
unifi-controller 10.10.10.252
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 400
listen-on eth1
listen-on eth2
system
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
mdns {
repeater {
interface eth1
interface eth2
}
}
nat {
rule 5000 {
description "masquerade for WAN"
log disable
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
connection wss://10.10.10.160:443+4_qU-5oWtdnZsDXajjHr4nBweFEDKNcLt271-c5zTPkAAAAA+allowSelfSignedCertificate
}
upnp {
listen-on eth1 {
outbound-interface eth0
}
listen-on eth2 {
outbound-interface eth1
}
}
upnp2 {
listen-on switch0
nat-pmp enable
secure-mode enable
wan eth0
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name HBubnt
login {
user {
authentication {
encrypted-password $6$$.vl30F..
plaintext-password ""
}
full-name ""
level admin
}
user ubnt {
authentication {
encrypted-password $6$/2i/
plaintext-password ""
}
level admin
}
}
name-server 1.1.1.1
name-server 8.8.8.8
name-server 9.9.9.9
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
}
ipv6 {
forwarding disable
}
}
syslog {
global {
facility all {
level emerg
}
facility protocols {
level emerg
}
}
}
time-zone America/Chicago
traffic-analysis {
dpi disable
export enable
}
}
traffic-control {
}

/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.8.5142440.181120.1645 */

Ok...here it is...thanks for being patient!---

firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
address 192.168.1.1/24
aging 300
bridged-conntrack disable
description "Local Bridge"
hello-time 2
max-age 20
priority 32768
promiscuous enable
stp false
}
ethernet eth0 {
address dhcp
description Internet
dhcpv6-pd {
pd 0 {
interface br0 {
host-address ::1
service slaac
}
prefix-length /64
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
bridge-group {
bridge br0
}
description "Local Bridge"
duplex auto
speed auto
}
ethernet eth2 {
bridge-group {
bridge br0
}
description "Local Bridge"
duplex auto
speed auto
}
ethernet eth3 {
bridge-group {
bridge br0
}
description "Local Bridge"
duplex auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_BR {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.210 {
stop 192.168.1.254
}
static-mapping ArdensRoom_ecobee4 {
ip-address 192.168.1.14
mac-address 44:61:32:FE:03:00
}
static-mapping Bathroom_EchoDot {
ip-address 192.168.1.17
mac-address FC:A1:83:4E:42:4B
}
static-mapping Den_AP {
ip-address 192.168.1.3
mac-address AC:86:743:51:C0
}
static-mapping Den_AppleTV {
ip-address 192.168.1.55
mac-address D02:B0:8D:A5:05
}
static-mapping Den_HarmonyHub {
ip-address 192.168.1.16
mac-address c8:db:26:05:2c:78
}
static-mapping Den_Marantz {
ip-address 192.168.1.52
mac-address 00:05:CD:FC:69:94
}
static-mapping Den_ecobee4 {
ip-address 192.168.1.13
mac-address 44:61:32:40:B2:39
}
static-mapping Kitchen_AP {
ip-address 192.168.1.4
mac-address AC:86:743:50:60
}
static-mapping LivingRoom_ecobee4 {
ip-address 192.168.1.12
mac-address 44:61:320:19:AF
}
static-mapping MBR_AP {
ip-address 192.168.1.2
mac-address AC:86:74:CD:9C:80
}
static-mapping MBR_AppleTV {
ip-address 192.168.1.53
mac-address D02:B0:88:36:C4
}
static-mapping MBR_HarmonyHub {
ip-address 192.168.1.15
mac-address C8B:26:06:67:1F
}
static-mapping MBR_LG_B7TV {
ip-address 192.168.1.58
mac-address 48:8D:36:7D:6C:42
}
static-mapping MBR_ecobee4 {
ip-address 192.168.1.10
mac-address 44:61:32:F1:20:28
}
static-mapping OVRC_PRO {
ip-address 192.168.1.104
mac-address B8:27:EB:2E:9E:5F
}
static-mapping Office_AppleTV {
ip-address 192.168.1.54
mac-address D02:B0:8C1:00
}
static-mapping Office_LG_C7TV {
ip-address 192.168.1.57
mac-address 7C:1C:4E:95:68:21
}
static-mapping Office_Marantz {
ip-address 192.168.1.51
mac-address 00:05:CD:FC:52:CC
}
static-mapping Office_ecobee4 {
ip-address 192.168.1.11
mac-address 44:61:32:A8:0C:54
}
static-mapping SONOS_BATHROOM {
ip-address 192.168.1.205
mac-address 5C:AA:FD:E7:71:74
}
static-mapping SONOS_DEN {
ip-address 192.168.1.204
mac-address 94:9F:3E:B2:3D:F0
}
static-mapping SONOS_KITCHEN {
ip-address 192.168.1.203
mac-address 5C:AA:FD:EC:FB:76
}
static-mapping SONOS_LIVINGROOM {
ip-address 192.168.1.202
mac-address 5C:AA:FD:EC:FB:A4
}
static-mapping SONOS_MBR {
ip-address 192.168.1.200
mac-address 78:28:CA:53:E3:28
}
static-mapping SONOS_OFFICE {
ip-address 192.168.1.201
mac-address 94:9F:3E:B2:3D:C4
}
static-mapping Samsung_FrameTV {
ip-address 192.168.1.56
mac-address 68:27:37:52:0B6
}
static-mapping Wattbox {
ip-address 192.168.1.103
mac-address d4:6a:91:03:03:10
}
static-mapping YARGABOX {
ip-address 192.168.1.50
mac-address F0:6E:0B:22:E7:B5
}
static-mapping YargaMac_Ethernet {
ip-address 192.168.1.106
mac-address 98:10:E8:F26:44
}
static-mapping YargaMac_WiFi {
ip-address 192.168.1.105
mac-address 98:9E:63:36:E0:C2
}
static-mapping YargaNAS {
ip-address 192.168.1.100
mac-address 24:5E:BE:1B:52:68
}
static-mapping YargaPrinter {
ip-address 192.168.1.107
mac-address 5C:EA:1D:55:12:72
}
static-mapping YargaSwitch110 {
ip-address 192.168.1.101
mac-address D4:6A:91:74:6D:6F
}
static-mapping YargaSwitch210 {
ip-address 192.168.1.102
mac-address d4:6a:91:75:0b:eb
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on br0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
upnp {
listen-on br0 {
outbound-interface eth0
}
}
upnp2 {
listen-on br0
nat-pmp enable
secure-mode enable
wan eth0
}
}
system {
host-name YargaRouter
login {
user YargaRouter {
authentication {
}
level admin
}
}
name-server 1.1.1.1
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
traffic-control {
smart-queue SQM {
download {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 420mbit
}
upload {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 20mbit
}
wan-interface eth0
}
}

/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.0.5155284.190104.0701 */

If you find out that a new router will help you, this thread is for you https://community.ubnt.com/t5/EdgeRouter/What-is-superior-model-to-EdgeRouter-X/td-p/2326578

---

 wrote:

How would i know if the ports on the routers are switched and/or VLAN aware by looking at the specifications? Is it commonly described in the datasheets or on the product pages somehow, and i just cant identify it?

---

Good question.  I don't know where it is documented either.  I have just learned from the forums.

The EdgeRouter_DS.pdf actually does a good job of describing it for the ER12.  Not sure where to find it for the X..

Model: ER-12
•  Ports 0-7 can be configured for line-rate Layer 2 switching

But is has nothing about vlan-aware.  The ER5PoE appears to have the same switching capabilities based on the DataSheet.

My point is that the DataSheets were never proofed very well.  I shouldn't be able to find these errors in 5 minutes.

EDIT:  I see the port 0 and 9 applies only to the "PoE" status, not speed/link/activity.  I assume the led at top left of RJ45 port is PoE indicator for in present, out on?  Are the LEDs bipolar green/amber/red to indicate different link speeds?  It claims there is speed indicator, and with only a single led/port for speed/link/activity, color would be the most likely way to display that.

  - you make a good point.  VLAN-aware and switching were presented as an "and/or" which makes for two seperate topics and I wasn't clear which one I was addressing.  As with many topics related to networking, some things are implied and I am going with the assumption that every single port is vlan capable, and therefore aware.   The section I presented was to address switching specifically.  

[edit] a contributing factor to the confusion is the fact that while you can configure a vlan on an eth interface without special terminology, configuring a vlan on a switching interface has the "vlan-aware" configuration item.

Well it seems when sudo su then starting the darkstat service, the darkstat.db will get generated.

simply doing sudo service darkstat start does not.

also tried writing to /tmp with no luck, and also mounted tmpfs to /mnt/darkstat and same issue.

even doing sudo su -c 'service darkstat start' doesn't generate the file.

though it appears to get created upon stopping the service.

What happens if I want to change the length of characters in my pre-shared secret password?  How do I delete the old secret and create a new one.

Will running this command overwrite the old secret and put in the new one without messing up the L2TP config?  I'm on 1.10.8.

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret secret phrase

my bad, bad page break when I copied pasted a few arp tables.

I new to trying to block things and set up fire wall rules, what is the best way to block Youtube?

DNS blocking through your DNS server.  If you have a small network, you can use Pi-Hole.  That is the simplest way. 

I have two VLANs,

VLAN 1 - 192.168.1.0/24

VLAN 10 - 10.0.0.0/24

Currently eth2 is set to untagged pvid 1 but I need to change it to pvid 10 so connected devices would be on VLAN 10. When I do that I still see the connected device on eth2 still getting IP from VLAN 1 instead of VLAN 10 or it's still on that lease .

How do I expire the lease and force it to get new IP from DHCP when connected to eth2? Any steps I should take when changing  pvid on one of the eth ports on switch0 in order to force updating IP?