dpurgert wrote:Okay, you've got a few things wrong in the ER Config still.
Interfaces / directly connected networks:
ethernet eth1 { address 10.142.0.1/16This shouldn't be in your routing table :
route 10.142.0.0/16 { next-hop 10.142.0.3 { } }This network is directly connected to the ER, and will be accessed by L2 (Ethernet Frames / MAC addresses). You cannot create a static L3 route to it through another device.
You've got this a bit wonky - the ER already knows how to do VLANs. I don't really understand why you're treating it as non-VLAN Aware?
interface 0/7 bandwidth 1000000 description 'PegasusNET EdgeRouter WAN Uplink' vlan pvid 1121 vlan participation exclude 2000,2100,2200,2300,2400 vlan participation include 1121Only other thing I'm seeing is that nearly every port is set to exclude all the VLANs -- you're not really going to get very far with that (though, I also don't understand your layout / needs, so there is that).
The reason why I have been treating the EdgeRouter as a non-VLAN aware device was because at the moment I was looking for the quickest route to connectivity and would circle back around to it when I had the time (I did mention it was a new home so the faster these ethernet lines are lit the better). However, with that said it seems that for some reason I keep missing basic concepts that I don't normally miss. Probably to much going on. However, at the end of the day there are four network options I need available:
Option A: Full Internet Connectivity of Specified VLANs (for this scenario, say 2000-2400) and inter-VLAN communications.
Option B: Local Access Connectivity with inter-VLAN communications.
Option C: Local Access Connectivity within the designated VLAN.
Option D: Full Internet Connectivity of Specified VLANs and inter-VLAN communications across the EdgeRouter, EdgeSwitch and Unifi Switch (as well as the Linksys EA9500 which appears to be aware of the traffic from the EdgeRouter but doesn't appear to be a VLAN aware device). For all intents and purposes, in Option D, the devices need to think they are on the same network.
16again wrote:Indeed the route to network 10.142.0.0/16 isn't necessary. But, these route is worse than similar route from connected network, so this manual route wouldn't be used at all.
@dpurgert,
It's fine to treat the ER as vlan-unaware, and use untagged traffic on link inbetween them.
First time I see edge switch config.... so I do have a fresh look.
Under interface 0/7
remove:routing ip netdir bcastip mtu 1500These commands aren't under int 0/18, which is working as simple untagged port
I didn't even realize 0/7 had configurations applied to it until I browsed to it without looking at the VLAN. After I removed the configurations, VLAN1121 came up and the EdgeSwitch and EdgeRouter begun communicating with each other. Both are now pingable from the other so as long as it's addressed to 10.142.0.3/16 or 10.142.0.1/16. Now it's a matter of getting the other VLANs needing internet access.
For the record, here's the update configuration of both devices.
EdgeSwitch Configuration:
Current Configuration: ! !System Description "EdgeSwitch 24-Port Lite, 1.6.0.4900860, Linux 3.6.5-f4a26ed5, $ !System Software Version "1.6.0.4900860" !System Up Time "1 days 20 hrs 10 mins 8 secs" !Additional Packages QOS,IPv6 Management,Routing !Current SNTP Synchronized Time: Nov 6 03:34:30 2016 UTC ! network protocol none network parms 10.145.0.1 255.255.0.0 10.145.0.1 vlan database vlan 1121,2000,2100,2200,2300,2400 vlan name 1121 "PegasusNET EdgeRouter WAN Uplink" vlan routing 2000 1 vlan routing 2100 2 vlan routing 2200 3 vlan routing 2300 4 vlan routing 2400 5 vlan routing 1121 6 exit ip ssh server enable ip ssh port 11259 sshcon timeout 160 configure sntp client port 123 clock summer-time recurring USA offset 60 clock timezone -7 minutes 0 zone "PST" ip domain name "globalconnect.lax.uswest.ini.pegasusnet-ix.com" ip name server 10.142.0.1 209.18.47.62 209.18.47.61 10.145.0.1 ip routing line console exit line telnet exit line ssh exit snmp-server sysname "PegasusNET Core Backhaul EdgeSwitch" snmp-server location "PegasusNET Central Telecommunications Nexus" snmp-server contact "PegasusNET Network Authority Global Operations Center" ! interface 0/1 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/2 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/3 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/4 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/5 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/6 description 'GR Auxillary Interface' vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/7 bandwidth 1000000 description 'PegasusNET EdgeRouter WAN Uplink' vlan pvid 1121 vlan participation exclude 2000,2100,2200,2300,2400 vlan participation include 1121 ip mtu 1500 exit interface 0/8 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/9 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/10 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/11 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/12 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/13 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/14 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/15 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/16 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/17 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/18 description 'PegasusNET GR Media Switch' vlan pvid 2000 vlan participation exclude 1121,2100,2200,2300,2400 vlan participation include 2000 exit interface 0/19 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/20 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/21 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/22 description 'PegasusNET Auxiliary Room' vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/23 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/24 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/25 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface 0/26 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 1 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 2 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 3 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 4 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 5 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface lag 6 vlan participation exclude 1121,2000,2100,2200,2300,2400 exit interface vlan 2000 bandwidth 10000 routing ip address 10.146.0.1 255.255.0.0 ip mtu 1500 exit interface vlan 2100 bandwidth 10000 routing ip address 10.147.0.1 255.255.0.0 ip mtu 1500 exit interface vlan 2200 bandwidth 10000 routing ip address 10.149.0.1 255.255.0.0 ip mtu 1500 exit interface vlan 2300 bandwidth 10000 routing ip address 10.151.0.1 255.255.0.0 ip mtu 1500 exit interface vlan 2400 bandwidth 10000 routing ip address 10.152.0.1 255.255.0.0 ip mtu 1500 exit interface vlan 1121 bandwidth 10000 routing ip address 10.142.0.3 255.255.0.0 ip mtu 1500 exit service dhcp ip default-gateway 10.142.0.1 exit
EdgeRouter Configuration:
@ubnt:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface eth2 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length /56
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 10.142.0.1/16
description Local
duplex auto
speed auto
}
ethernet eth2 {
address 10.153.0.1/16
description "Local 2"
duplex auto
speed auto
}
loopback lo {
}
}
protocols {
static {
route 10.145.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 10.146.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 10.147.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 10.149.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 10.151.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 10.152.0.0/16 {
next-hop 10.142.0.3 {
}
}
route 192.168.100.0/24 {
next-hop 192.168.100.1 {
}
}
}
}
service {
dhcp-server {
shared-network-name PegasusNET-Unifi-Global-Access {
subnet 10.153.0.0/16 {
default-router 10.153.0.1
dns-server 10.153.0.1
start 10.153.0.30 {
stop 10.153.255.255
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth2
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "ubnt"
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}Right now
As it stands right now, VLAN1121 can definitely reach the EdgeRouter and vice versa but the EdgeSwitch "somewhat" reaches the internet. What I mean by that is that the EdgeSwitch can ping locations like google.com, verizon.net, and a few other sites but when you try to ping ubnt.com (this site) the destination host is unreachable.
So what it seems like I am going to need assistance with (sadly - these are things I have done before so I don't know why I'm having such a hard time now):
- Getting specified VLANs out to the internet with inter-VLAN communications (i.e. VLAN2000-2400)
- Local VLANs with inter-VLAN communications
- Local VLANs with only Local Communications
All 24 ports are in use but not all 24 ports are "on" yet. 0/7 (VLAN1121) is the WAN Uplink to the EdgeRouter. 0/18 (VLAN2000) is the Great Room Media Switch (a "dumb switch" from TP-Link that does nothing more than passes packets to whatever devices its connected to) which would be great if it could reach the internet. 0/18 (VLAN2000) also happens to be how I have connected this notebook to the EdgeSwitch for configuration.