Hi
I tried configuring my ER-X SFP for an ISP that uses VLAN tagging. So I went through the wizard, entered the correct VLAN id, and let 'er rip. After the reboot.. no WAN IP. No surprise there since the ISP also needs DHCP option 60 set.
So I added this so that my eth5 looks like this now
ethernet eth5 {
dhcp-options {
default-route update
default-route-distance 210
name-server update
}
duplex auto
speed auto
vif 10 {
address dhcp
description Internet
dhcp-options {
client-option "send dhcp-client-identifier "dslforum.org,Fast5360-sunrise";"
default-route update
default-route-distance 210
name-server update
}
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
}
Note that all those dhcp-options parameters for the vif10 were not there after running the wizard - I added those myself (copying what was configured for eth5 proper).
Then, I got a WAN ip. Yet my PCs kept telling me I had no internet connection. And sure enough.. while I could now look up addresses, I couldn't ping them let alone connect. From the router itself, no problem pinging anything so I knew I had internet.
So I went through the rest of the config and noticed something curious
The nat rule looked like this:
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface eth5
protocol all
type masquerade
}
}Aha! notice the outbound-interface eth5. But my WAN is eth5.10! So I corrected this using the cli, committed, and suddenly my clients could access the internet just fine.
So I think there's an issue in the wizard.. given that my WAN port is eth5.10, everything that refers the WAN port should use eth5.10, not eth5. After all, the firewall rules also are configured on eth5.10, not eth5.