Hello Everyone,
I hope I am posting in the most appropriate thread. I've done quite a bit of reading, and a lot of banging my head up against a wall for the last week and a half. I am probably missing something quite obvious, but here is my problem.
Anything connected downstream from the Edge Router X seems to not be able to connect on any VLAN. Below see a diagram of my network.
The Edge Router X has a UniFi AC Lite connected on Eth4, and any device connecting to this AP gets an IP in the correct VLAN and can connect to any other VLAN and the internet.
From Eth1 the Edge Router X is connected to my home's core switch a TP-Link SG3424 (I updated the firmware, so that is not it) on Port 1. I have configured this port as a trunk and member of VLANs 1-4, with VLAN 1 being the PVID. The UniFi AC Lite #2 is connected to Port 12 on the TP-Link. This is also configured as a trunk and a member of VLANs 1-4 with VLAN 1 being the PVID. All other ports on the TP-Link are set as access ports on VLAN 1 (for now). In this configuration nothing is able to communicate connected to the TP-Link. The UniFi AC Lite #2 is not able to be discovered, and a desktop on a access port cannot communicate up stream or to the internet.
Changing the TP-Link ports 1 and 12 back to access ports allow communication to be restored. The UniFi AC Lite #2 is able to be discovered, and broadcasts wireless networks for all 4 VLANs. Anything connecting to this AP will not get an IP addres (because the VLAN info isn't coming through I assume).
If I move the UniFI AC Lite #2 to the Edge Router X, it works like UniFi AC Lite #1 without issue.
So I am guessing there is something I have misconfigured between the Edge Router X, not allowing the VLAN tags to be passed on to the TP-Link. I previously was using the router provided by my ISP and the trunking to the TP-Link worked flawlessly, another reason leading me to believe I have done something incorrect on the Edge Router X.
I have an Edge Router X configured as follows:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mac
poe {
output off
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description Local
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
mtu 1500
switch-port {
interface eth1
interface eth2
interface eth3
interface eth4
}
vif 2 {
address 192.168.2.1/24
description "Home Automation"
mtu 1500
}
vif 3 {
address 192.168.3.1/24
description Entertainment
mtu 1500
}
vif 4 {
address 192.168.4.1/24
description Client
mtu 1500
}
}
}
service {
bcast-relay {
id 1 {
description "Sonos Listener"
interface switch0
interface switch0.3
interface switch0.4
port 1900
}
}
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.9
lease 86400
start 192.168.1.100 {
stop 192.168.1.254
}
}
}
shared-network-name VLAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.1.9
lease 86400
start 192.168.2.100 {
stop 192.168.2.254
}
}
}
shared-network-name VLAN3 {
authoritative disable
subnet 192.168.3.0/24 {
default-router 192.168.3.1
dns-server 192.168.1.9
lease 86400
start 192.168.3.100 {
stop 192.168.3.254
}
}
}
shared-network-name VLAN4 {
authoritative disable
subnet 192.168.4.0/24 {
default-router 192.168.4.1
dns-server 192.168.1.9
lease 86400
start 192.168.4.100 {
stop 192.168.4.254
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
https-port 443
}
mdns {
repeater {
interface switch0.3
interface switch0.4
}
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name XXXXXXXXX
login {
user XXXXXXXXXX {
authentication {
encrypted-password XXX
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}Your assistance is greatly appreciated (my wife really wants the house put back together).