I have a VLAN setup with a trunk separating my WAN and LAN on the same eth0 physical circuit, this circuit is connected to a TP-Link T5-Port Gigabit Ethernet Easy Smart Switch (TL-SG105E). I noticed while pinging either of the 2 devices on the LAN VLAN (eth0 vif 101) that once in a while an ARP request is happening from the Edge I briefly lose ping connectivity. No problems on the WAN VLAN side.
Edge Config:
eth0 is trunk
eth0.100 is WAN
eth0.101 is LAN
computer pinging attached to switch0
VLAN LAN IP range is 192.168.194.1/24
switch0 LAN IP range is 192.168.192.1/24 <-- pinging from here
Switch Config:
Port 1 - Tagged to eth0 on EdgeRouter
Port 2 - Untagged VLAN 100
Port 3-5 - Untagged VLAN 101
So I'll be pinging
Reply from 192.168.194.102: bytes=32 time<1ms TTL=63 Request timed out. Request timed out. Request timed out. Reply from 192.168.194.102: bytes=32 time=5ms TTL=63
Sometimes it will be "destination network unreachable"
Reply from 192.168.192.1: Destination host unreachable. Reply from 192.168.192.1: Destination host unreachable.
Meanwhile a TCP dump shows this at the same time:
15:21:49.149169 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.194.102 tell 192.168.194.1, length 28 15:21:50.141547 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.194.102 tell 192.168.194.1, length 28 15:21:51.141540 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.194.102 tell 192.168.194.1, length 28 15:21:52.150534 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.194.102 tell 192.168.194.1, length 28
When pinging from SSH on the Edge the packets always are fine and I get no loss, etc.
Any idea why this might be happening?
Here's the config
firewall {
all-ping enable
broadcast-ping disable
group {
address-group Uptime_Robot {
address 69.162.124.226
address 69.162.124.227
address 69.162.124.228
address 69.162.124.229
address 69.162.124.230
address 69.162.124.231
address 69.162.124.232
address 69.162.124.233
address 69.162.124.234
address 69.162.124.235
address 69.162.124.236
address 69.162.124.237
address 69.162.124.238
address 46.137.190.132
address 122.248.234.23
address 188.226.183.141
address 178.62.52.237
address 54.79.28.129
address 54.94.142.218
address 104.131.107.63
address 54.67.10.127
address 54.64.67.106
address 159.203.30.41
address 46.101.250.135
}
}
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow PPTP"
destination {
port 1723
}
log enable
protocol tcp
}
rule 3 {
action accept
description "Allow GRE"
log enable
protocol gre
}
rule 4 {
action accept
description "Allow Uptime Robot ICMP"
log disable
protocol icmp
source {
group {
address-group Uptime_Robot
}
}
}
rule 6 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "Garage VLAN Trunk"
duplex auto
poe {
output off
}
speed auto
vif 100 {
address dhcp
description "TWC WAN VLAN"
dhcpv6-pd {
pd 0 {
interface switch0 {
}
prefix-length 64
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
traffic-policy {
out UpStream
}
}
vif 101 {
address 192.168.194.1/24
description "Garage LAN VLAN"
mtu 1500
}
}
ethernet eth1 {
address 192.168.193.1/24
duplex auto
poe {
output off
}
speed auto
}
ethernet eth2 {
description "Switch Uplink"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description "Linen Closet UAP"
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth4 {
description "Family Room UAP"
duplex auto
poe {
output 24v
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.192.1/24
description Switch
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
other-config-flag true
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
switch-port {
interface eth2
interface eth3
interface eth4
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description cam1
forward-to {
address 192.168.192.95
port 80
}
original-port 9015
protocol tcp
}
rule 2 {
description cam2
forward-to {
address 192.168.192.96
port 80
}
original-port 9016
protocol tcp
}
rule 3 {
description rdp
forward-to {
address 192.168.192.10
port 3389
}
original-port 9833
protocol tcp_udp
}
wan-interface eth0.100
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_BR {
authoritative disable
subnet 192.168.192.0/24 {
default-router 192.168.192.1
dns-server 192.168.192.1
dns-server 4.2.2.1
lease 86400
start 192.168.192.100 {
stop 192.168.192.200
}
static-mapping Mikes_XPS {
ip-address 192.168.192.10
mac-address C8:1F:66:AD:1D:68
}
static-mapping iMac {
ip-address 192.168.192.11
mac-address ec:35:86:55:87:2c
}
unifi-controller 208.78.220.137
}
}
shared-network-name LAN_ETH1 {
authoritative disable
subnet 192.168.193.0/24 {
default-router 192.168.193.1
dns-server 192.168.193.1
dns-server 4.2.2.1
lease 86400
start 192.168.193.100 {
stop 192.168.193.200
}
}
}
shared-network-name LAN_VLAN {
authoritative disable
subnet 192.168.194.0/24 {
default-router 192.168.194.1
dns-server 4.2.2.1
dns-server 8.8.8.8
lease 86400
start 192.168.194.100 {
stop 192.168.194.200
}
}
}
}
dns {
dynamic {
interface eth0.100 {
service dyndns {
host-name **
login **
password ****************
server dynupdate.no-ip.com
}
}
}
forwarding {
cache-size 750
listen-on switch0
listen-on eth1
listen-on eth0.101
}
}
gui {
https-port 443
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0.100
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
ubnt-discover {
disable
}
upnp {
listen-on switch0 {
outbound-interface eth0.100
}
}
}
system {
host-name wd-ubnt-em5p
login {
user admin {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
ipsec enable
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
ipv6 {
forwarding enable
pppoe disable
vlan enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
traffic-analysis {
dpi enable
export enable
}
}
traffic-policy {
shaper UpStream {
bandwidth 25mbit
class 10 {
bandwidth 30%
burst 15k
ceiling 100%
description Elastix
match addr {
ip {
source {
address 192.168.192.5/32
}
}
}
priority 7
queue-type fair-queue
}
default {
bandwidth 100%
burst 15k
ceiling 100%
priority 2
queue-type fair-queue
}
description "UpStream QoS policy"
}
}
vpn {
pptp {
remote-access {
authentication {
local-users {
username *********** {
password ****************
}
}
mode local
}
client-ip-pool {
start 192.168.192.240
stop 192.168.192.250
}
dns-servers {
server-1 4.2.2.1
server-2 8.8.8.8
}
mtu 1492
}
}
}