Thank you for your reply. Yes, 3 vlans configured on the mx80, and they inter communicate just fine, though only vlan1 has internet access. 

 

Mx80 port0/2 (lan1 trunk allow all vlans)  -> tp-link switch -> patch bay 

Are there any group policies applied on the VLAN interfaces on the MX?

 

I assume the MX is providing DHCP for all three VLANs?

No group policies affecting any vlans on mx, and yes dhcp is configured for all vlans.

Click on a client that is not working, and then in the bottom left hand corner click on "Show Details".  What do you see?  What is applied to that client?

 

PhillipDAth, Bandwidth unlimited, no layer 3 rules, no layer 7 rules, traffic snapping unlimited voip & video conferencing.

On your MX:

• What are the IP address and subnet configured on each of the three VLANs

On an example client from each VLAN (so give me three answers):

• What is the IP address, subnet mask, default gateway and DNS

 

Vlan1
10.0.0.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan2
10.0.5.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan3
10.10.0.0/24
10.0.0.1 gateway
8.8.8.8 dns

VLAN2 and VLAN3 are not correctly configured.

 

If you have an IP address in the 10.0.5.0/24 subnet you must have a default gateway from that same subnet (such as 10.0.5.1/24).  Ditto for the 10.10.0.0/24 network.

Sorry, very bad very absent minded typo. The correct values I meant to type are as follows.

Vlan1
10.0.0.0/24
10.0.0.1 gateway
8.8.8.8 dns

Vlan2
10.0.5.0/24
10.0.5.1 gateway
8.8.8.8 dns

Vlan3
10.10.0.0/24
10.10.0.1 gateway
8.8.8.8 dns

Then that will be correct, if set up that way.

 

I would advise you to make sure the trunk port on the TP-Link switch is configured correctly.

Can a host in each VLAN ping the MX IP address in that same VLAN?

Yes each host can ping the mx from its own subnet and the mx from the other two subnets by inter communication.

Chris is starting to convince me it may be my tp switch configuration. I was able to assign taggable ports for vlan2 and vlan3. But I'm locked out from modifying vlan1 from untagged to tagged ports. I'll dive deeper into that issue in the morning to see what the issue might be.

Thanks for both your help today. I'll update the thread on the situation as I unravel it. Thanks again.

If you're still unsure if it's the tagging issue a simple packet capture taken from the MX on LAN 1 would be able to prove if that is the case.

Sorry guys, we got hit with a winter storm and have been shut down. As soon as we are back in swing I'll check that switch and update my post. Thanks again for all the help you provide. 

So, what was the issue?

Glad you were able to solve your network issue!

Sweet! I'm glad it worked out

I'd like to thank everyone's assistance on this, you have been great help, and a valuable resource. I needed to configure each switch-port used in the switch-chain, as I was only configuring half the chain. Everything works great now. Is it ok to accept

@PhilipDAth is correct, your VLAN gateway is misconfigured for VLAN 2 and VLAN 3. A gateway must be within the same subnet as the network. The MX84 can be a gateway for multiple VLAN. It creates an interface for each VLAN, which has its own IP address, thus a gateway for that VLAN.

Are you saying you have the following setup:

 

MX80 ---> TP-Link Switch ---> Patch bay?

 

If so, did you confirm the TP-Link switch's port to the MX80 is set up as a dot1q trunk and all vlans allowed?

 

That may be why only vlan 1 is getting internet and the rest not.

Chris_m, all tp ports are set to trunk but the pvid's are set to 1. Also all ports are set to untagged and unselectable to add tagging. Could this be my problem?

For your trunk, adding tagged vlan is basically what vlan you allow on the link. Untagged means they remove the tag when they traverse the port. So if you have untagged on all vlan on that port, then they are losing the VLAN ID after they enter the trunk port. Which is why you could do inter-vlan route still but not go out to the internet since the MX could not return the traffic to the right VLAN.

 

So you want to make sure that the port connecting to the MX84 is "tagged' with the 3 vlans you want. I had a similar experience with Brocade switches. Untagged is best for access/edge ports. So you might have to remove the untagged configuration.