I have three vlans setup on the mx80, and they intercommunicate just fine. The problem is I only get internet connectivity on vlan1.
All Lans communicate through a single mx80 port configured to LAN1 trunk with allow all vlans set. Other than experience, what am i missing here to achieve internet across all vlans while still using a single port configuration?
Thanks in advance.
Solved! Go to solution.
Maybe this might work.
MX LAN port - Trunk native vlan 1 allowed vlans , 2 & 3 or all vlans
TP-link port connected to MX - trunk port - pvid 1, tagged 2&3
TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2
TP-link port connected to patch panel that connects to vlan 3 device - pvid 3
Or you can try
MX LAN port connects TP link - Turnk port with native vlan - drop all untagged packets, allowed vlans - 1,2,3
TP-link port connects to MX - Trunk port with tag 1,2,3
TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2
TP-link port connected to patch panel that connects to vlan 3 device - pvid 3
I'm not clear from your description your configuration.
Are you saying you have three VLANs configured on the MX80 - or is something else doing the VLAN routing in your network?
Thank you for your reply. Yes, 3 vlans configured on the mx80, and they inter communicate just fine, though only vlan1 has internet access.
Mx80 port0/2 (lan1 trunk allow all vlans) -> tp-link switch -> patch bay
Are there any group policies applied on the VLAN interfaces on the MX?
I assume the MX is providing DHCP for all three VLANs?
Click on a client that is not working, and then in the bottom left hand corner click on "Show Details". What do you see? What is applied to that client?
On your MX:
On an example client from each VLAN (so give me three answers):
VLAN2 and VLAN3 are not correctly configured.
If you have an IP address in the 10.0.5.0/24 subnet you must have a default gateway from that same subnet (such as 10.0.5.1/24). Ditto for the 10.10.0.0/24 network.
Then that will be correct, if set up that way.
I would advise you to make sure the trunk port on the TP-Link switch is configured correctly.
Can a host in each VLAN ping the MX IP address in that same VLAN?
If you're still unsure if it's the tagging issue a simple packet capture taken from the MX on LAN 1 would be able to prove if that is the case.
Maybe this might work.
MX LAN port - Trunk native vlan 1 allowed vlans , 2 & 3 or all vlans
TP-link port connected to MX - trunk port - pvid 1, tagged 2&3
TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2
TP-link port connected to patch panel that connects to vlan 3 device - pvid 3
Or you can try
MX LAN port connects TP link - Turnk port with native vlan - drop all untagged packets, allowed vlans - 1,2,3
TP-link port connects to MX - Trunk port with tag 1,2,3
TP-link port connected to patch panel that connects to Vlan 2 device - pvid 2
TP-link port connected to patch panel that connects to vlan 3 device - pvid 3
Sorry guys, we got hit with a winter storm and have been shut down. As soon as we are back in swing I'll check that switch and update my post. Thanks again for all the help you provide.
Glad you were able to solve your network issue!
I'd like to thank everyone's assistance on this, you have been great help, and a valuable resource. I needed to configure each switch-port used in the switch-chain, as I was only configuring half the chain. Everything works great now. Is it ok to accept
@PhilipDAth is correct, your VLAN gateway is misconfigured for VLAN 2 and VLAN 3. A gateway must be within the same subnet as the network. The MX84 can be a gateway for multiple VLAN. It creates an interface for each VLAN, which has its own IP address, thus a gateway for that VLAN.
Are you saying you have the following setup:
MX80 ---> TP-Link Switch ---> Patch bay?
If so, did you confirm the TP-Link switch's port to the MX80 is set up as a dot1q trunk and all vlans allowed?
That may be why only vlan 1 is getting internet and the rest not.
For your trunk, adding tagged vlan is basically what vlan you allow on the link. Untagged means they remove the tag when they traverse the port. So if you have untagged on all vlan on that port, then they are losing the VLAN ID after they enter the trunk port. Which is why you could do inter-vlan route still but not go out to the internet since the MX could not return the traffic to the right VLAN.
So you want to make sure that the port connecting to the MX84 is "tagged' with the 3 vlans you want. I had a similar experience with Brocade switches. Untagged is best for access/edge ports. So you might have to remove the untagged configuration.