Hello. I’m a guy that broke the internet.
-
Did you add a gateway on the new VLAN interface?
It shouldn't have one but if you did it may have become the default route.
Make sure the WAN gateway is set as default in System > Routing > Gateways.
If you only have console access run
netstat -rn4to see the routing table. Make sure there is a default route and it's the WAN gateway.Steve
-
[quote]
@stephenw10Did you add a gateway on the new VLAN interface?
Make sure the WAN gateway is set as default in System > Routing > Gateways.
If you only have console access run
netstat -rn4to see the routing table. Make sure there is a default route and it's the WAN gateway.Steve
[/quote]Thank you! That must have been it but I’d like to learn how I messed that up. The vlan didn’t have a gateway designated, to the best of my knowledge. Running the above command showed WAN-mveta0, LAN-mveta1, OPT1-mveta1.69. I reconfigured interface and auto wouldn’t work but manually setting WAN and LAN and deleting OPT1 got me back in business.
Could it have been because I retroactively assigned port 2 as vlan while it was already functioning as a switch for my lan?
-
It could have been if the switch/vlan wasn't properly separating the ports for example.
Hard to say without checking the config at the time.
Steve
-
That's what it was, and still seems to be. I missed changing the vlan tag and members. Suricata was also putting my vpn in time out. So I changed that back to alert only. For now just separating the network is enough to take on.
I'm still confused about whether both members should be tagged or just the root or "5" in the case of the sg2100. I've got 5 tagged and the port listed without the tag as per the netgate guide, but I've seen other guides saying to tag both.
I added a vlan (members 4,5t), wired ethernet via lan port to wan port on a linksys router and set the linksys in bridge mode. Trying to ssh into a pi on that network and only after resetting ssh and burning a new image have I realized that my issue has been my network and not the pi. I could see and ping the pi so I assumed I was on the same network while logged into the wifi on that router. However, today I plugged laptop into lan port on linksys and it tells me I'm on my other ap that I thought should be separate than this network. They share "5", but 4 is removed from the default group and in the vlan members.
Ultimately I just want 3 networks 2 of which are isolated and the other that can access them all.
-
@fnord said in Hello. I’m a guy that broke the internet.:
I've got 5 tagged and the port listed without the tag as per the netgate guide
That's correct if you don't want the VLAN traffic to be tagged outside the SG-2100.
You might have both tagged if you were using another switch to connect other devices onto the VLAN. Or if you had an access point that supports multiple SSIDs via VLANs directly.Post some screenshots of the switch and VLAN config and we can review them.
Steve
-
-
That's the same shot twice
We need to see the Interfaces > VLANs tab.
And the Interfaces > Switches > Ports and VLANs tabs.
-
Of course it would be. Almost posted it a third time too. I appreciate the assistance, btw.
-
Those both look correct. As long as you have VLAN 57 assigned as an interface in Interfaces > Assignment you should be able to use that as port 4 separately.
-
I think this is mostly ironed out after a restart. My connectivity was oddly intermittent prior to that. When I plug in laptop via ethernet directly to my vlan AP it still says I'm on my lan network, but assigns correct IP and I can connect to my pi.
Thanks again for your help!
