I am trying to do something a little unusual with network and I could not get it to work. I THINK I know why not, but want to ask the experts around here if what I want to do is even possible.
I have read enough to know that the LAN connection on the radio has untagged traffic for "normal" LAN connectivity, and VLAN tagged traffic using VLAN 1 for WAN traffic and VLAN 2 for DTD traffic. I also know that the WAN can be set for either DHCP or a static address. The LAN can either act as a DHCP server, or it can operate in NAT mode with a static address and subnet mask. The two VLANs are fine and IF I am directly connected to the radio, the untagged works fine. Below is an extract from my home LAN drawing with everything unrelated removed. A pdf version is attached (may be easier to read).
The Rocket is connected to port 22 of the Family Room switch. I set the Family Room switch so that untagged traffic from the Rocket is assigned as VLAN 5, and VLANs 1 and 2 are also members of that port. Between port 3 of the Family Room switch and port 1 of the Garage switch is a Gigabit trunk that carries all of my VALNs. Initially I set Router #1 to obtain a DHCP address on VLAN 5 from the Rocket. Router #1 port 4 is a trunk port with eight VLANs on it - including all three from the Rocket. I also set the WAN connection in the Rocket to operate as a DHCP client. In Router #1, I set VLANs 2 and 5 to be DHCP clients and I set up a DHCP server on VLAN 1. The Rocket WAN correctly obtained an address from the router and Router #1 correctly obtained an address on VLAN 5 from the Rocket, so I knew that I had the switches properly transporting. I set up firewall rules in the router to allow traffic from selected IP addresses on my 101 LAN (mainly my family room PC) to reach devices on VLAN 5 and vice versa. Router #1 can successfully ping the Rocket on VLAN 5 - but my Family Room PC can not. Lastly, I can see in Router #1 that there are occasional packets on VLAN 2 from the Rocket with an IP one number higher in the second octet than the IP of the RF mesh.
The intent of all this is that selected computers on VLAN 101 can access the LAN port of the Rocket by way of Router #1. Otherwise, the AREDN LAN will be isolated from everything else on my 101 LAN. The problem I ran into is that the Rocket has no way of knowing that it needs to use Router #1 as a gateway in order to reach allowed devices on the 101 LAN. I also tried setting the LAN to NAT mode with a static IP with the same results. I would think that the solution would be to have the LAN port operate as a DHCP client (including obtaining a gateway address) and presumably operate in NAT mode. I also realize that this may create more problems than is solves and that may involve things that this newbie has not thought of...
My fallback if I really can't get this to work, is to install a second LAN port into my family room PC that lives on VLAN 5. The down side of that is that only the family room can do that.
Hopefully I got all the typos out of this and did not leave too many details out....
73
Jim
I have read enough to know that the LAN connection on the radio has untagged traffic for "normal" LAN connectivity, and VLAN tagged traffic using VLAN 1 for WAN traffic and VLAN 2 for DTD traffic. I also know that the WAN can be set for either DHCP or a static address. The LAN can either act as a DHCP server, or it can operate in NAT mode with a static address and subnet mask. The two VLANs are fine and IF I am directly connected to the radio, the untagged works fine. Below is an extract from my home LAN drawing with everything unrelated removed. A pdf version is attached (may be easier to read).
The Rocket is connected to port 22 of the Family Room switch. I set the Family Room switch so that untagged traffic from the Rocket is assigned as VLAN 5, and VLANs 1 and 2 are also members of that port. Between port 3 of the Family Room switch and port 1 of the Garage switch is a Gigabit trunk that carries all of my VALNs. Initially I set Router #1 to obtain a DHCP address on VLAN 5 from the Rocket. Router #1 port 4 is a trunk port with eight VLANs on it - including all three from the Rocket. I also set the WAN connection in the Rocket to operate as a DHCP client. In Router #1, I set VLANs 2 and 5 to be DHCP clients and I set up a DHCP server on VLAN 1. The Rocket WAN correctly obtained an address from the router and Router #1 correctly obtained an address on VLAN 5 from the Rocket, so I knew that I had the switches properly transporting. I set up firewall rules in the router to allow traffic from selected IP addresses on my 101 LAN (mainly my family room PC) to reach devices on VLAN 5 and vice versa. Router #1 can successfully ping the Rocket on VLAN 5 - but my Family Room PC can not. Lastly, I can see in Router #1 that there are occasional packets on VLAN 2 from the Rocket with an IP one number higher in the second octet than the IP of the RF mesh.
The intent of all this is that selected computers on VLAN 101 can access the LAN port of the Rocket by way of Router #1. Otherwise, the AREDN LAN will be isolated from everything else on my 101 LAN. The problem I ran into is that the Rocket has no way of knowing that it needs to use Router #1 as a gateway in order to reach allowed devices on the 101 LAN. I also tried setting the LAN to NAT mode with a static IP with the same results. I would think that the solution would be to have the LAN port operate as a DHCP client (including obtaining a gateway address) and presumably operate in NAT mode. I also realize that this may create more problems than is solves and that may involve things that this newbie has not thought of...
My fallback if I really can't get this to work, is to install a second LAN port into my family room PC that lives on VLAN 5. The down side of that is that only the family room can do that.
Hopefully I got all the typos out of this and did not leave too many details out....
73
Jim
File Attachment:
Then all hell broke loose. I use a commercial monitoring service that monitors a bunch of various stuff on my LANs and will tell me if something is not reachable from the internet. Within a short time, my phone started going crazy with lots of stuff failing. Oh crap - what happened. I brought up the IP Routes table in the router and quickly saw my problem. The router's DHCP Client has an option that defaults to Yes called "Add default Route: Yes or No" . When the DHCP Client obtained an address from the Rocket it also added a route to the Route table for 0.0.0.0/0 with the gateway being VLAN 5 - OOPS! Turned off the VLAN 5 interface and manually killed that route and everything came back up. Changed the "Add Default Route" Option to No and re-enabled the VLAN 5 interface. Now I have an entry in the route table for 10.55.171.208/29 by way of VLAN 5 and I can communicate with the rest of the world via my Spectrum internet connection and with my Rocket by way of VLAN 5. Much better. I am suspecting down the road that I will need to manually expand that in order to access other stuff on the AREDN network, but I can do that when I need to.