1.1.8 user - trying 1.4 and having routing issue

bruceg · April 7, 2021, 2:31pm

I have created a simple config with just a handful of VIFs, no routing protocols with a static default gateway. From the CLI I can ping/connect to devices on the internet. If I am connect through a VIF (laptop connected to a switch port in the 802.1q VLAN) I can only ping the default gateway but can not go any further. Same thing happens if I try ti ping from the CLI using the VIF IP address as the source address - the packets die.

Is there something I need to turn on? Has something changed that I’m not aware of on this version?

jack9603301 · April 7, 2021, 2:35pm

Just from what you said, I don’t understand what your problem and configuration are, sorry!

bruceg · April 7, 2021, 2:37pm

I’ll copy the config later when I get back to the office and then post it here

bruceg · April 7, 2021, 3:19pm

Below is a snip from my config. From the command line I can ping the world. Here are the results of my pings:

vyos@sb-02:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=15.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=18.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=20.1 ms
^C
— 8.8.8.8 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 15.531/17.866/20.051/1.854 ms

vyos@sb-02:~$ ping 8.8.8.8 interface 10.25.242.1
PING 8.8.8.8 (8.8.8.8) from 10.25.242.1 : 56(84) bytes of data.
^C
— 8.8.8.8 ping statistics —
3 packets transmitted, 0 received, 100% packet loss, time 29ms

vyos@vyos# show
interfaces {
ethernet eth0 {
hw-id 18:66:da:06:57:33
}
ethernet eth1 {
description “trunk to 3750x-01”
duplex auto
hw-id a0:36:9f:02:63:30
speed auto
vif 240 {
address 10.25.240.1/24
description MANAGEMENT
}
vif 241 {
address 10.25.241.1/24
description “safebound lan”
}
vif 242 {
address 10.25.242.1/24
description “priceline lan”
}
vif 243 {
address 10.25.243.1/24
description cameras
}
}
ethernet eth2 {
hw-id a0:36:9f:02:63:31
}
ethernet eth3 {
hw-id a0:36:9f:02:63:32
}
ethernet eth4 {
address 173.9.181.225/29
hw-id a0:36:9f:02:63:33
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 173.9.181.230 {
}
}
}
}
service {
dhcp-server {
shared-network-name cameras {
authoritative
subnet 10.25.243.0/24 {
default-router 10.25.243.1
dns-server 8.8.8.8
lease 86400
ntp-server 108.59.2.24
range CAMERA-RANGE {
start 10.25.243.33
stop 10.25.243.254
}
}
}
shared-network-name mgmt {
authoritative
subnet 10.25.240.0/24 {
default-router 10.25.240.1
dns-server 8.8.8.8
lease 86400
range MGMT-RANGE {
start 10.25.240.129
stop 10.25.240.254
}
}
}
shared-network-name priceline-lan {
authoritative
subnet 10.25.242.0/24 {
default-router 10.25.242.1
dns-server 8.8.8.8
lease 86400
ntp-server 108.59.2.24
range PRICELINE-RANGE {
start 10.25.242.33
stop 10.25.242.254
}
}
}
shared-network-name safebound-lan {
authoritative
subnet 10.25.241.0/24 {
default-router 10.25.241.1
dns-server 8.8.8.8
lease 86400
ntp-server 108.59.2.24
range SAFEBOUND-RANGE {
start 10.25.241.33
stop 10.25.241.254
}
}
}
}
ssh {
listen-address 10.25.240.1
listen-address 10.25.241.1
listen-address 10.25.242.1
listen-address 10.25.243.1
listen-address 10.25.244.1
listen-address 173.9.181.225
}
}
system {
config-management {
commit-revisions 100
}
console {
[edit]

jack9603301 · April 7, 2021, 3:20pm

Are you a one-armed route?

bruceg · April 7, 2021, 3:24pm

No - you’ll notice that there a 5 interfaces. eth1 is the trunk and eth4 is the outside interface

jack9603301 · April 7, 2021, 3:30pm

You have not configured a bridge or IP, how do you bridge the remaining 4 ports? How to route?

bruceg · April 7, 2021, 3:35pm

A bridge? I would think it wouldn’t need a bridge. I never had to do that with 1.1.8

jack9603301 · April 7, 2021, 3:36pm

Well, I misread it. It seems to work, because IP has been configured

Any questions now?

bruceg · April 7, 2021, 3:44pm

Not sure what you mean??? The config I posted above does not route from any of the networks on the VIF interfaces.

jack9603301 · April 7, 2021, 3:48pm

Hey, let’s see, if there are no configuration errors from the configuration, I suggest directly Ping the specific device and check that everything is OK for each device routing table, sorry

I don’t see any obvious errors in this configuration.

bruceg · April 7, 2021, 3:55pm

My post above with the config also shows the ping attempts

jack9603301 · April 7, 2021, 4:00pm

Just a suggestion: try routing trace on a real device from any VLAN 241 network

I did not find any errors in this configuration file. you can only check it level by level. If necessary, you can capture the traffic packet

Sorry again, based on configuration, I may not be able to help you

bruceg · April 7, 2021, 4:11pm

I have done that with the same result.

c-po · April 7, 2021, 4:13pm

I see no NAT configuration above, that is why there is no connection from your LAN to WAN.

jack9603301 · April 7, 2021, 4:16pm

I can’t believe I didn’t think of NAT. Maybe that’s the answer.

bruceg · April 7, 2021, 4:36pm

Well Jack, I can’t believe it either )) Thanks for the help and you too c-po