Assigned vifs on interface but subnets not assigned to devices tagged with respective vlans

Here’s my config:

set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/29'
set firewall group ipv6-network-group cf-ipv6 network 'xxxx:xxxx::/32'
set firewall group network-group cf-ipv4 network 'xxx.xxx.48.0/20'
set firewall group network-group cf-ipv4 network 'xxx.xxx.244.0/22'
set firewall group network-group cf-ipv4 network 'xxx.xxx.200.0/22'
set firewall group network-group cf-ipv4 network 'xxx.xxx.4.0/22'
set firewall group network-group cf-ipv4 network 'xxx.xxx.64.0/18'
set firewall group network-group cf-ipv4 network 'xxx.xxx.192.0/18'
set firewall group network-group cf-ipv4 network 'xxx.xxx.240.0/20'
set firewall group network-group cf-ipv4 network 'xxx.xxx.96.0/20'
set firewall group network-group cf-ipv4 network 'xxx.xxx.240.0/22'
set firewall group network-group cf-ipv4 network 'xxx.xxx.128.0/17'
set firewall group network-group cf-ipv4 network 'xxx.xxx.0.0/15'
set firewall group network-group cf-ipv4 network 'xxx.xxx.0.0/13'
set firewall group network-group cf-ipv4 network 'xxx.xxx.0.0/14'
set firewall group network-group cf-ipv4 network 'xxx.xxx.0.0/13'
set firewall group network-group cf-ipv4 network 'xxx.xxx.72.0/22'
set firewall ipv6-name EXTERNAL-IN-v6 default-action 'drop'
set firewall ipv6-name EXTERNAL-IN-v6 enable-default-log
set firewall ipv6-name EXTERNAL-IN-v6 rule 10 action 'accept'
set firewall ipv6-name EXTERNAL-IN-v6 rule 10 log 'enable'
set firewall ipv6-name EXTERNAL-IN-v6 rule 10 state established 'enable'
set firewall ipv6-name EXTERNAL-IN-v6 rule 10 state related 'enable'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 action 'accept'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 destination port '80,443'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 log 'enable'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 protocol 'tcp_udp'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 source group network-group 'cf-ipv6'
set firewall ipv6-name EXTERNAL-IN-v6 rule 20 state new 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 default-action 'drop'
set firewall ipv6-name EXTERNAL-LOCAL-v6 enable-default-log
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 10 action 'accept'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 10 log 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 10 state established 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 10 state related 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 20 action 'accept'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 20 icmpv6 type 'echo-request'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 20 log 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 20 protocol 'icmpv6'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 20 state new 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 action 'drop'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 description 'ssh'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 destination port '22'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 log 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 protocol 'tcp'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 recent count '15'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 recent time '60'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 30 state new 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 31 action 'accept'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 31 destination port '22'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 31 log 'enable'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 31 protocol 'tcp'
set firewall ipv6-name EXTERNAL-LOCAL-v6 rule 31 state new 'enable'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name EXTERNAL-IN default-action 'drop'
set firewall name EXTERNAL-IN enable-default-log
set firewall name EXTERNAL-IN rule 10 action 'accept'
set firewall name EXTERNAL-IN rule 10 log 'enable'
set firewall name EXTERNAL-IN rule 10 state established 'enable'
set firewall name EXTERNAL-IN rule 10 state related 'enable'
set firewall name EXTERNAL-IN rule 20 action 'accept'
set firewall name EXTERNAL-IN rule 20 description 'servarr'
set firewall name EXTERNAL-IN rule 20 destination address 'xxx.xxx.69.8'
set firewall name EXTERNAL-IN rule 20 destination port '80,443'
set firewall name EXTERNAL-IN rule 20 log 'enable'
set firewall name EXTERNAL-IN rule 20 protocol 'tcp_udp'
set firewall name EXTERNAL-IN rule 20 source group network-group 'cf-ipv4'
set firewall name EXTERNAL-IN rule 20 state new 'enable'
set firewall name EXTERNAL-IN rule 21 action 'accept'
set firewall name EXTERNAL-IN rule 21 description 'kvm'
set firewall name EXTERNAL-IN rule 21 destination address 'xxx.xxx.69.6'
set firewall name EXTERNAL-IN rule 21 destination port '80,443'
set firewall name EXTERNAL-IN rule 21 log 'enable'
set firewall name EXTERNAL-IN rule 21 protocol 'tcp_udp'
set firewall name EXTERNAL-IN rule 21 source group network-group 'cf-ipv4'
set firewall name EXTERNAL-IN rule 21 state new 'enable'
set firewall name EXTERNAL-IN rule 24 action 'drop'
set firewall name EXTERNAL-IN rule 24 description 'bind'
set firewall name EXTERNAL-IN rule 24 destination address 'xxx.xxx.69.8'
set firewall name EXTERNAL-IN rule 24 destination port '5053'
set firewall name EXTERNAL-IN rule 24 log 'enable'
set firewall name EXTERNAL-IN rule 24 protocol 'tcp_udp'
set firewall name EXTERNAL-IN rule 24 recent count '100'
set firewall name EXTERNAL-IN rule 24 recent time '60'
set firewall name EXTERNAL-IN rule 24 state new 'enable'
set firewall name EXTERNAL-IN rule 25 action 'accept'
set firewall name EXTERNAL-IN rule 25 description 'bind'
set firewall name EXTERNAL-IN rule 25 destination address 'xxx.xxx.69.8'
set firewall name EXTERNAL-IN rule 25 destination port '5053'
set firewall name EXTERNAL-IN rule 25 log 'enable'
set firewall name EXTERNAL-IN rule 25 protocol 'tcp_udp'
set firewall name EXTERNAL-IN rule 25 state new 'enable'
set firewall name EXTERNAL-LOCAL default-action 'drop'
set firewall name EXTERNAL-LOCAL enable-default-log
set firewall name EXTERNAL-LOCAL rule 10 action 'accept'
set firewall name EXTERNAL-LOCAL rule 10 log 'enable'
set firewall name EXTERNAL-LOCAL rule 10 state established 'enable'
set firewall name EXTERNAL-LOCAL rule 10 state related 'enable'
set firewall name EXTERNAL-LOCAL rule 20 action 'accept'
set firewall name EXTERNAL-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name EXTERNAL-LOCAL rule 20 log 'enable'
set firewall name EXTERNAL-LOCAL rule 20 protocol 'icmp'
set firewall name EXTERNAL-LOCAL rule 20 state new 'enable'
set firewall name EXTERNAL-LOCAL rule 30 action 'drop'
set firewall name EXTERNAL-LOCAL rule 30 description 'ssh'
set firewall name EXTERNAL-LOCAL rule 30 destination port '22'
set firewall name EXTERNAL-LOCAL rule 30 log 'enable'
set firewall name EXTERNAL-LOCAL rule 30 protocol 'tcp'
set firewall name EXTERNAL-LOCAL rule 30 recent count '15'
set firewall name EXTERNAL-LOCAL rule 30 recent time '60'
set firewall name EXTERNAL-LOCAL rule 30 state new 'enable'
set firewall name EXTERNAL-LOCAL rule 31 action 'accept'
set firewall name EXTERNAL-LOCAL rule 31 destination port '22'
set firewall name EXTERNAL-LOCAL rule 31 log 'enable'
set firewall name EXTERNAL-LOCAL rule 31 protocol 'tcp'
set firewall name EXTERNAL-LOCAL rule 31 state new 'enable'
set firewall name EXTERNAL-LOCAL rule 40 action 'accept'
set firewall name EXTERNAL-LOCAL rule 40 description 'magic-wan'
set firewall name EXTERNAL-LOCAL rule 40 log 'enable'
set firewall name EXTERNAL-LOCAL rule 40 protocol 'gre'
set firewall name EXTERNAL-LOCAL rule 40 source group network-group 'cf-ipv4'
set firewall name EXTERNAL-LOCAL rule 50 action 'accept'
set firewall name EXTERNAL-LOCAL rule 50 icmp type-name 'echo-reply'
set firewall name EXTERNAL-LOCAL rule 50 log 'enable'
set firewall name EXTERNAL-LOCAL rule 50 protocol 'icmp'
set firewall options interface tun0 adjust-mss '1436'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'EXTERNAL1'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 firewall in ipv6-name 'EXTERNAL-IN-v6'
set interfaces ethernet eth0 firewall in name 'EXTERNAL-IN'
set interfaces ethernet eth0 firewall local ipv6-name 'EXTERNAL-LOCAL-v6'
set interfaces ethernet eth0 firewall local name 'EXTERNAL-LOCAL'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:de'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address 'dhcp'
set interfaces ethernet eth1 description 'EXTERNAL2'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 firewall in ipv6-name 'EXTERNAL-IN-v6'
set interfaces ethernet eth1 firewall in name 'EXTERNAL-IN'
set interfaces ethernet eth1 firewall local ipv6-name 'EXTERNAL-LOCAL-v6'
set interfaces ethernet eth1 firewall local name 'EXTERNAL-LOCAL'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:df'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address 'xxx.xxx.69.1/24'
set interfaces ethernet eth2 description 'INTERNAL1'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:e0'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth2 vif 100 address 'xxx.xxx.70.1/24'
set interfaces ethernet eth2 vif 100 description 'asus'
set interfaces ethernet eth2 vif 200 address 'xxx.xxx.71.1/24'
set interfaces ethernet eth2 vif 200 description 'printer'
set interfaces ethernet eth3 address 'xxx.xxx.73.1/24'
set interfaces ethernet eth3 description 'INTERNAL2'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:e1'
set interfaces ethernet eth3 speed 'auto'
set interfaces loopback lo
set interfaces tunnel tun0 address 'xxx.xxx.72.20/31'
set interfaces tunnel tun0 description 'magic-wan'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 ip source-validation 'loose'
set interfaces tunnel tun0 mtu '1476'
set interfaces tunnel tun0 remote 'xxx.xxx.66.5'
set interfaces tunnel tun0 source-address 'xxx.xxx.189.102'
set load-balancing wan disable-source-nat
set load-balancing wan enable-local-traffic
set load-balancing wan flush-connections
set load-balancing wan interface-health eth0 failure-count '2'
set load-balancing wan interface-health eth0 nexthop 'dhcp'
set load-balancing wan interface-health eth0 success-count '1'
set load-balancing wan interface-health eth0 test 10 resp-time '5'
set load-balancing wan interface-health eth0 test 10 target 'xxx.xxx.8.8'
set load-balancing wan interface-health eth0 test 10 ttl-limit '1'
set load-balancing wan interface-health eth0 test 10 type 'ping'
set load-balancing wan interface-health eth0 test 20 resp-time '5'
set load-balancing wan interface-health eth0 test 20 target 'xxx.xxx.1.1'
set load-balancing wan interface-health eth0 test 20 ttl-limit '1'
set load-balancing wan interface-health eth0 test 20 type 'ping'
set load-balancing wan interface-health eth1 failure-count '2'
set load-balancing wan interface-health eth1 nexthop 'dhcp'
set load-balancing wan interface-health eth1 success-count '1'
set load-balancing wan interface-health eth1 test 10 resp-time '5'
set load-balancing wan interface-health eth1 test 10 target 'xxx.xxx.8.8'
set load-balancing wan interface-health eth1 test 10 ttl-limit '1'
set load-balancing wan interface-health eth1 test 10 type 'ping'
set load-balancing wan interface-health eth1 test 20 resp-time '5'
set load-balancing wan interface-health eth1 test 20 target 'xxx.xxx.1.1'
set load-balancing wan interface-health eth1 test 20 ttl-limit '1'
set load-balancing wan interface-health eth1 test 20 type 'ping'
set load-balancing wan rule 1 failover
set load-balancing wan rule 1 inbound-interface 'eth2'
set load-balancing wan rule 1 interface eth0 weight '10'
set load-balancing wan rule 1 interface eth1 weight '1'
set load-balancing wan rule 1 protocol 'all'
set load-balancing wan sticky-connections inbound
set nat destination rule 10 description 'servarr'
set nat destination rule 10 destination port '80,443'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 log 'enable'
set nat destination rule 10 protocol 'tcp_udp'
set nat destination rule 10 translation address 'xxx.xxx.69.8'
set nat destination rule 11 description 'kvm'
set nat destination rule 11 destination port '2053'
set nat destination rule 11 inbound-interface 'eth0'
set nat destination rule 11 log 'enable'
set nat destination rule 11 protocol 'tcp_udp'
set nat destination rule 11 translation address 'xxx.xxx.69.6'
set nat destination rule 11 translation port '443'
set nat destination rule 12 description 'bind'
set nat destination rule 12 destination port '5053'
set nat destination rule 12 inbound-interface 'eth0'
set nat destination rule 12 protocol 'tcp_udp'
set nat destination rule 12 translation address 'xxx.xxx.69.8'
set nat destination rule 12 translation port '5053'
set nat destination rule 20 description 'servarr-eth1'
set nat destination rule 20 destination port '80,443'
set nat destination rule 20 inbound-interface 'eth1'
set nat destination rule 20 log 'enable'
set nat destination rule 20 protocol 'tcp_udp'
set nat destination rule 20 translation address 'xxx.xxx.69.8'
set nat destination rule 21 description 'kvm-eth1'
set nat destination rule 21 destination port '2053'
set nat destination rule 21 inbound-interface 'eth1'
set nat destination rule 21 log 'enable'
set nat destination rule 21 protocol 'tcp_udp'
set nat destination rule 21 translation address 'xxx.xxx.69.6'
set nat destination rule 21 translation port '443'
set nat destination rule 22 description 'bind-eth1'
set nat destination rule 22 destination port '5053'
set nat destination rule 22 inbound-interface 'eth1'
set nat destination rule 22 protocol 'tcp_udp'
set nat destination rule 22 translation address 'xxx.xxx.69.8'
set nat destination rule 22 translation port '5053'
set nat destination rule 30 description 'servarr'
set nat destination rule 30 destination port '80,443'
set nat destination rule 30 inbound-interface 'bond0'
set nat destination rule 30 log 'enable'
set nat destination rule 30 protocol 'tcp_udp'
set nat destination rule 30 translation address 'xxx.xxx.69.8'
set nat destination rule 31 description 'kvm'
set nat destination rule 31 destination port '2053'
set nat destination rule 31 inbound-interface 'bond0'
set nat destination rule 31 log 'enable'
set nat destination rule 31 protocol 'tcp_udp'
set nat destination rule 31 translation address 'xxx.xxx.69.6'
set nat destination rule 31 translation port '443'
set nat destination rule 32 description 'bind'
set nat destination rule 32 destination port '5053'
set nat destination rule 32 inbound-interface 'bond0'
set nat destination rule 32 protocol 'tcp_udp'
set nat destination rule 32 translation address 'xxx.xxx.69.8'
set nat destination rule 32 translation port '5053'
set nat source rule 100 description 'eth0'
set nat source rule 100 log 'enable'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address 'xxx.xxx.0.0/16'
set nat source rule 100 translation address 'masquerade'
set nat source rule 200 description 'eth1'
set nat source rule 200 log 'enable'
set nat source rule 200 outbound-interface 'eth1'
set nat source rule 200 source address 'xxx.xxx.0.0/16'
set nat source rule 200 translation address 'masquerade'
set policy route inter-vlan enable-default-log
set policy route inter-vlan rule 100 description 'asus-to-printer'
set policy route inter-vlan rule 100 log 'enable'
set policy route inter-vlan rule 100 protocol 'tcp_udp'
set policy route inter-vlan rule 100 set table '200'
set policy route magic-wan enable-default-log
set policy route magic-wan rule 100 description 'magic-wan'
set policy route magic-wan rule 100 log 'enable'
set policy route magic-wan rule 100 protocol 'tcp_udp'
set policy route magic-wan rule 100 set table '100'
set policy route magic-wan rule 100 source address 'xxx.xxx.69.11'
set protocols static table 100 route xxx.xxx.0.0/0 next-hop xxx.xxx.72.21
set protocols static table 200 route xxx.xxx.0.0/0 next-hop xxx.xxx.69.1
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 default-router 'xxx.xxx.69.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 lease '300'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 name-server 'xxx.xxx.69.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 range 0 start 'xxx.xxx.69.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 range 0 stop 'xxx.xxx.69.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:b6'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.6'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:33'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.7'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:64'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.9'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:53'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.8'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:07'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:28'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:c9'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.69.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.69.0/24 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:3e'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 default-router 'xxx.xxx.73.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 lease '300'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 name-server 'xxx.xxx.73.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 range 0 start 'xxx.xxx.73.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.73.0/24 range 0 stop 'xxx.xxx.73.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 default-router 'xxx.xxx.70.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 lease '300'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 name-server 'xxx.xxx.70.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 range 0 start 'xxx.xxx.70.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.70.0/24 range 0 stop 'xxx.xxx.70.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 default-router 'xxx.xxx.71.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 lease '300'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 name-server 'xxx.xxx.71.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 range 0 start 'xxx.xxx.71.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.71.0/24 range 0 stop 'xxx.xxx.71.254'
set service dns forwarding allow-from 'xxx.xxx.0.0/16'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address 'xxx.xxx.69.1'
set service dns forwarding listen-address 'xxx.xxx.70.1'
set service dns forwarding listen-address 'xxx.xxx.71.1'
set service dns forwarding listen-address 'xxx.xxx.73.1'
set service dns forwarding name-server 'xxx.xxx.69.7'
set service ssh disable-password-authentication
set service ssh loglevel 'verbose'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type 'ecdsa-sha2-nistp256'
set system name-server 'xxx.xxx.69.1'
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.8.8'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.5'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.6'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.7'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.1'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.9'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.8'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.4'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.10'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.69.11'
set system sysctl custom net.ipv4.conf.all.accept_local value '1'
set system syslog global facility all level 'all'
set system syslog global facility protocols level 'all'
set system time-zone 'Asia/Singapore'

Switch VLAN config:

ARP:
WindowsTerminal_2022-05-20_13-13-06

Interfaces:
WindowsTerminal_2022-05-20_13-13-16

So it looks like I did everything right but it might not be, what my end goal is to do some policy routes to do inter-vlan routing.

Without details of which interfaces are in which switch ports it is tricky to advise.

However, there is no port with tagged 100 & 200, which would be needed for eth2.


So that’s the switch that’s connected to eth2. port 2 and 5 on the switch should be tagged.

eth0 and eth1 are connected to the ISP

I am not understanding, with apologies. Which switch port is physically connected to eth2? Is the Vyos physical or virtual?

Physical switch port g1 is connected to physical port in vyos, and that’s eth2

The VLANs on g1 need to be “tagged” not “untagged” to operate correctly with vifs in vyos.

so tagged with 100,200, is the pvid needed?

Whilst I am not familiar with the switch, the port needs to tag traffic in VLANs 100 & 200


So I did that and the two interfaces can’t be pinged from the router:
image

There is insufficient information to comment further. My advice would be to capture packets to identify the problem.

Hi @harguna , g2 and g5 are host-facing (access) interfaces to the end-devices? If so, remove tagged vlans from that ports and check once more (keep g1 with tagged vlans as it is configured now).

g2 and g5 are host-facing (access) interfaces to the end-devices

Yep that’s correct, g2 is a WAP, and g5 is my unraid server.

remove tagged vlans from that ports and check once more (keep g1 with tagged vlans as it is configured now)

So I’ve just done this and it didn’t work, so I decided to reboot and now it’s taking up the vlan subnets. When in doubt turn it off and on again I suppose

image