Connections reset due to Source IP and VLAN mismatch

General questions
1

Dear all,

I wish you will be able to help me.
I have the following setup:

3 VLANs:

  • Untag / Native VLAN: 1 on IP 192.168.0.0/24
  • Mgmt: 10 on IP 10.10.0.0/24
  • Restricted: 20 on IP 10.20.0.0/24

Users’ computers we have difficulties with are all on the restricted VLAN (20) and the gateway is the VyOS router #01.

On the VyOS, we have 3 interfaces:

  • eth0, DHCP connected to the 192.168.0.0/24 network => assigned IP: 192.168.0.28
  • eth1, fixed IP 10.20.0.254 on VLAN 20
  • eth2, DHCP connected to the 10.10.0.0/24 network (connected to a cisco router #02 running a DHCP server) => assigned IP: 10.10.0.4 VLAN 10

There is only one rule defined on the VyOS.
It’s a NAT source masquerade from 10.20.0.0/24 to 192.168.0.0/24.

The Cisco router #02 is connected to the internet and has:

  • 2 vlans declared: the 10 and the Native 1.
  • 1 static route subnet 10.20.0.0/24 to 10.10.0.4
  • 1 connection to the 10.10.0.0/24 network and is acting as the DHCP for this network
  • 1 connection to the 192.168.0.0/24 network.

Finally, we have a third router #03 which is also connected to the internet and it’s acting as the gateway for network 192.168.0.0/24.
All computers on the 192.168.0.0/24 network are going out to the internet through this router #03

Note that both routers #02 and #03 are connected to the same ISP modem.

This issue is the following when we try to access the internet from a user PC connected to the VLAN 20 (=> the vyos is the gateway):
Source IP and VLAN mismatch
source_client_ip: 10.10.0.4
source_client_assigned_vlan: 10
last_illegal_ip: 192.168.0.28
last_illegal_ip_mapped_vlan_id: 1

Pinging the internet is working from these PCs but about 40 to 60% packets are dropped.

Two facts:

  • When we remove the Router #03 everything is working well but we have to make it with all 3 routers connected.
  • Before we have added the management VLAN, added the eth2 to the VyOS and connected this interface to the router #02, PCs from VLAN 20 had internet through router #03.

Any idea on what I can do on the VyOS Router to fix this?
Thank you for your help!