Vlans just wont in this config

himurae · October 15, 2023, 5:54pm

i cant seem to get vlan to work ,the moment i give the vlans a address it breaks the internet,i need vlan 10 and 20 from eth1 in addition to native lan

set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:c0'
set interfaces ethernet eth1 address 'xxx.xxx.5.1/24'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:be'
set interfaces ethernet eth1 vif 10
set interfaces ethernet eth1 vif 20
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:bf'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:c1'
set interfaces loopback lo
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address 'xxx.xxx.5.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address 'xxx.xxx.10.0/24'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 outbound-interface 'eth0'
set nat source rule 120 source address 'xxx.xxx.20.0/24'
set nat source rule 120 translation address 'masquerade'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 default-router 'xxx.xxx.5.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 name-server 'xxx.xxx.5.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 range 0 start 'xxx.xxx.5.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.5.0/24 range 0 stop 'xxx.xxx.5.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 name-server 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.254'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 default-router 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 name-server 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 start 'xxx.xxx.20.10'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 stop 'xxx.xxx.20.254'
set service dns forwarding allow-from 'xxx.xxx.5.0/24'
set service dns forwarding allow-from 'xxx.xxx.10.0/24'
set service dns forwarding allow-from 'xxx.xxx.20.0/24'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address 'xxx.xxx.5.1'
set service dns forwarding listen-address 'xxx.xxx.20.1'
set service dns forwarding listen-address 'xxx.xxx.10.1'
set service dns forwarding name-server xxx.xxx.0.1
set service dns forwarding name-server xxx.xxx.1.1
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0'
set service ntp allow-client xxxxxx '::/0'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'

My config looks like this

ethernet eth0 {
         address dhcp
         duplex auto
         hw-id xx:xx:xx:xx:xx:c0
     }
     ethernet eth1 {
         address xxx.xxx.5.1/24
         hw-id xx:xx:xx:xx:xx:be
         vif 10 {
         }
         vif 20 {
         }
     }
     ethernet eth2 {
         hw-id xx:xx:xx:xx:xx:bf
     }
     ethernet eth3 {
         hw-id xx:xx:xx:xx:xx:c1
     }
     loopback lo {
     }
 }
 nat {
     source {
         rule 100 {
             outbound-interface eth0
             source {
                 address xxx.xxx.5.0/24
             }
             translation {
                 address masquerade
             }
         }
         rule 110 {
             outbound-interface eth0
             source {
                 address xxx.xxx.10.0/24
             }
             translation {
                 address masquerade
             }
         }
         rule 120 {
             outbound-interface eth0
             source {
                 address xxx.xxx.20.0/24
             }
             translation {
                 address masquerade
             }
         }
     }
 }
 service {
     dhcp-server {
         shared-network-name xxxxxx {
             subnet xxx.xxx.5.0/24 {
                 default-router xxx.xxx.5.1
                 domain-name xxxxxx
                 lease 86400
                 name-server xxx.xxx.5.1
                 range 0 {
                     start xxx.xxx.5.10
                     stop xxx.xxx.5.254
                 }
             }
         }
         shared-network-name xxxxxx {
             subnet xxx.xxx.10.0/24 {
                 default-router xxx.xxx.10.1
                 domain-name xxxxxx
                 lease 86400
                 name-server xxx.xxx.10.1
                 range 0 {
                     start xxx.xxx.10.10
                     stop xxx.xxx.10.254
                 }
             }
         }
         shared-network-name xxxxxx {
             subnet xxx.xxx.20.0/24 {
                 default-router xxx.xxx.20.1
                 domain-name xxxxxx
                 lease 86400
                 name-server xxx.xxx.20.1
                 range 0 {
                     start xxx.xxx.20.10
                     stop xxx.xxx.20.254
                 }
             }
         }
     }
     dns {
         forwarding {
             allow-from xxx.xxx.5.0/24
             allow-from xxx.xxx.10.0/24
             allow-from xxx.xxx.20.0/24
             cache-size 0
             listen-address xxx.xxx.5.1
             listen-address xxx.xxx.20.1
             listen-address xxx.xxx.10.1
             name-server xxx.xxx.0.1 {
             }
             name-server xxx.xxx.1.1 {
             }
         }
     }
     ntp {
         allow-client xxxxxx
             address xxx.xxx.0.0/0
             address ::/0
         }
         server xxxxx.tld {
         }
         server xxxxx.tld {
         }
         server xxxxx.tld {
         }
     }
     ssh {
         port 22
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     conntrack {
         modules {
             ftp
             h323
             nfs
             pptp
             sip
             sqlnet
             tftp
         }
     }
     console {
         device ttyS0 {
             speed 115200
         }
     }
     host-name xxxxxx
     login {
         user xxxxxx {
             authentication {
                 encrypted-password xxxxxx
                 plaintext-password xxxxxx
             }
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility local7 {
                 level debug
             }
         }
     }
 }

If i give these commands it breaks the internet
set interfaces ethernet eth1 vif 10 address ‘10.xxx.10.1/24’
set interfaces ethernet eth1 vif 20 address ‘10.xxx.20.1/24’
Can some one help

a.srividya · October 16, 2023, 6:24am

Can you share the following details:

-VyOS Version : show version

Check nat translation : show nat source translations
Take tcpdump on the interfaces to check for packets

himurae · October 16, 2023, 1:14pm

its fine i just tried it in a new location and it worked thanks sri all is good now and i love vyos

himurae · October 18, 2023, 4:14am

I think the reason was the wan ip range was also same as one of the vlan ip range maybe it creates issues

Apachez · October 18, 2023, 4:41am

Yes, unless using VRF (and in Linux environments also NETNS) having two interfaces going for the same IP-range is a bad thing aka IP collission.

system · November 17, 2023, 4:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.