I know this have been covered many times, however, I can connect to some devices but not others on my CRS112. If I am in the same vlan I can talk to all devices within it, but when I cross between vlans on the same bridge group, I can ping laptops, but not cameras. Setup below
So as long as I plug all devices into ports 2,4,6,8 I can communicate as expected. When I use ether1 for my laptop I (which is on the LAN-BRIDGE [10.54.9.0]) I cannot ping the camera plugged into ether2 which is vlan 20. Yet, I can plug a second laptop into ether2 or 4,6, or 8 and ping between the two networks. Can someone direct me to what I am doing wrong? I have tried two different cameras.
You have some vlan10 configurations disabled as explained by @sindy above, i’ll assume you’ve done that intentionally since it isn’t working and continue to what i think is the issue.
You are translating the customer-vid=0 (untagged traffic) from ether8 to vlan10 and 20 how is that done, based on what? which devices are going into which vlan? To be honest i don’t see how that could work, I think you either have to tag both vlans coming into ether8 and remove ingrees-translation for that port or do a hybrid port.
also do the following and test connection to vlan20:
remove all rules in
I have tried removing all the egress translations but no difference. Now connecting my laptop to port 8, I get the 10 vlan with a 10 ip address so I assume that is working correctly. Same with ether2,4,6 I get a 20 vlan address. Therefore I think it is setup pretty close, I just cannot understand why pinging to another laptop works but not with the cameras [Between ports 8 and 2,4,6]. I have doubled check ip configs on all devices to make sure the gateways were good.
If all the devices get IP addresses via DHCP and each device can ping the gateway IP in its subnet (10.54.x0.254), it normally would have to be the firewall rules what blocks the inter-VLAN routing.
But do I get you right that a notebook connected to VLAN 10 can talk to another notebook connected to VLAN 20 but not to a camera in VLAN 20? If so, you may not be aware that most Windows network drivers strip the VLAN headers of received frames by default, so it may be that untagging doesn’t work properly which this feature of Windows hides, but the cameras’ drivers don’t have this “feature” so they ignore tagged frames.
I have no experience with CRS so I don’t know whether the retagging works the way you expect it to work and why service tag is specified as part of the egress rule at all. One thing is to replace one VID by another VID on ingress and egress, another one is to add another tag where you receive tagged frames from a customer and add another tag to each of them so that you could connect two customer’s sites by a single service VLAN and transport the “normal” VLANs transparently between them.
Maybe i got mixed up in translation. On this config did you remove everything from egress-vlan-tag and remove from ingress-vlan-translation the vlan20? Then you will with certainty have access to vlan10 from bridge. if you want vlan20 to work you must tag it on the device connected to ether8 and add ether8 to switch vlan number 20. So in ether8 you will have hybrid port. vlan10 untagged vlan20 tagged.