Hi,

I have a new RB2011UiAS and am trying to setup 2 separate VLANs on the first switch (ports 1 to 5). The purpose of these is to securely link 2 networks with a routerboard in between them.

If I give vlan #1 a VLAN-ID of 1, then I can successfully send arp requests to hosts on the other side of the connection. As soon as I change the VLAN-ID to anything else (2, 3, 21...) it doesn't work anymore. Changing it back causes it to work.

Here is some relevant configs:
[admin@EXTRouter] > interface ethernet print
Flags: X - disabled, R - running, S - slave

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 R ether1... 1500 4C:5E:0C:22:34:66 enabled none switch1
1 RS ether2... 1500 4C:5E:0C:22:34:67 enabled ether1-mirror switch1
2 RS ether3... 1500 4C:5E:0C:22:34:68 enabled ether1-mirror switch1
3 RS ether4... 1500 4C:5E:0C:22:34:69 enabled ether1-mirror switch1
4 S ether5... 1500 4C:5E:0C:22:34:6A enabled ether1-mirror switch1
(chopped off the other irrelevant ports)

[admin@EXTRouter] > interface ethernet switch vlan print
Flags: X - disabled, I - invalid

SWITCH VLAN-ID PORTS

0 switch1 10 ether4-cc-lan
ether5-cc-fw
1 switch1 21 ether2-pr-lan
ether3-pr-fw

[admin@EXTRouter] > interface ethernet switch port print
Flags: I - invalid

NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID

0 sfp1 switch1 disabled leave-as-is auto
1 ether1-mirror switch1 disabled leave-as-is auto
2 ether2-pr-lan switch1 secure add-if-missing auto
3 ether3-pr-fw switch1 secure add-if-missing auto
4 ether4-cc-lan switch1 secure add-if-missing auto
5 ether5-cc-fw switch1 secure add-if-missing auto
(chopped off the other irrelevant ports)

I don't have any other VLAN's configured except the above 2. Let me know if you need anything else.