Community discussions

 
User avatar
k6ccc
Member
Member
Topic Author
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Moving a port - what did I miss???

Tue Aug 14, 2018 5:43 am

I have managed to apparently do something stupid. I was moving one of my LANs from port ether3 to ether2 on an RB750r2. This router is being used exclusively as a router - there is no bridge and every port is a different LAN or trunk port with multiple VLANs. Should be simple enough and I've done this before. The LAN is question is what I call my .201 LAN and has addresses in the 192.168.201.0/24 range. The router port connects to a port an a HP 2610-48 managed switch and there are about a half dozen ports on the .201 LAN on that switch. I have done the following:
Moved the IP from ether3 to ether2
Moved the DHCP server from ether3 to ether2
Changed all firewall rules that referenced ether3 to ether2
Moved the Cat-5 cable from physical port ether3 to ether2
The IP route list correctly updated to show ether2 as the gateway for traffic to 192.168.201.0/24 and it shows as "Dynamic", "Active", & "Connected", and the gateway shows "reachable".
If I ping anything on the .201 LAN, I do not get a response. For testing, I created firewall rules in the output chain solely for packet counting for every physical interface plus all VLANs. When I ping from the router to anything on the .201 LAN (either with or without the interface specified), I correctly see packets counting in those output rules. Here's where it gets a little more bizarre. Also for testing, I created firewall rules in the input chain to accept icmp packets on each physical interface and VLAN. At the end of that I created a rule to accept ICMP packet on any interface. In theory, I should never see anything there since there was already an accept rule for every interface. In reality, if I ping known devices on any interface EXCEPT the .201, those rule correctly count which interface the packets were coming in on. When I ping on the .201, the rule for the .201 LAN does NOT count, but the "any interface" rule does count packets. No forward traffic is getting through on the .201 LAN. Fortunately for me, having the .201 LAN down in the router is not really a problem - at least for the short term.
Here is the configuration. I have deleted a bunch of stuff that should be completely un-related, and redacted a few things. I don't think I have eliminated anything that would make this too hard to figure out.
So, what did I miss???? and yes, I'm sure I will loudly yell "DUH" when someone comes up with the answer. As I said before, I have done this several times and it's normally easy...
# aug/12/2018 22:32:02 by RouterOS 6.42.1
# software id = <redacted>
#
# model = RouterBOARD 750 r2
# serial number = 58D<redacted>
/interface ethernet
set [ find default-name=ether1 ] comment="DSL internet" name=\
    E1-p1_DSL_Internet
set [ find default-name=ether2 ] comment="New Main home LAN" name=E2-p3_201
set [ find default-name=ether3 ] comment="OLD Main home LAN" disabled=yes \
    name=E3-p5_OLD_201
set [ find default-name=ether4 ] comment="802.1Q trunk" name=E4-p7_802.1Q
set [ find default-name=ether5 ] comment=".211 Router to router tie" name=\
    "E5 Router to Router tie"
/interface vlan
add comment=".131 E1.31 LAN" interface=E4-p7_802.1Q name=VLAN_131 vlan-id=\
    131
add comment=".202 Public WiFi LAN" interface=E4-p7_802.1Q name=VLAN_202 \
    vlan-id=202
add comment=".203 Private WiFi LAN" interface=E4-p7_802.1Q name=VLAN_203 \
    vlan-id=203
add comment=".204 Cactus" interface=E4-p7_802.1Q name=VLAN_204 vlan-id=204
add comment=".209 HARPUSA LAN" interface=E4-p7_802.1Q name=VLAN_209 vlan-id=\
    209
/interface ethernet switch port
set 1 default-vlan-id=131 vlan-header=add-if-missing vlan-mode=fallback
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity="RB750r2 #1"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=".204 DHCP pool" ranges=192.168.204.100-192.168.204.109
add name=".209 DHCP pool" ranges=192.168.209.100-192.168.209.109
add name=".201 DHCP pool" ranges=192.168.201.100-192.168.201.119
add name=".131 DHCP pool" ranges=192.168.131.100-192.168.131.109
add name=".202 DHCP pool" ranges=192.168.202.100-192.168.202.119
add name=".203 DHCP pool" ranges=192.168.203.100-192.168.203.119
/ip dhcp-server
add address-pool=".204 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_204 lease-time=3h name=".204 DHCP server"
add address-pool=".209 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_209 lease-time=3h name=".209 DHCP server"
add address-pool=".201 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=E2-p3_201 lease-time=3h name=".201 DHCP server"
add address-pool=".131 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_131 lease-time=3h name=".131 DHCP server"
add address-pool=".202 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_202 lease-time=3h name=".202 DHCP server"
add address-pool=".203 DHCP pool" authoritative=after-2sec-delay disabled=no \
    interface=VLAN_203 lease-time=3h name=".203 DHCP server"
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=log
/user group
set read policy="ssh,read,test,winbox,password,web,sniff,romon,tikapp,!local,!\
    telnet,!ftp,!reboot,!write,!policy,!sensitive,!api,!dude"
#error exporting /interface bridge calea
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface ethernet switch vlan
add ports=E2-p3_201 switch=switch1 vlan-id=131
add ports=E2-p3_201 switch=switch1 vlan-id=205
/interface list member
add interface=E2-p3_201 list=discover
add interface=E3-p5_OLD_201 list=discover
add interface=E4-p7_802.1Q list=discover
add interface="E5 Router to Router tie" list=discover
add interface=VLAN_131 list=discover
add interface=VLAN_209 list=discover
add interface=VLAN_202 list=discover
add interface=VLAN_203 list=discover
add list=discover
add interface=E2-p3_201 list=mactel
add interface=E3-p5_OLD_201 list=mactel
add interface=E2-p3_201 list=mac-winbox
add interface=E4-p7_802.1Q list=mactel
add interface=E3-p5_OLD_201 list=mac-winbox
add interface="E5 Router to Router tie" list=mactel
add interface=E4-p7_802.1Q list=mac-winbox
add interface="E5 Router to Router tie" list=mac-winbox
/ip address
add address=208.127.xxx.aa/24 comment="Public IP for .204 LAN" interface=\
    E1-p1_DSL_Internet network=208.127.xxx.0
add address=192.168.209.250/24 interface=VLAN_209 network=192.168.209.0
add address=192.168.201.250/24 interface=E2-p3_201 network=192.168.201.0
add address=192.168.131.250/24 interface=VLAN_131 network=192.168.131.0
add address=208.127.xxx.bb/24 comment="Public IP for .201 LAN" interface=\
    E1-p1_DSL_Internet network=208.127.xxx.0
add address=208.127.xxx.ee/24 comment="Public IP for .209 LAN" interface=\
    E1-p1_DSL_Internet network=208.127.xxx.0
add address=192.168.211.250/24 interface="E5 Router to Router tie" network=\
    192.168.211.0
add address=192.168.1.250/26 comment="For default access to SanDevices cards" \
    interface=VLAN_131 network=192.168.1.192
add address=192.168.204.250/24 interface=VLAN_204 network=192.168.204.0
add address=208.127.xxx.cc/24 comment="Public IP for .202 LAN" interface=\
    E1-p1_DSL_Internet network=208.127.xxx.0
add address=192.168.202.250/24 interface=VLAN_202 network=192.168.202.0
add address=192.168.203.250/24 interface=VLAN_203 network=192.168.203.0
add address=208.127.xxx.dd/24 comment="Public IP for .203 LAN" interface=\
    E1-p1_DSL_Internet network=208.127.xxx.0
add address=192.168.0.99/28 comment="For default access to MikroTik devices" \
    interface=VLAN_131 network=192.168.0.96
add address=192.168.88.250/24 interface=E2-p3_201 network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    E1-p1_DSL_Internet
/ip dhcp-server alert
add disabled=no interface=E3-p5_OLD_201 on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5D
add disabled=no interface=E4-p7_802.1Q on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5E
add disabled=no interface="E5 Router to Router tie" on-alert="DHCP Alert" \
    valid-server=4C:5E:0C:09:69:5F
add disabled=no interface=VLAN_131 on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5C
add disabled=no interface=VLAN_202 on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5C
add disabled=no interface=VLAN_203 on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5C
add disabled=no interface=VLAN_209 on-alert="DHCP Alert" valid-server=\
    4C:5E:0C:09:69:5C
add disabled=no on-alert="DHCP Alert" valid-server=4C:5E:0C:09:69:5C
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.131.0/24 comment=".131 network" dns-server=\
    192.168.131.250,8.8.8.8,4.2.2.1 gateway=192.168.131.250 netmask=24
add address=192.168.201.0/24 comment=".201 network" dns-server=\
    192.168.201.250,8.8.8.8,4.2.2.1 gateway=192.168.201.250 netmask=24
add address=192.168.202.0/24 comment=".202 network" dns-server=\
    192.168.202.250,8.8.8.8,4.2.2.1 gateway=192.168.202.250 netmask=24
add address=192.168.203.0/24 comment=".203 network" dns-server=\
    192.168.203.250,8.8.8.8,4.2.2.3 gateway=192.168.203.250 netmask=24
add address=192.168.204.0/24 comment=".204 network" dns-server=\
    192.168.204.250,8.8.8.8,4.2.2.1 gateway=192.168.204.250 netmask=24
add address=192.168.209.0/24 comment=".209 network" dns-server=\
    192.168.209.250,8.8.8.8,4.2.2.1 gateway=192.168.209.250
/ip dns
set servers=66.51.205.100,66.51.206.100,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
add address=208.127.xxx.bb name=k6ccc.org
/ip firewall address-list
add address=131.107.13.100 list="NTP servers"
add address=64.62.190.177 list="NTP servers"
add address=50.22.155.163 list="NTP servers"
add address=66.51.205.100 comment="DSL Extreme #1" list="DNS servers"
add address=66.51.206.100 comment="DSL Extreme #2" list="DNS servers"
add address=8.8.8.8 comment="Google #2" list="DNS servers"
add address=8.8.4.4 comment="Google #1" list="DNS servers"
/ip firewall filter
add action=jump chain=input comment=\
    "Jump to Attack chain to prevent Port scan and DoS attacks" in-interface=\
    E1-p1_DSL_Internet jump-target=Attack
add action=jump chain=input comment=\
    "Jump to ICMP chain to prevent being ping flooded." in-interface=\
    E1-p1_DSL_Internet jump-target=ICMP protocol=icmp
add action=accept chain=input comment="Allow PING on E2_.201 " in-interface=\
    E2-p3_201 protocol=icmp
add action=accept chain=input comment="Allow PING on E3_.Old-201 " \
    in-interface=E3-p5_OLD_201 protocol=icmp
add action=accept chain=input comment="Allow PING on E4_802.11Q" \
    in-interface=E4-p7_802.1Q protocol=icmp
add action=accept chain=input comment="Allow PING on VLAN-131" in-interface=\
    VLAN_131 protocol=icmp
add action=accept chain=input comment="Allow PING on VLAN-202" in-interface=\
    VLAN_202 protocol=icmp
add action=accept chain=input comment="Allow PING on VLAN-203" in-interface=\
    VLAN_203 protocol=icmp
add action=accept chain=input comment="Allow PING on VLAN-204" in-interface=\
    VLAN_204 protocol=icmp
add action=accept chain=input comment="Allow PING on VLAN-209" in-interface=\
    VLAN_209 protocol=icmp
add action=accept chain=input comment="Allow PING on E5_Router-tie" \
    in-interface="E5 Router to Router tie" protocol=icmp
add action=accept chain=input comment=\
    "Allow PING on all interfaces except internet" in-interface=\
    !E1-p1_DSL_Internet protocol=icmp
add action=accept chain=input comment="Allow broadcast traffic" \
    dst-address-type=broadcast
add action=drop chain=input comment="Drop UPD DNS packets from internet" \
    dst-port=53 in-interface=E1-p1_DSL_Internet protocol=udp
add action=drop chain=input comment="Drop TCP DNS packets from internet" \
    dst-port=53 in-interface=E1-p1_DSL_Internet protocol=tcp
add action=drop chain=input comment=\
    "Drop FTP attempts to router from internet via \"normal\" port 21" \
    dst-port=21 in-interface=E1-p1_DSL_Internet log-prefix="Invalid FTP p21" \
    protocol=tcp
add action=drop chain=input comment=\
    "Drop SSH attempts to router from internet via \"normal\" port 22" \
    dst-port=22 in-interface=E1-p1_DSL_Internet log-prefix="Invalid SSH p22" \
    protocol=tcp
add action=drop chain=input comment=\
    "Drop Telnet attempts to router from internet via \"normal\" port 23" \
    dst-port=23 in-interface=E1-p1_DSL_Internet log-prefix=\
    "Invalid Telnet p23" protocol=tcp
add action=drop chain=input comment=\
    "Drop WinBox attempts to router via \"normal\" port 8291" dst-port=8291 \
    log-prefix="Invalid normal WinBox p8291" protocol=tcp
add action=add-src-to-address-list address-list="Port identification" \
    address-list-timeout=1m chain=input comment=\
    "IP identification port - packet is dropped, but IP is logged." dst-port=\
    64999 log=yes log-prefix="IP identification port" protocol=tcp
add action=accept chain=input comment=\
    "Allow established and related connections to router" connection-state=\
    established,related
add action=drop chain=input comment=\
    "Drop any other input packets that get this far." log-prefix=\
    "Dropped connection"
add action=drop chain=forward comment="Drop invalid packets" \
    connection-state=invalid
add action=accept chain=forward comment=\
    "Allow outbound traffic from .201 to internet" in-interface=E2-p3_201 \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=forward comment=\
    "Allow outbound traffic from .202 to internet" in-interface=VLAN_202 \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=forward comment=\
    "Allow outbound traffic from .203 to internet" in-interface=VLAN_203 \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=forward comment=\
    "Allow outbound traffic from .204 to internet" in-interface=VLAN_204 \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=forward comment=\
    "Allow outbound traffic from .209 to internet" in-interface=VLAN_209 \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=forward comment=\
    "Allow outbound NTP traffic from FPPs to internet" dst-port=123 \
    in-interface=VLAN_131 out-interface=E1-p1_DSL_Internet protocol=udp \
    src-address=192.168.131.81-192.168.131.82
add action=accept chain=forward comment=\
    "Allow outbound traffic from .131 to internet" in-interface=VLAN_131 \
    out-interface=E1-p1_DSL_Internet src-address=\
    192.168.131.81-192.168.131.82
add action=accept chain=forward comment=\
    "Forward established and related connections" connection-state=\
    established,related
add action=accept chain=forward comment=\
    "DNS lookups from IPs in DNS servers list" protocol=udp src-address-list=\
    "DNS servers" src-port=53
add action=drop chain=forward comment=\
    "Drop any forward packets that get this far"
add action=drop chain=Attack comment=\
    "Drop all connections from IPs on the Manual Blacklist" log=yes \
    log-prefix="Manual Blacklist" src-address-list="Manual Blacklist"
add action=drop chain=Attack comment=\
    "Detect and drop TCP port scan connections" protocol=tcp psd=21,3s,3,1
add action=drop chain=Attack comment=\
    "Detect and drop UDP port scan connections" protocol=udp psd=21,3s,3,1
add action=return chain=Attack comment=\
    "Prevent safe IPs from getting tarpitted." src-address-list=Safe
add action=tarpit chain=Attack comment="Suppress DoS attackby tarpitting" \
    connection-limit=3,32 protocol=tcp src-address-list=Black_list
add action=add-src-to-address-list address-list=Black_list \
    address-list-timeout=1d chain=Attack comment="Detect DoS attack" \
    connection-limit=10,32 log=yes log-prefix="Black list" protocol=tcp
add action=return chain=Attack comment="Return from Attack chain"
add action=accept chain=ICMP comment=\
    "Accept ICMP type 0:0 (Echo reply) and limit to 5 packets / sec" \
    icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="Accept ICMP type 3:3 (Destination host u\
    nreachable) and limit to 5 packets / sec" icmp-options=3:3 limit=5,5 \
    protocol=icmp
add action=accept chain=ICMP comment="Accept ICMP type 3:4 (Fragmentation requ\
    ired) and limit to 5 packets / sec" icmp-options=3:4 limit=5,5 protocol=\
    icmp
add action=accept chain=ICMP comment=\
    "Accept ICMP type 8:0 (Echo request) and limit to 5 packets / sec" \
    icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment=\
    "Accept ICMP type 11:0 (Time exceeded) and limit to 5 packets / sec" \
    icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop all other ICMP packets" protocol=\
    icmp
add action=return chain=ICMP comment="Return from ICMP chain"
add action=accept chain=output comment="Only for packet counting" \
    out-interface=E1-p1_DSL_Internet
add action=accept chain=output comment="Only for packet counting" \
    out-interface=VLAN_131
add action=accept chain=output comment="Only for packet counting" \
    out-interface=E2-p3_201
add action=accept chain=output comment="Only for packet counting" \
    out-interface=E2-p3_201
add action=accept chain=output comment="Only for packet counting" \
    out-interface=VLAN_202
add action=accept chain=output comment="Only for packet counting" \
    out-interface=VLAN_203
add action=accept chain=output comment="Only for packet counting" \
    out-interface=VLAN_204
add action=accept chain=output comment="Only for packet counting" \
    out-interface=VLAN_209
add action=accept chain=output comment="Only for packet counting" \
    out-interface="E5 Router to Router tie"
/ip firewall nat
add action=src-nat chain=srcnat comment="Outgoing NAT from .201 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.201.0/24 \
    to-addresses=208.127.xxx.bb
add action=src-nat chain=srcnat comment="Outgoing NAT from .202 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.202.0/24 \
    to-addresses=208.127.xxx.cc
add action=src-nat chain=srcnat comment="Outgoing NAT from .203 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.203.0/24 \
    to-addresses=208.127.xxx.dd
add action=src-nat chain=srcnat comment="Outgoing NAT from .204 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.204.0/24 \
    to-addresses=208.127.xxx.aa
add action=src-nat chain=srcnat comment="Outgoing NAT from .209 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.209.0/24 \
    to-addresses=208.127.xxx.ee
add action=src-nat chain=srcnat comment="Outgoing NAT from .131 LAN" \
    out-interface=E1-p1_DSL_Internet src-address=192.168.131.0/24 \
    to-addresses=208.127.xxx.dd
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add distance=1 gateway=208.127.xxx.zz
add distance=1 dst-address=192.168.101.0/24 gateway=192.168.211.252
add distance=1 dst-address=192.168.102.0/24 gateway=192.168.211.252
add distance=1 dst-address=192.168.103.0/24 gateway=192.168.211.252
add distance=1 dst-address=192.168.104.0/24 gateway=192.168.211.252
add distance=1 dst-address=192.168.105.0/24 gateway=192.168.211.252
/ip service
set telnet disabled=yes
set ftp port=<redacted>
set www port=<redacted>
set ssh port=<redacted>
set api disabled=yes
set winbox port=<redacted>
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name="RB750r2 #2"
/system leds
add interface=VLAN_209 leds=user-led type=interface-activity
/system logging
add disabled=yes topics=e-mail
/system ntp client
set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=50.22.155.163 \
    server-dns-names=""
/system routerboard settings
set silent-boot=no
/tool bandwidth-server
set authenticate=no
/tool e-mail
set address=smtp.gmail.com from="Router #2" password=<redacted> port=587 \
    start-tls=yes user=<redacted>
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set file-name=sniff-test filter-interface=E1-p1_DSL_Internet

Anyone see anything that I missed?
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: Moving a port - what did I miss???

Tue Aug 14, 2018 1:52 pm

I'm not sure how do you want to use vlan 201 on ether2.
  • If it should be a hybrid port where VLAN 201 lives tagless on the wire, you cannot set its default-vlan-id to 131 because in such case tagless ingress frames are tagged with PVID 131.
  • If it should be a pure trunk port where all VLANs live tagged on the wire, or if it should be a hybrid port but you would set its default-vlan-id to 201, an /interface vlan vlan-id=201 interface=E2_p3_201 is missing because in either cases the frames of VLAN 201 will be tagged on the inner side of the port.
  • To have a hybrid port which lets the tagless frames in and keeps them tagless inside, so that you could attach the IP configuration directly to the port, without an intermediate /interface vlan, you have to set default-vlan-id to 0.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
k6ccc
Member
Member
Topic Author
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Moving a port - what did I miss???

Tue Aug 14, 2018 3:41 pm

Thanks for the catch Sindy. Ether2 is not supposed to be a hybrid port at all. It should be all untagged traffic. I’m on a commuter train on my phone right now so I can’t look for a couple hours, but that was likely a leftover from time past. The .131 LAN is currently a VLAN on the 802.1q trunk on port ether4. It may have been on a trunk in an earlier life - but I don’t remember that. I am going to look at the old versions of the LAN drawing when I get to the computer that has the AutoCAD drawings on it to see.



Sent from a $&@#% iPhone using Tapatalk
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
User avatar
k6ccc
Member
Member
Topic Author
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Moving a port - what did I miss???

Tue Aug 14, 2018 5:18 pm

Thanks again Sindy! That was it, and yes, that was a leftover from old times. Confirmed that with an AutoCAD drawing from early last year. As soon as I changed the VLAN switch setting for that port, pings started working, and forwarding traffic started working properly.
As this router is used exclusively as a router, I don't normally do anything with the /switch fields, so had not even looked there... DUH!
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim

Who is online

Users browsing this forum: No registered users and 98 guests