Good morning

I have recently purchased a Vigor 2680n router to provide a multi VLAN network for my private network and 2 x publicly accessible Ubuntu Linux Servers. My network setup is as follows:

WAN :WAN2 Ethernet Connection
LAN1 /Port1: Ip Address = 192.168.0.1 (VLAN0) Main Computer & Putty SSH Terminal IP 192.168.0.2 (Inter-LAN Routing = LAN2 & LAN3)
LAN2 /Port2: Ip Address = 192.168.2.1 (VLAN1) Ubuntu Media Server IP: 192.168.2.2 (Inter-LAN Routing = LAN3)
LAN3 /Port3: Ip Address = 192.168.3.1 (VLAN2) Ubuntu Web Server IP: 192.168.3.2 (No Inter-LAN Routing)
LAN4 /Port4: Ip Address = 192.168.4.1 (VLAN3 Wireless Network Access (No Inter-LAN Routing)
LAN5 /Port5: Ip Address = 192.168.5.1 (VLAN4) Wireless Network Access (No Inter-LAN Routing)

Subnet Mask on each LAN / VLAN 255.255.255.0

Problem:
Using the above Network Design scenario, I can access the WebServer (192.168.3.2 - LAN4 /VLAN3) from LAN1 (VLAN0) via either the browser or by using the Putty SSH terminal. from the Main Computer (192.168.0.2)

I am unable to connect to the Media Server (192.168.2.2 - LAN2/VLAN1) from LAN1 (VLAN0) via either the browser or by using the Putty SSH terminal. from the Main Computer (192.168.0.2)

I have now been trying to resolve this problem for over a week and have completely rebuilt my Media Server however it would appear that no traffic from LAN1 is reaching LAN2, however LAN2 is able to reach LAN3 ok.

Could anyone please advise me on the Best Practice configuration of the Vigor 2860n should be as I am now starting to believe there is a problem with the router?

Is the router being used as the gateway on both networks?

Also I think it would be worth turning off the firewall, to check whether that helps, because that also controls inter-lan routing - maybe if you've got the default rule set to block, it could have that effect. You'd need to make filter rules with the LAN > LAN direction to allow traffic between networks if you do.

Voodle wrote: Is the router being used as the gateway on both networks?

Also I think it would be worth turning off the firewall, to check whether that helps, because that also controls inter-lan routing - maybe if you've got the default rule set to block, it could have that effect. You'd need to make filter rules with the LAN > LAN direction to allow traffic between networks if you do.

Morning Voodle

Well as well as logging this with the DrayTek support who have been looking into this and offering various suggestions, I have tried many workarounds over the last few days.

Yesterday I set a number of filters up in the firewall without any Change. I have the default rule to allow traffic however setup a number of filters to allow traffic between the two IP's and at the advice of Draytek did the same for the Subnets also. What always puzzled me was why I could access one server from the Main computer on a separate VLAN / LAN however couldn't access a second server on a different VLAN /Subnet from the same PC when all the settings were identical? All the Vlans use the "Gateway IP Address" which id the first IP for each respective VLAN / subnet.

Well after I disabled all the security Without Any Change, I thought it maybe the Subnet range /VLAN causing the issue and so I changed the Subnet / IP from 192.168.2.2 to 192.168.5.2

After I changed the Subnet as described above I was able to connect to the Server as expected. Having now go connectivity working I changed it back from 192.168.5.2 to 192.168.2.2 - Once the subnet was reverted back to the 192.168.2.0 range I lost connectivity again.

So the problem appears to be with the 192.168.2.0 Subnet, although how you can have 1 faulty subnet out of 6 I have no idea?

Any thoughts?

That is a bit odd, are each of the subnets using a mask of 255.255.255.0?

Voodle wrote: That is a bit odd, are each of the subnets using a mask of 255.255.255.0?

Hi Voodle

Yes all the Subnet Masks are identical also. I should add that I can connect out from any device on Subnet2 as I have performed Outbound (LAN > Intenet) tests from the Server Console and I have also added another dumb device via the LAN port and that appears to have connected to its relative destination over the WEB. So outbound appears ok, it is only inbound from any other LAN /VLAN that appears unsuccessful.

Like I mentioned earlier, all the settings for the the VLANS are identical in terms of setup and Inter-LAN routing is ticked in the appropriate tables. do you think something else be blocking the Inter-LAN routing other than the Firewall?

Any suggestions would be appreciated.
Gary

Check the load balance / route policies? If it's one of the firmware versions with metrics then that shouldn't have any problem unless the metric is set to a really low value, but if it's one that doesn't have metrics on there, I think updating to 3.7.8 could help - without the metrics, policy route entries over-ride the routing table, that's the only thing other than the firewall that could break routing like that I think.