Potential subnetting issue with VLAN's and stuck, could use some help/education.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hey all,
I'm new here but I'll try to keep this as short as possible with relevant info. I'm hoping this is simply a "You're dumb, here's why this isn't working" thing.
I came from a Fortinet environment which had a very different mentality and functionality; it was a pretty neat firewall but I'm new to Omada and trying to figure things out myself and running into bizarre issues.
My network is pretty simple:
Internet > ER8411 > SG3210-XHP-M2 > EAP670
I do have a software Omada Controller with everything adopted, but other than the VLAN's outlined below, and the AP SSID's, it's stright default. (No ACL's, etc.)
Attached to the switch, I have a bunch of Proxmox servers with VLAN-aware VM's/CT's.
I have 5 VLAN's:
VLAN 1 - LAN (192.168.0.1/24)
VLAN 20 - Servers LAN (192.168.3.1/24)
VLAN 30 - Home LAN (10.1.30.1/24)
VLAN 40 - IoT LAN (10.1.40.1/24)
VLAN 50 - Guest LAN (10.1.50.1/24, with guest isolation)
Here's where the weirdness happens.
My admin PC is attached to the switch, gets a 192.168.0.x IP just fine. I can ping devices in the IoT VLAN, the Home VLAN, and the LAN VLAN. What I CANNOT do is ping anything in VLAN 20 which is the Servers VLAN.
Without changing my switch port, I manually change my PC's IP to something in the 192.168.3.x range, and suddenly I can ping and access the Server hosts just fine (Which are 192.168.3.200-205) but I lose internet, and can no longer ping anything in the other VLANs.
I've also noticed that the servers themselves also have no internet. They won't even ping the gateway 192.168.3.1 which was configured in the VLAN exactly the same as all other VLANs. There's nothing 'unique' about it other than the fact that it shares the first 2 octets of the admin IP Address. It's just like everything in that IP range has no route to any hosts whatsoever, other than each other. (A 192.168.3.200 server can ping and access every other server in the same subnet and same VLAN, but no internet nor gateway access, though the gateway CAN be accessed from the administrator VLAN)
I would initially go to "Oh, it's just subnetting issues" except everything is 255.255.255.0 (/24) so, to my mind, it shoudn't matter whatsoever that the first two octets are the same in the LAN/Management LAN.
I haven't tried (yet) to create a different VLAN as a test in the 192.168.99.1 range and assign a VM to it to see if I can ping it or not. I may also consider doing a 192.10.1.1 or something with a wider scope as a test to see where things stop working... But that's where I've gotten so far.
Is there something in particular that is obviously 'wrong' with my thinking here? What am I missing?
I had the exact same setup with the Fortinet and everything worked just fine, but I realize it was more of a firewall and had NAT between VLAN's so it was a bit different.
I hope this is a clear enough explanation, and might be able to nudge me in the right direction where I'm going wrong.
