one subnet unreachable from one subnet
one subnet unreachable from one subnet
Dear Community!
I have some strange behavior on a multi-site environment with 2x ER8411, 2x ER7206, OC200, some APs and some SG and TL switches...
Basically relevant for the problem are three sites:
Site 1, my location, everything is "fine" here:
ER8411; 2xWAN (Cable+LTE), 4xLANs (VLAN 1: 192.168.11.1/24; VLAN200: 192.168.200.1/23; VLAN101 192.168.101.1/24; VLAN102: 192.168.102.1/25
"unmanaged" and (non Omada managed) switches, VLANs work fine here
OC200 (WAN reachable, Ports forwarded)
VLAN1 is my Office LAN with servers, printers, clients, VLAN200 is my IoT Stuff and NAS, home WiFi, Cameras and one IP-phone, VLAN101 is a customer preparation LAN, where I set up customers computers, VLAN102 is Guest WiFi.
Site 2. main Office - where the problem shows up
ER8411; 2WAN (xDSL+Fibre), 3 LANs (VLAN 10: 192.168.0.1/24, VLAN 4: 192.168.4.1/24, VLAN5 192.168.5.1/24)
This site is on the list for switch upgrades and better segmentation.
T1600G-28PS v3, T1500G-10PS v2, T1500G10MPS v2 and a bunch of dumb PoE desktop switches for Wifi- and telephony power distribution.
VLAN10 is the Main Network with everything mixed together
1-10 GW+Switches
11-40 WiFi Clients
41-60 IoT Stuff
60-80 Printers
81-100 Servers (windows PDC), NAS, etc.
101-128 Clients
129+130 reserved
131-172 telephony
173-254 reserverd
The other 2 are not yet used
Site 3. Remote Backup-Cellar
ER7206v1: 2WAN (Fibre+LTE), 4 LANS (VLAN152: 192.168.23.1/24, VLAN15: 10.230.112.241/28, VLAN23 192.168.6.1/24, VLAN231: 192.168.55.1/24
SG2210MP V4.2 uplinked on port 8 (all VLANs),
Port 1: A Windows Server in VLAN 23: 192.168.6.10, DC, backup target
Port 5: An important (but not configurable) management device in VLAN15 10.230.112.242
Port 6: PoE Linked EAP610 Outdoor doing Wifi for Cameras and my smartphone, when I am on that site (WiFi VLAN231)…. That simple
There are three other sites (home offices), that don’t have any trouble at all.
NO ACLs, no individual routing (neither on devices nor in omada) no other problems currently.
It is all about that 10.230.112.242 device. A micro-computer for managing power, heating and cooling of the building, accessed via VNC (heating/cooling) and Web (power regulation).
I cannot reach it from where it is needed most: The 192.168.0.1/24 network at site 2.
I can reach it from any other subnet and from 192.168.0.xx, I can ping the 10.230.112.241 gateway, but not that single device…
VPN tunnels are all the same: All networks on both ends
There are tunnels between all sites:
Site1
Tunnel to Site2:
192.168.11.0/24<>192.168.0.0/24
Tunnel to Site3:
192.168.11.0/24<>192.168.6.0/24; 192.168.23.0/24; 10.230.112.240/28
(and Site4, Site5, Site6 (10.124.1.0/25, I mention it because it’s a class A/25 network that works pretty well))
Site2
Tunnel to Site1:
192.168.0.0/24<>192.168.11.0/24
Tunnel to Site3:
192.168.0.0/24<>192.168.6.0/24; 192.168.23.0/24; 10.230.112.240/28
(and Site4, Site5, Site6 (10.124.1.0/25))
Site3
Tunnel to Site1:
192.168.6.0/24; 192.168.23.0/24; 10.230.112.240/28 <>192.168.11.0/24
Tunnel to Site2:
192.168.6.0/24; 192.168.23.0/24; 10.230.112.240/28 <>192.168.0.0/24
No other Tunnels, the Home offices don’t need access here
I tried accessing the device from 192.168.6.0 and 192.168.23.0 (both same site) and 192.168.11.0 (Site 1) and it works. From the 192.168.0.0 subnet I can ping the GW at 10.230.112.241 (which is the 7206 that reports omada control on Port80), but not the device @242.
ANY IDEAS ANYONE?
I know I miss something, but I can't see what. So any help, hint, etc. is very much appreciated! Thank you!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I just came back from Site3...
I tried a lot of different things to be sure and can tell it is a defective / incompatible NIC on the appliance.
I tried different cables with strange results,
I tried connecting to the device directly with three different NICs, without any result,
I tried other (Cisco SMB, D-Link, Netgear) switches with no effort,
I tried the old router with an old cable with "best" results (15% loss, still too much loss for VNC connection or web access)
When I put my notebook to the appliances vlan, I had full access from the server in the other range and via RDP from the other locations. So it definitly is no Omada issue!
Sad but true: the appliance (early B&R x20 PLC) is from 2013, and is no longer supported, neither by the manufacturer nor by its owner/operator (local energy provider). Repair seems impossible, replacement with a new appliance would be about € 5.000,- :(
I probably damaged the NIC somehow during my installation and it was later rapidly degrading. That would explain, why it worked the first day with the old router...Maybe it didn't like to be connected to a PoE Port...
@Clive_A: Thank you so much for your patient help !!!
- Copy Link
- Report Inappropriate Content
Wienumgebung wrote
I just came back from Site3...
I tried a lot of different things to be sure and can tell it is a defective / incompatible NIC on the appliance.
I tried different cables with strange results,
I tried connecting to the device directly with three different NICs, without any result,
I tried other (Cisco SMB, D-Link, Netgear) switches with no effort,
I tried the old router with an old cable with "best" results (15% loss, still too much loss for VNC connection or web access)
When I put my notebook to the appliances vlan, I had full access from the server in the other range and via RDP from the other locations. So it definitly is no Omada issue!
Sad but true: the appliance (early B&R x20 PLC) is from 2013, and is no longer supported, neither by the manufacturer nor by its owner/operator (local energy provider). Repair seems impossible, replacement with a new appliance would be about € 5.000,- :(
I probably damaged the NIC somehow during my installation and it was later rapidly degrading. That would explain, why it worked the first day with the old router...Maybe it didn't like to be connected to a PoE Port...
@Clive_A: Thank you so much for your patient help !!!
Good to know it's not a problem with the Omada issue.
It's wise to try different switches for tests.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 611
Replies: 12
Voters 0
No one has voted for it yet.