Static routes not working in this setup unless

Zyxel_Kay

Hi @PeterUK

Thank you for sharing your configuration file.

After reviewing it, we found that this situation is because the WLAN type is set to external. When configured this way, outbound packets are NATed to that interface by default.

As a result, when return traffic hits the second static route, it gets NATed to 192.168.254.1. This means the overall packet flow to the FLEX 200 will be: Internet → 192.168.254.1 instead of the AP IP 192.168.253.1, preventing it from reaching the AP client. This is why you said that the static route is not working.

You have two potential solutions:

1. Set a policy route to allow returning packets to SNAT to NONE, which aligns with your current configuration.
   
2. Change the WLAN type to internal by modifying the configuration as follows:
   /vrf "main" interface ethernet "WLAN" "type" "external" ➡ /vrf "main" interface ethernet "WLAN" "type" "internal"

PeterUK

But now try with Ge6 WLAN as internal and you see you have to set next hop to auto

PM sent with changes

so If I set routing rules to gateway IP to 192.168.254.2 for the return traffic then it works too but my question is should I need this routing rules for return traffic when static routes should/might that care of it?

Zyxel_Kay

Hi @PeterUK

Based on your current configuration, everything appears to be correct, and the overall flow is set to NAT first, then routing. At the moment, we can’t think of any further issues that might arise.

If possible, please also capture packets on ge6 interface.

Zyxel_Kay

Hi @PeterUK

Is there anything else we can help you with regarding this case?

PeterUK

Well I was just unsure about the return traffic needing the routing rule but I guess its just needed when you do two hops instead of one for Static routes to works.

So all good now thanks