Vlan

Paestum

On the UAG4100 I created a VLAN 400, IP 172.14.0.1 with static ip I connected two DVRs that ping each other is ok, but they don't have internet access, I tried pinging the two DVRs directly from the UAG4100 and it doesn't go

Alfonso

Hi @Paestum

Welcome to the Zyxel forum. I hope you feel ok with us.

As your two DVR are reachable from each other, it is a great step.

Please verify DVRs are on the same UAG4100 subnet (layer 3).

I suggest to configure a laptop on VLAN400 and verify if it can see Zyxel arp, if it does, the problem looks to a firewall configuration, if it does not ... maybe we need further information to hel you,

Keep in mind that the selected address (172.14.0.1/XX) is not a private network.

Current private network following RFC 1918 are:

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Regards

Zyxel_Cooldia

Hi @Paestum ,

Welcome to Zyxel community. 😎

You can capture packets on VLAN400 interface, if there is no any DVRs packets/ARP coming up to VLAN400 interface. 

You may check downlink switch VLAN configuration first.

Packets capture:

Router# packet-trace interface VLAN 400 extension-filter -e –n

Show arp:

Router# show arp-table

Paestum

https://businessforum.zyxel.com/discussion/comment/8782#Comment_8782

30 packets captured

60 packets received by filter

0 packets dropped by kernel

Zyxel_Cooldia

Hi @Paestum

I would suggest to use laptop troubleshooting first. 

Put a laptop on vlan400, if the laptop also cannot get Internet access, try to ping UAG4100 vlan interface IP from laptop, if it is unable ping to UAG vlan400 interface IP, check this issue on lan side.

If it can ping to UAG vlan400 interface IP, check UAG4100 firewall rule, make sure it have security policy to allow traffic from vlan400 to wan.

 

CLI

Show ARP: diagnostic for layer 2 issue.

Router# show arp-table

 

Disable firewall: By disable firewall, you can check if the issue is coming from security policy. 

Router(config)# no firewall activate