How to create a route from a Device (MBP) to a different VLAN so you can see the and interact with the devices on the other VLAN
I have a VLAN on 192.168.8.0, 192.168.11.0, and 192.168.12.0
My main LAN is 192.168.8.1 the MBP is on 192.168.8.220
I have a camera server and cameras on 192.168.12.25-240
How can I make the the VLAN 192.168.12.1 visible and usable to the MBP
I am using all Ubiquiti product. UDM SE, USW Pro Switches, U6-PRO AP’s, 6 ACM-Pro for bridging between buildings that hard wire to USW-Pro’s in each building. Cameras all work fine but I hate changing the IP of the MBP everytime I want to do something.
This is dropping all packets between the VLANs. Double check on your setup that your states (at the very bottom) match mine. Make sure Match State Established and Match State Related are unchecked.
Now allowing traffic to the other LAN is really easy. Simply create a new firewall rule that allows traffic from your MacBook (or group of IPs) to the security camera network. You will need to make sure that this rule is above the drop intervlan routing rule so it gets allowed.
Once you do this your firewall should allow you to reach the cameras, then because Match State Established and Match State Related are unchecked the cameras will be able to reply to the packets.
It makes total sense. That’s the same configuration I have. But I am not able to see the .11 and .12 Networks. When I ping the networks I get a request timeout and Destination Host Unreachable.
It’s also the first rule that you can move.
Not sure where the hang up is.
Thanks for the assist…
B
So you cannot disable any of the default firewall rules. (maybe some locked setting I am missing)
The only rule editable is the one we created for the MBP to the VLAN.
I cannot even move the rule up or down on the priority list.
In that case you do not have any firewall rules, therefor you should not be blocked.
Is the issue you are having a NAS or something not showing up int your sidebar? Can you ping the actual IP addresses of the things you are trying to see?
Ah, that may be the issue. You should not be just changing the IP to a new VLAN, as you actually have to be on that VLAN to connect. Do you still have the issue with DHCP?
I do not want to connect to the VLAN. I want the MAC address of the MBP or the IP address of the MBP(which is always static) to be able to access the things on the VLAN. I can do it when I VPN in to the system.
so this might be silly, but are all the devices you want to reach using the udmse as the default route?
you should be able to ping your default route and the far side of the router. so if you can give us the results of 192.168.8.220 pinging 192.168.8.1 192.168.11.1 192.168.12.1
