Hello, I have a RUTx50 router, and I want to give a specific IP address to a device behind a specific physical port.
I believe I should be able to set this up using VLANs, per this example. Getting each port to supply a specific IP address to the device behind it works. To make the example specific, I can get to the point where each port provides the following IP address through DHCP:
port 1: 192.168.2.200
port 2: 192.168.3.200
port 3: 192.168.4.200
port 4: 192.168.5.200
However, I cannot ping one device to the other anymore.
When I read this wiki article, it reads as if the current setup should already work, and additional configuration is only needed to disable communication.
I also tried the solution given in the post called “communication between two lans including one vlan”, but this did not work as well.
Are there any other relevant settings on the router I should check out to make this work? Or can I get to the same desired result (each port a specific IP), but having the final IP addresses all live in 192.168.1.xxx?
Can you expand on what inter-zone forwarding are the correct ones? Because of the tutorial I mentioned above, I assumed the defaults would already make it work.
The image below shows what the defaults give me, where I already see “lan” and “lan1” defined here.
Inter-zone forwarding is used to control access between different firewall zones. In your screenshot, both LAN and LAN1 are part of the same lan zone, and the firewall configuration currently allows traffic from this lan zone, which includes both LAN and LAN1 networks, to be forwarded only to WAN. No other zones are permitted to send traffic to the lan zone. You can modify these settings as needed.
Another important setting is the “Forward” option, which is currently set to “Accept.” This determines how traffic is handled within the same firewall zone. Since both LAN and LAN1 belong to the lan zone, setting “Forward” to “Accept” allows traffic to flow freely between them. If you change it to “Drop” or “Reject,” traffic between LAN and LAN1 will be blocked. This option specifically manages communication within a zone but between different networks inside it.
To troubleshoot your issue, I recommend reviewing the VLAN interfaces you created and checking which firewall zones they are assigned to. You can find this under Network → LAN → Edit your desired interface → Firewall tab.
Yes, it should be fine. Since the interfaces are in the LAN zone and the “forward” option is set to Accept within that zone, traffic should be allowed - unless there are additional traffic rules configured that might be blocking it (but I assume you did not configure any additional traffic rules). If everything is left as default, it should work. This suggests that the issue is likely related to routing.
Are you able to ping each device from the RUTX50? You can test this from the CLI or through the WebUI under System → Maintenance → Troubleshoot → Diagnostics.
Are your devices obtaining their IP addresses and other network settings via DHCP from the RUTX50?
Do you have any other routers or switches in the network, or is it just the RUTX50 with end devices connected via Ethernet cables?
@Ewoud issue might be related to routing. Do your devices receive default gateway via DHCP? If devices have multiple internet sources then RUTX50 must have highest priority metric for default gateway.
@MRK Thank you, this seems to be the issue in the end. When I leave my wifi turned on, the ping command fails. If I turn my wifi off, it succeeds.
Problem is now: how can I set the priority/metric of a gateway higher? Because I’m using dhcp, I cannot specify the ip address of the gateway beforehand (depending on the port, it is 192.168.1/2/3/4.1 )
You’ll have to do metric modification on end-device. An alternative could be pushing specific (static) routes via DHCP option 121, that should work on most up to date end-devices nowadays.
Try to add DHCP option 121 for port 2 (192.168.3.0/24 subnet) and specify the routes which must be reached via Teltonika router (192.168.2.0/24, 192.168.4.0/24, 192.168.5.0/24…).
I think it should look something like this in GUI DHCP server settings.
Fill in subnet which needs to be reached, fill in gateway
Separate all new entries with comma
I don’t know if the syntax is correct, don’t really have a device to test this myself, but that would be one way to control end-devices routing from Teltonika’s perspective. Otherwise you’ll have to set lower metric on all end-devices to prefer Teltonika as the default gateway.
