General Questions

Hello.

I tried this setup at home and was unsuccessful in making it work.

I have a Netgate Appliance with 3 Eth interfaces.
I also have an Avaya ERS 4550 L2/L3 Ethernet Routing Switch.

I gave the LAN Interface an ip address in a /30 subnet, 10.10.0.1/30 and the ERS 10.10.0.2/30.

I added static routing rules that state that anything 10.0.0.0/8 lies at 10.10.0.2/30.

The ERS Could ping the M0n0wall and the M0n0wall could ping the ERS via the /30 subnet.
But when a PC in the ERS in the 10.10.10.0/24 pings the M0n0wall in its /30 address, the M0n0wall does to seem to find the route for the ERS.

Could there be an issue in the IP Stack?

I use other routers in front of the ERS at work in much the same setup and I have never had this issue.

When you check the ARP table on the ERS it can obviously see the M0n0wall and pings between them work fine.
The ARP Table on the M0n0wall also show the ERS IP Address at the other side of the correct interface.

My aim is to move all the VLANs I had on the M0n0wall down to the ERS Switch to alleviate traffic congestion at the M0n0wall when there are large transfers in the various VLANs.

Any suggestions would be greatly appreciated.

If you gave m0n0wall a static rout, and included the local subnet in that summery route, you will get unexpected behavior.  There is a hidden page, status.php and that prints a lot of variables, including the routing table.  I bet yours is somewhat broken.

Thanks I will look into that.

Ok, so the solution is that in the firewall rules for the LAN interface, you have to add the same rules for allowing traffic through the lan if to all the summary subnets that reside beyond the LAN if.
You also have to create static routes to the summary subnets via the lan if ip address of the ERS Switch.

What was holding the traffic was the Firewall rules.
Once the firewall rules were in place, any subnets inside the ERS VLANs can ping Mono Wall and get its traffic through.

Good find!