Hi Elliot, I'm not sure if I will get an answer, but I wanted to write you anyway. I see that you are using a L3 physical interface with a defined subnet on the physical interface and a subnet defined on a L3 sub-interface that is tagged with a vlan ID. On my FW config I have eth1/1 for my WAN link (which is a L3 untagged network), eth1/3 through eth1/8 setup as physical L3 interfaces, untagged, untagged sub-interfaces (NOT CHECKED), and then about 6 vlans assigned to L3 sub-interfaces. (I think this is setup much like you based on your above description.) When I enabled the described setup, I failed to recognize that some devices on my network could not handle vlans. I tried to enable a separate, available, physical port to a L3 untagged interface, but it seemed that things wen't haywire and systems were unavailable and not properly working. I'm a little gun shy to make any changes at the moment that could cause this problem as it would involve me driving 60+ miles and a couple hours of downtime that I can't afford to fix the problem. This has been particularly challenging as we've consolidated our networking into two core switches which are trunked together. I've lost access to the management ports on the firewall as they do not support vlan tagging. I can provide a screen shot if that is helpful. Thank you for any help you can provide. There isn't much out there about this.
... View more