Hello All,
I have recently acquired a RB-2100 and have been trying to implement it into my home network. I have been taking courses in networking and have my CCNA, but little actual field experience, so i have made my home network into a practice lab. It is over-complicated by design, mostly for the learning experience but i also have 38 active network hosts many of which are media streaming devices i.e. Roku boxes, TiVos, and other networked home theater devices that have caused a huge amount of broadcast traffic. I also have two teenage girls and wish to control their network availability, but mostly because i want to.
Anyway;
Here is my basic layout cable modem to Mikrotik Created Vlans 1,2,3,4,6,7 on eth-2, Set eth-3,4,5 as slaves to eth-2
assigned ip addresses to each Vlan, created DHCP pools and servers for each Vlan. Using default Firewall rules and nat. Deleted Default bridge and bridge ports. eth-3 connects to Cisco 2960 configured for each Vlan, eth-4 connects to WAP configured for vlans. eth-5 connects to Dell 2724 configured for vlans.
eth-10 and 7 have been given an ip addresses on separate sub-nets and connected to computers in the same subnets.
OK All host machines have internet connection, correct ip address for their Vlans, and can ping all of the gateways and hosts on their same subnet/Vlan. Hosts cannot ping other hosts outside of their networks. All networks appear within the routing table, and winbox can ping all hosts. It appears that pings die at their respective gateways and are not forwarded.
I have tried to add static routes, and every thing else that i can think of to no avail. Even two directly connected routes with no Vlans don't work. Most frustrating any help would be appreciated. I have attached printouts of my settings and other items of interest to help anyone who is willing to look into this for me.
-
-
leroycorbid
just joined
- Posts: 8
- Joined:
Cannot route between Vlans or directly connected networks
You do not have the required permissions to view the files attached to this post.
-
-
leroycorbid
just joined
- Posts: 8
- Joined:
Re: Cannot route between Vlans or directly connected network
This seems to be the easiest way to test. You don't have DHCP on eth7 nor eth10. So you can set IP addresses manually:eth-10 and 7 have been given an ip addresses on separate sub-nets and connected to computers in the same subnets.
...
Even two directly connected routes with no Vlans don't work.
- PC7 on eth7: 10.40.11.2 mask 255.255.255.0, gateway 10.40.11.1
- PC10 on eth10: 10.40.10.2 mask 255.255.255.0, gateway 10.40.10.1
Can PC7 ping 10.40.10.1 and PC10 ping 10.40.11.1? They should.
You say that PC7 can't ping PC10 and PC10 can't ping PC7, right? Did you disable firewall on both PCs? By default, on most firewalls, access from other subnet is denied.
-
-
leroycorbid
just joined
- Posts: 8
- Joined:
Cannot route between Vlans or connected networks (Update)
Well After alot of trial and error I thought that I would post my final config.
Turns out that even though i was unable to ping between devices they did have connectivity. Realized this when i noticed that they were logging onto my domain based in the 2.48/28 network(Vlan20). Still had some issues with not being able to access some management interfaces, so I kept on tweaking.
Used a Vlan config based on adding each one to a single physical interface eth-2 and enslaving the rest to it. Problem with this was that my RB-2100 has two separate switches one for gigabyte and one for 10/100 so i either had to lose half of my ports or duplicate my config for each switch.
Change to a Bridged based Vlan config and think that i like it. Took alot of Vlan entries but i have great info for each interface.
Basically added a vlan entry for each vlan id on each interface. Then created a bridge for each vlan id, then I added every all of the vlan entries with common vlan ids to its respective bridge. Then i assigned an address, ip pool, and DHCP server to each bridge. And it seems to work.
here are my print interface outputs
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R eth-1 WAN ... ether 1500 1598 4074 D4:CA:6D:85:D4:D5
1 RS eth-2 Uplink ... ether 1500 1598 4074 D4:CA:6D:85:D4:D6
2 R eth-3 Uplink l... ether 1500 1598 4074 D4:CA:6D:85:D4:D7
3 eth-4 Uplink l... ether 1500 1598 4074 D4:CA:6D:85:D4:D8
4 eth-5 Uplink ... ether 1500 1598 4074 D4:CA:6D:85:D4:D9
5 R eth-6 Uplink l... ether 1500 1598 2028 D4:CA:6D:85:D4:DA
6 eth-7 Uplink l... ether 1500 1598 2028 D4:CA:6D:85:D4:DB
7 eth-8 Uplink ... ether 1500 1598 2028 D4:CA:6D:85:D4:DC
8 eth-9 Uplink ... ether 1500 1598 2028 D4:CA:6D:85:D4:DD
9 S eth-10 Direct Connection Point ether 1500 1598 2028 D4:CA:6D:85:D4:DE
10 RS Admin Vlan... vlan 1500 D4:CA:6D:85:D4:DA
11 RS Admin Vlan... vlan 1500 D4:CA:6D:85:D4:D7
12 RS Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
13 S Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
14 S Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
15 R Admin Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
16 R Guest Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
17 R LACP1 Uplink ... bond 1500 D4:CA:6D:85:D4:D7
18 R LACP2 Uplink ... bond 1500 D4:CA:6D:85:D4:DA
19 R Lies Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
20 R Management Interface bridge 1500 1598 D4:CA:6D:85:D4:D6
21 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:DA
22 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:D7
23 RS Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
24 Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
25 S Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
26 R Media Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
27 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:DA
28 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:D7
29 RS Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
37 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DD
[admin@MikroTik] >
19 R Lies Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
20 R Management Interface bridge 1500 1598 D4:CA:6D:85:D4:D6
21 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:DA
22 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:D7
23 RS Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
24 Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
25 S Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
26 R Media Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
27 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:DA
28 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:D7
29 RS Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
18 Web Of Lies Vlan5 G... 1500 enabled 5 eth-8 Uplink ...
19 Web Of Lies Vlan5 L... 1500 enabled 5 eth-5 Uplink ...
20 Web Of Lies Vlan5 M... 1500 enabled 5 eth-9 Uplink ...
[admin@MikroTik] >
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] >
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] > /ip pool print
# NAME RANGES
0 Direct Connect 10.40.10.3-10.40.10.5
1 Management Pool 10.40.0.14
2 Admin Pool 10.40.2.5-10.40.2.14
3 Servers Pool 10.40.2.55-10.40.2.62
4 Media Pool 10.40.2.100-10.40.2.126
5 Lies Pool 192.168.70.5-192.168.70.30
6 Guest Pool 192.168.71.2-192.168.71.6
[admin@MikroTik] >
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] > /ip pool print
# NAME RANGES
0 Direct Connect 10.40.10.3-10.40.10.5
1 Management Pool 10.40.0.14
2 Admin Pool 10.40.2.5-10.40.2.14
3 Servers Pool 10.40.2.55-10.40.2.62
4 Media Pool 10.40.2.100-10.40.2.126
5 Lies Pool 192.168.70.5-192.168.70.30
6 Guest Pool 192.168.71.2-192.168.71.6
[admin@MikroTik] > /ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 Management DHCP Management Interface Management Pool 30m yes
1 Admin DHCP Admin Interface Admin Pool 3d
2 Servers DHCP Servers Interface Servers Pool 3d
3 Media DHCP Media Interface Media Pool 3d
4 Lies DHCP Lies Interface Lies Pool 3d
5 Guest DHCP Guest ... Guest Pool 30m
[admin@MikroTik] >
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Admin Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="Lies Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
2 R name="Management Interface" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
3 R name="Media Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
4 R name="Servers Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] >
export -- Print or save an export script that can be used to restore configuration
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Admin Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="Lies Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
2 R name="Management Interface" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
3 R name="Media Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 Admin Vlan2 ... Admin Interface 0x80 10 none
1 Admin Vlan2 ... Admin Interface 0x80 10 none
2 Admin Vlan2 ... Admin Interface 0x80 10 none
3 I Admin Vlan2 ... Admin Interface 0x80 10 none
4 I Admin Vlan2 ... Admin Interface 0x80 10 none
5 Servers Vlan3 ... Servers Interface 0x80 10 none
6 Servers Vlan3 ... Servers Interface 0x80 10 none
7 Servers Vlan3 ... Servers Interface 0x80 10 none
8 Media Vlan4 ... Media Interface 0x80 10 none
9 Media Vlan4 ... Media Interface 0x80 10 none
10 Media Vlan4 ... Media Interface 0x80 10 none
11 I Media Vlan4 ... Media Interface 0x80 10 none
12 I Web Of Lies Vlan5 Girls Lies Interface 0x80 10 none
13 Web Of Lies Vlan5 De... Lies Interface 0x80 10 none
14 Web Of Lies Vlan5 En... Lies Interface 0x80 10 none
15 Web Of Lies Vlan5 Ci... Lies Interface 0x80 10 none
16 I eth-10 Direct Connection Point Management Interface 0x80 10 none
17 eth-2 Uplink ... Management Interface 0x80 10 none
[admin@MikroTik] >
Hope this helps someone. If you can offer any advice to improve on my config please do.
Feel free to pm me if you need help with your vlan setups, I think that i have a pretty good grasp on them now.
Thanks LeROy
Turns out that even though i was unable to ping between devices they did have connectivity. Realized this when i noticed that they were logging onto my domain based in the 2.48/28 network(Vlan20). Still had some issues with not being able to access some management interfaces, so I kept on tweaking.
Used a Vlan config based on adding each one to a single physical interface eth-2 and enslaving the rest to it. Problem with this was that my RB-2100 has two separate switches one for gigabyte and one for 10/100 so i either had to lose half of my ports or duplicate my config for each switch.
Change to a Bridged based Vlan config and think that i like it. Took alot of Vlan entries but i have great info for each interface.
Basically added a vlan entry for each vlan id on each interface. Then created a bridge for each vlan id, then I added every all of the vlan entries with common vlan ids to its respective bridge. Then i assigned an address, ip pool, and DHCP server to each bridge. And it seems to work.
here are my print interface outputs
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R eth-1 WAN ... ether 1500 1598 4074 D4:CA:6D:85:D4:D5
1 RS eth-2 Uplink ... ether 1500 1598 4074 D4:CA:6D:85:D4:D6
2 R eth-3 Uplink l... ether 1500 1598 4074 D4:CA:6D:85:D4:D7
3 eth-4 Uplink l... ether 1500 1598 4074 D4:CA:6D:85:D4:D8
4 eth-5 Uplink ... ether 1500 1598 4074 D4:CA:6D:85:D4:D9
5 R eth-6 Uplink l... ether 1500 1598 2028 D4:CA:6D:85:D4:DA
6 eth-7 Uplink l... ether 1500 1598 2028 D4:CA:6D:85:D4:DB
7 eth-8 Uplink ... ether 1500 1598 2028 D4:CA:6D:85:D4:DC
8 eth-9 Uplink ... ether 1500 1598 2028 D4:CA:6D:85:D4:DD
9 S eth-10 Direct Connection Point ether 1500 1598 2028 D4:CA:6D:85:D4:DE
10 RS Admin Vlan... vlan 1500 D4:CA:6D:85:D4:DA
11 RS Admin Vlan... vlan 1500 D4:CA:6D:85:D4:D7
12 RS Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
13 S Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
14 S Admin Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
15 R Admin Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
16 R Guest Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
17 R LACP1 Uplink ... bond 1500 D4:CA:6D:85:D4:D7
18 R LACP2 Uplink ... bond 1500 D4:CA:6D:85:D4:DA
19 R Lies Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
20 R Management Interface bridge 1500 1598 D4:CA:6D:85:D4:D6
21 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:DA
22 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:D7
23 RS Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
24 Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
25 S Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
26 R Media Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
27 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:DA
28 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:D7
29 RS Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
37 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DD
[admin@MikroTik] >
19 R Lies Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
20 R Management Interface bridge 1500 1598 D4:CA:6D:85:D4:D6
21 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:DA
22 RS Media Vlan... vlan 1500 D4:CA:6D:85:D4:D7
23 RS Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
24 Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
25 S Media Vlan... vlan 1500 1594 D4:CA:6D:85:D4:DD
26 R Media Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
27 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:DA
28 RS Servers Vlan... vlan 1500 D4:CA:6D:85:D4:D7
29 RS Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D6
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
18 Web Of Lies Vlan5 G... 1500 enabled 5 eth-8 Uplink ...
19 Web Of Lies Vlan5 L... 1500 enabled 5 eth-5 Uplink ...
20 Web Of Lies Vlan5 M... 1500 enabled 5 eth-9 Uplink ...
[admin@MikroTik] >
30 Servers Vlan... vlan 1500 1594 D4:CA:6D:85:D4:D9
31 R Servers Interface bridge 1500 1594 D4:CA:6D:85:D4:D6
32 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:DA
33 RS Web Of Lies Vlan5 ... vlan 1500 D4:CA:6D:85:D4:D7
34 RS Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D6
35 S Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:DC
36 Web Of Lies Vlan5 ... vlan 1500 1594 D4:CA:6D:85:D4:D9
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] >
Tik] >
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R Admin Vlan2 ... 1500 enabled 2 LACP2 Uplink ...
1 R Admin Vlan2 ... 1500 enabled 2 LACP1 Uplink ...
2 R Admin Vlan2 ... 1500 enabled 2 eth-2 Uplink ...
3 Admin Vlan2 ... 1500 enabled 2 eth-5 Uplink ...
4 Admin Vlan2 ... 1500 enabled 2 eth-9 Uplink ...
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] > /ip pool print
# NAME RANGES
0 Direct Connect 10.40.10.3-10.40.10.5
1 Management Pool 10.40.0.14
2 Admin Pool 10.40.2.5-10.40.2.14
3 Servers Pool 10.40.2.55-10.40.2.62
4 Media Pool 10.40.2.100-10.40.2.126
5 Lies Pool 192.168.70.5-192.168.70.30
6 Guest Pool 192.168.71.2-192.168.71.6
[admin@MikroTik] >
5 R Guest Vlan6 ... 1500 enabled 6 eth-2 Uplink ...
6 R Media Vlan4 ... 1500 enabled 4 LACP2 Uplink ...
7 R Media Vlan4 ... 1500 enabled 4 LACP1 Uplink ...
8 R Media Vlan4 ... 1500 enabled 4 eth-2 Uplink ...
9 Media Vlan4 ... 1500 enabled 4 eth-5 Uplink ...
10 Media Vlan4 ... 1500 enabled 4 eth-9 Uplink ...
11 R Servers Vlan3 ... 1500 enabled 3 LACP2 Uplink ...
12 R Servers Vlan3 ... 1500 enabled 3 LACP1 Uplink ...
13 R Servers Vlan3 ... 1500 enabled 3 eth-2 Uplink ...
14 Servers Vlan3 ... 1500 enabled 3 eth-5 Uplink ...
15 R Web Of Lies Vlan5 C... 1500 enabled 5 LACP2 Uplink ...
16 R Web Of Lies Vlan5 D... 1500 enabled 5 LACP1 Uplink ...
17 R Web Of Lies Vlan5 E... 1500 enabled 5 eth-2 Uplink ...
[admin
@Mikro
Tik] >
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.40.10.1/29 10.40.10.0 eth-10 Direct Connection Point
1 192.168.70.1/27 192.168.70.0 Lies Interface
2 10.40.2.1/28 10.40.2.0 Admin Interface
3 10.40.2.49/28 10.40.2.48 Servers Interface
4 10.40.2.97/27 10.40.2.96 Media Interface
5 192.168.71.1/29 192.168.71.0 Guest Vlan6 EnGenius WAP
6 10.40.0.1/28 10.40.0.0 eth-10 Direct Connection Point
7 D 72.200.80.143/24 72.200.80.0 eth-1 WAN Public interface
[admin@MikroTik] > /ip pool print
# NAME RANGES
0 Direct Connect 10.40.10.3-10.40.10.5
1 Management Pool 10.40.0.14
2 Admin Pool 10.40.2.5-10.40.2.14
3 Servers Pool 10.40.2.55-10.40.2.62
4 Media Pool 10.40.2.100-10.40.2.126
5 Lies Pool 192.168.70.5-192.168.70.30
6 Guest Pool 192.168.71.2-192.168.71.6
[admin@MikroTik] > /ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 Management DHCP Management Interface Management Pool 30m yes
1 Admin DHCP Admin Interface Admin Pool 3d
2 Servers DHCP Servers Interface Servers Pool 3d
3 Media DHCP Media Interface Media Pool 3d
4 Lies DHCP Lies Interface Lies Pool 3d
5 Guest DHCP Guest ... Guest Pool 30m
[admin@MikroTik] >
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Admin Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="Lies Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
2 R name="Management Interface" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
3 R name="Media Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
4 R name="Servers Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] >
export -- Print or save an export script that can be used to restore configuration
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="Admin Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
1 R name="Lies Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
2 R name="Management Interface" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:85:D4:D6
protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
3 R name="Media Interface" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:85:D4:D6 protocol-mode=none
priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin
@Mikro
Tik] >
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 Admin Vlan2 ... Admin Interface 0x80 10 none
1 Admin Vlan2 ... Admin Interface 0x80 10 none
2 Admin Vlan2 ... Admin Interface 0x80 10 none
3 I Admin Vlan2 ... Admin Interface 0x80 10 none
4 I Admin Vlan2 ... Admin Interface 0x80 10 none
5 Servers Vlan3 ... Servers Interface 0x80 10 none
6 Servers Vlan3 ... Servers Interface 0x80 10 none
7 Servers Vlan3 ... Servers Interface 0x80 10 none
8 Media Vlan4 ... Media Interface 0x80 10 none
9 Media Vlan4 ... Media Interface 0x80 10 none
10 Media Vlan4 ... Media Interface 0x80 10 none
11 I Media Vlan4 ... Media Interface 0x80 10 none
12 I Web Of Lies Vlan5 Girls Lies Interface 0x80 10 none
13 Web Of Lies Vlan5 De... Lies Interface 0x80 10 none
14 Web Of Lies Vlan5 En... Lies Interface 0x80 10 none
15 Web Of Lies Vlan5 Ci... Lies Interface 0x80 10 none
16 I eth-10 Direct Connection Point Management Interface 0x80 10 none
17 eth-2 Uplink ... Management Interface 0x80 10 none
[admin@MikroTik] >
Hope this helps someone. If you can offer any advice to improve on my config please do.
Feel free to pm me if you need help with your vlan setups, I think that i have a pretty good grasp on them now.
Thanks LeROy
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: Cannot route between Vlans or directly connected network
If you want to export your config use something like /export compact file=xxxxxxxxxxxxxxxxxxx .