Hi, I have the following scenario and I have been having a lot of issues working on the VLAN configuration. I am not sure whether to use switching (I tried using the wiki but with no luck), or bridging (also tried, but lost access to mikrotik on the attempt).
[img]MikrotikSetup.jpg[/img]
Any help will be more than appreciated, just need to know the logic on how to do it so that I can try, but I am not sure how to even begin.
VLAN configuration help
You do not have the required permissions to view the files attached to this post.
Re: VLAN configuration help
I'm writing, wait 5 min
Re: VLAN configuration help
I'll let him post.. but I would use the switch chip for most of that. It will be faster.I'm writing, wait 5 min
Re: VLAN configuration help
I help you only on VLAN and NAT:
I suppose you set all the other parameters, like IPs and routes correctly.
[the IPs must be setted on the bridge, not on the single interface]
And also you do not have set already any port as master or slave.
I suppose you set all the other parameters, like IPs and routes correctly.
[the IPs must be setted on the bridge, not on the single interface]
And also you do not have set already any port as master or slave.
Code: Select all
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] name=ether3-slave master-port=ether2-master
set [ find default-name=ether6 ] name=ether6-master2
set [ find default-name=ether7 ] name=ether7-slave2 master-port=ether6-master2
set [ find default-name=ether8 ] name=ether8-slave2 master-port=ether6-master2
set [ find default-name=ether9 ] name=ether9-slave2 master-port=ether6-master2
/interface vlan
add interface=ether1 name="eher1-vlan-id-90" vlan-id=90
add interface=ether1 name="eher1-vlan-id-92" vlan-id=92
add interface=ether1 name="eher1-vlan-id-199" vlan-id=199
/interface bridge
add name="bri-untag-vlan-id-90" protocol-mode=rstp
add name="bri-untag-vlan-id-92" protocol-mode=rstp
add name="bri-untag-vlan-id-199" protocol-mode=rstp
/interface bridge port
add bridge=bri-untag-vlan-id-90 interface=eher1-vlan-id-90
add bridge=bri-untag-vlan-id-90 interface=ether2-master
add bridge=bri-untag-vlan-id-92 interface=eher1-vlan-id-92
add bridge=bri-untag-vlan-id-199 interface=eher1-vlan-id-199
add bridge=bri-untag-vlan-id-199 interface=eher4
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT for vlan-id-92" out-interface=bri-untag-vlan-id-92 in-interface=ether6-master2
Last edited by rextended on Thu Mar 20, 2014 12:00 am, edited 3 times in total.
Re: VLAN configuration help
[...]
Last edited by rextended on Wed Mar 19, 2014 11:43 pm, edited 1 time in total.
Re: VLAN configuration help
I'd actually use the switch chip. It will be much faster and will put basically no load on to the switch... I'll post a config after I put my son to bed.I help you only on VLAN and NAT:
I suppose you set all the other parameters, like IPs and routes correctly.
[the IPs must be setted on the bridge, not on the single interface]
And also you do not have set already any port as master or slave.
Code: Select all/interface vlan add interface=ether1 name="eher1-vlan-id-90" vlan-id=90 add interface=ether1 name="eher1-vlan-id-92" vlan-id=92 add interface=ether1 name="eher1-vlan-id-199" vlan-id=199 /interface bridge add name="bri-untag-vlan-id-90" protocol-mode=rstp add name="bri-untag-vlan-id-92" protocol-mode=rstp add name="bri-untag-vlan-id-199" protocol-mode=rstp /interface bridge port add bridge=bri-untag-vlan-id-90 interface=eher1-vlan-id-90 add bridge=bri-untag-vlan-id-90 interface=eher2 add bridge=bri-untag-vlan-id-92 interface=eher1-vlan-id-92 add bridge=bri-untag-vlan-id-92 interface=eher3 add bridge=bri-untag-vlan-id-199 interface=eher1-vlan-id-199 add bridge=bri-untag-vlan-id-199 interface=eher4 /interface ethernet set [ find default-name=ether6 ] name=ether6-master set [ find default-name=ether7 ] name=ether7-slave master-port=ether6-master set [ find default-name=ether8 ] name=ether8-slave master-port=ether6-master set [ find default-name=ether9 ] name=ether9-slave master-port=ether6-master /ip firewall nat add action=masquerade chain=srcnat comment="NAT for vlan-id-92" out-interface=bri-untag-vlan-id-92
Re: VLAN configuration help
Thank you very much guys!!!! this is just what I needed...
Re: VLAN configuration help
I have fix my misreading on first post, please check now the script, it use both switch chips.
1st for 2-3 [but you can add also the 5 and sfp1 (or add the 4 and use the 5 as 4 before]
and
2nd for 6-7-8-9 [but you can add also the 10!!!]
If you find useful, please add Karma!
efaden, please edit your post and remove the script inside, is fixed now.
1st for 2-3 [but you can add also the 5 and sfp1 (or add the 4 and use the 5 as 4 before]
Code: Select all
/interface ethernet
set [ find default-name=ether5 ] name=ether5-slave master-port=ether2-master
set [ find default-name=sfp1 ] name=sfp1-slave master-port=ether2-master2nd for 6-7-8-9 [but you can add also the 10!!!]
Code: Select all
/interface ethernet
set [ find default-name=ether10 ] name=ether10-slave2 master-port=ether6-master2efaden, please edit your post and remove the script inside, is fixed now.
Last edited by rextended on Thu Mar 20, 2014 12:01 am, edited 2 times in total.
Re: VLAN configuration help
If you are going to use the switch chip for this you actually have to set the settings, not just set the master port.
See my config:
See my config:
ros code
/interface ethernet switch set switch-all-ports=yes /interface bridge add name=bridge-local protocol=rtsp /interface bridge port add bridge=bridge-local interface=ether6 /interface ethernet set [ find default-name=ether1 ] name=ether1 set [ find default-name=ether2 ] master-port=ether1 set [ find default-name=ether3 ] master-port=ether1 set [ find default-name=ether3 ] master-port=ether1 set [ find default-name=ether4 ] master-port=ether1 set [ find default-name=ether5 ] master-port=ether1 set [ find default-name=ether6 ] master-port=none set [ find default-name=ether7 ] master-port=ether6 set [ find default-name=ether8 ] master-port=ether6 set [ find default-name=ether9 ] master-port=ether6 set [ find default-name=ether10 ] master-port=ether6 /interface vlan add interface=ether1 l2mtu=1594 name=Vlan90 vlan-id=90 add interface=ether1 l2mtu=1594 name=Vlan92 vlan-id=92 add interface=ether1 l2mtu=1594 name=Vlan199 vlan-id=199 /ip pool add name=local-pool ranges=192.168.0.100-192.168.0.254 /ip dhcp-server add address-pool=local-pool interface=bridge-local name=local-dhcp /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=Vlan92 /ip dhcp-server network add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 /interface ethernet switch port add vlan-id=90 switch=switch1 ports=ether1,ether2,ether3,cpu add vlan-id=92 switch=switch1 ports=ether1,cpu add vlan-id=199 switch=switch1 ports=ether1,ether4,cpu /interface ethernet switch vlan set ether1 vlan-mode=secure vlan-header=add-if-missing set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=90 set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=90 set ether4 vlan-mode=secure vlan-header=always-strip default-vlan-id=199 set ether5 vlan-mode=secure /ip firewall filter add chain=input protocol=icmp add chain=input connection-state=established add chain=input connection-state=related add action=drop chain=input in-interface=Vlan92 add chain=forward connection-state=established add chain=forward connection-state=related add action=drop chain=forward connection-state=invalid /ip firewall nat add action=masquerade chain=srcnat out-interface=Vlan92 in-interface=bridge-local
Last edited by efaden on Wed Mar 19, 2014 11:56 pm, edited 1 time in total.
Re: VLAN configuration help
I have fix my misreading on first post, please check now the script, it use both switch chips.
1st for 2-3 [but you can add also the 4-5 and sfp1!!!]
andCode: Select all/interface ethernet set [ find default-name=ether4 ] name=ether4-slave master-port=ether2-master set [ find default-name=ether5 ] name=ether5-slave master-port=ether2-master set [ find default-name=sfp1 ] name=sfp1-slave master-port=ether2-master
2nd for 6-7-8-9 [but you can add also the 10!!!]If you find useful, please add Karma!Code: Select all/interface ethernet set [ find default-name=ether10 ] name=ether10-slave2 master-port=ether6-master2
efaden, please edit your post and remove the script inside, is fixed now.
rextended: you need to actually have settings in /interface ethernet switch port and vlan to control the vlans if you are going to set the master-port. Just setting the master-port won't actually work since some of them need to be tagged/untagged and modified... your config as it is wouldn't actually work.
Re: VLAN configuration help
Thank you very much for your help on this, reading the configuration on both methodologies gives me a better understanding on how to work with VLANs and the switching feature. Coming from a Cisco background I need to get used to the new way.
Re: VLAN configuration help
Yeah. Not gonna lie, it's odd.Thank you very much for your help on this, reading the configuration on both methodologies gives me a better understanding on how to work with VLANs and the switching feature. Coming from a Cisco background I need to get used to the new way.
Sent from my SCH-I545 using Tapatalk
Re: VLAN configuration help
Reworked config:
must be set to yes and must be added some DNS, if you specify dns-server=192.168.0.1 on DHCP server
[DHCP client DNS or PPPoE peer DNS not always working.]
About switch and VLAN: I must check again later, if I remember wrong. Thanks.
Removed:/interface ethernet switch
set switch-all-ports=yes
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
/interface vlan
add interface=ether1 name=Vlan90 vlan-id=90
add interface=ether1 name=Vlan92 vlan-id=92
add interface=ether1 name=Vlan199 vlan-id=199
/ip pool
add name=local-pool ranges=192.168.0.101-192.168.0.199
/ip dhcp-server
add address-pool=local-pool interface=ether6 name=local-dhcp
/ip dhcp-client
add disabled=no interface=Vlan92
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/interface ethernet switch port
add vlan-id=90 switch=switch1 ports=ether1,ether2,ether3,cpu
add vlan-id=92 switch=switch1 ports=ether1,cpu
add vlan-id=199 switch=switch1 ports=ether1,ether4,cpu
/interface ethernet switch vlan
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=90
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=90
set ether4 vlan-mode=secure vlan-header=always-strip default-vlan-id=199
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Vlan92 in-interface=ether6
On the DNS the allow-remote-requests default value is "no"/interface bridge
add name=bridge-local protocol=rtsp
/interface bridge port
add bridge=bridge-local interface=ether6
/interface ethernet
set [ find default-name=ether1 ] name=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether6 ] master-port=none
/ip firewall filter
add chain=input protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=Vlan92
add chain=forward connection-state=established
add chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
must be set to yes and must be added some DNS, if you specify dns-server=192.168.0.1 on DHCP server
[DHCP client DNS or PPPoE peer DNS not always working.]
About switch and VLAN: I must check again later, if I remember wrong. Thanks.
Re: VLAN configuration help
I am running routeros 6.9 and some of the commands in your configuration example are a bit different. I think I have covered, but I don't have the masquerading working just yet.
One main difference is that my box has two switches, one for the gig ports and one for the fast ethernet ports. I will post what I got once I am done with the configuration. So far the VLAN ports on the "outside" portion are working.
Thanks again for your help guys.
One main difference is that my box has two switches, one for the gig ports and one for the fast ethernet ports. I will post what I got once I am done with the configuration. So far the VLAN ports on the "outside" portion are working.
Thanks again for your help guys.
Re: VLAN configuration help
Post your config. My example had nat working.
Sent from my SCH-I545 using Tapatalk
Sent from my SCH-I545 using Tapatalk
Re: VLAN configuration help
I hope you solve the problems, but first of all, install 6.11 and update bios to 3.12
Too much bug on 6.8 / 6.9 / 6.10
Too much bug on 6.8 / 6.9 / 6.10
Re: VLAN configuration help
Exactly.... My example had nat working ...
Re: VLAN configuration help
Won't vlan92 need an IP address assigned to it for NAT to work?
None of the router interfaces have the gateway address on them either.
None of the router interfaces have the gateway address on them either.
Re: VLAN configuration help
Read with attention the previous post:Won't vlan92 need an IP address assigned to it for NAT to work?
None of the router interfaces have the gateway address on them either.
>>>I suppose you set all the other parameters, like IPs and routes correctly.
>>>[the IPs must be setted on the bridge, not on the single interface]
>>>And also you do not have set already any port as master or slave.
Because "benitton" has not specified the IP needed.
I hope he know the IP....
Re: VLAN configuration help
I actually get the IP address assigned via DHCP. I got this working w/o any problem. My main issue with the setup was to get the switching/bridging part of the setup going... Thanks again for your help guys!Won't vlan92 need an IP address assigned to it for NAT to work?
None of the router interfaces have the gateway address on them either.
Who is online
Users browsing this forum: nescafe2002 and 41 guests