I have a CCR1036 with two trunk links, each carrying two vlan. (one of the link is a bond of but not important here).
link1 is bond1 and carries vlan1000 and vlan1001
link2 is sfp-sfpplus1 and carries vlan2000 and vlan2001
I've setup two VRF, one with vlan1000 and vlan2000 and the other with vlan1001 and vlan2001.
Now if I send a packet to the router on vlan2000 to 172.30.3.1 (which is an ip on vlan1001 in a different VRF), I'd expect to get "No route to host" or "Unreachable" or some error ... and _not_ a valid reply ...
But that's not the case, I can happily ping 172.30.3.1 from vlan2000.
What's wrong here ?
Code: Select all
# jul/15/2016 10:38:02 by RouterOS 6.35.4
# software id = 5TPR-QBLR
#
/interface vlan
add interface=sfp-sfpplus1 name=vlan2000 vlan-id=2000
add interface=sfp-sfpplus1 name=vlan2001 vlan-id=2001
/interface bonding
add mode=active-backup name=bond1 slaves=sfp-sfpplus2,ether6
/interface vlan
add interface=bond1 name=vlan1000 vlan-id=1000
add interface=bond1 name=vlan1001 vlan-id=1001
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/routing bgp instance
set default as=2 router-id=172.30.2.1
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.30.2.1/24 interface=vlan1000 network=172.30.2.0
add address=172.30.3.1/24 interface=vlan1001 network=172.30.3.0
add address=172.30.0.1/24 interface=vlan2000 network=172.30.0.0
add address=172.30.1.1/24 interface=vlan2001 network=172.30.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip route vrf
add interfaces=vlan1000,vlan2000 route-distinguisher=1:1 routing-mark=branch1
add interfaces=vlan1001,vlan2001 route-distinguisher=2:2 routing-mark=branch2
/system identity
set name=ccr1036
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=disabled
