VLAN TRUNK
Posted: Sun Apr 15, 2018 5:33 pm
hi,
this is my first attempt to configure my RB2011. I am trying to configure VLAN Trunk on port_10 of my RB2011 to another RB2011 Vlan Trunk Port.
I have followed the tutorials and doesn't seem to be right, I can VLAN Trunk from RB2011 to another TPLink L2 Switch, but I cant trunk to another RB2011.
Both running on the latest version.
appreciate all experience mikrotik gurus to lend a helping hand,
thanks in advance.
below is the config of my main RB2011.
/interface bridge
add admin-mac=00:0C:42:A9:82:86 arp=proxy-arp auto-mac=no comment=\
"Home Internet Zone" fast-forward=no mtu=1500 name="VLAN1 Bridge"
add comment="Home Network Appliances Zone" fast-forward=no mtu=1500 name=\
"VLAN2 Bridge"
add comment="IP Camera Zone" fast-forward=no name="VLAN3 Bridge"
add comment="Guest Internet Zone" fast-forward=no name="VLAN4 Bridge"
/interface ethernet
set [ find default-name=ether1 ] comment="Internet" mac-address=\
00:0C:42:A9:82:85 name=Port_01 speed=1Gbps
set [ find default-name=ether2 ] mac-address=00:0C:42:A9:82:86 name=Port_02 \
speed=1Gbps
set [ find default-name=ether3 ] mac-address=00:0C:42:A9:82:87 name=Port_03 \
speed=1Gbps
set [ find default-name=ether4 ] mac-address=00:0C:42:A9:82:88 name=Port_04 \
speed=1Gbps
set [ find default-name=ether5 ] mac-address=00:0C:42:A9:82:89 name=Port_05 \
speed=1Gbps
set [ find default-name=ether6 ] mac-address=00:0C:42:A9:82:8A name=Port_06
set [ find default-name=ether7 ] mac-address=00:0C:42:A9:82:8B name=Port_07
set [ find default-name=ether8 ] mac-address=00:0C:42:A9:82:8C name=Port_08
set [ find default-name=ether9 ] mac-address=00:0C:42:A9:82:8D name=Port_09
set [ find default-name=ether10 ] mac-address=00:0C:42:A9:82:8E name=Port_10
set [ find default-name=sfp1 ] mac-address=00:0C:42:A9:82:84 name=SFP speed=\
100Mbps
/interface vlan
add interface=Port_10 name=Port_10-vlan1 vlan-id=1
add interface=Port_10 name=Port_10-vlan2 vlan-id=2
add interface=Port_10 name=Port_10-vlan3 vlan-id=3
add interface=Port_10 name=Port_10-vlan4 vlan-id=4
/interface list
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity="" \
wpa2-pre-shared-key=xxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no mode=ap-bridge name=VLAN3_wlan security-profile=profile1 \
ssid=Watching_You vlan-id=3 wireless-protocol=802.11 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=VLAN1-dhcp-pool ranges=192.168.1.101-192.168.1.200
add name=VLAN2-dhcp-pool ranges=192.168.2.101-192.168.2.200
add name=VLAN3-dhcp-pool ranges=192.168.3.101-192.168.3.200
add name=VLAN4-dhcp-pool ranges=192.168.4.101-192.168.4.200
/ip dhcp-server
add address-pool=VLAN1-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN1 Bridge" lease-time=3d name=VLAN1_dhcpsvr
add address-pool=VLAN2-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN2 Bridge" name=VLAN2_dhcpsvr
add address-pool=VLAN3-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN3 Bridge" name=VLAN3_dhcpsvr
add address-pool=VLAN4-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN4 Bridge" name=VLAN4_dhcpsvr
/interface bridge port
add bridge="VLAN1 Bridge" hw=no interface=Port_02
add bridge="VLAN1 Bridge" hw=no interface=Port_03
add bridge="VLAN1 Bridge" hw=no interface=Port_04
add bridge="VLAN2 Bridge" hw=no interface=Port_05
add bridge="VLAN1 Bridge" hw=no interface=Port_06
add bridge="VLAN1 Bridge" hw=no interface=Port_07
add bridge="VLAN1 Bridge" hw=no interface=Port_08
add bridge="VLAN4 Bridge" hw=no interface=Port_09
add bridge="VLAN1 Bridge" interface=Port_10-vlan1
add bridge="VLAN2 Bridge" interface=Port_10-vlan2
add bridge="VLAN3 Bridge" interface=Port_10-vlan3
add bridge="VLAN4 Bridge" interface=Port_10-vlan4
add bridge="VLAN3 Bridge" interface=VLAN3_wlan
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.1.1/24 interface="VLAN1 Bridge" network=192.168.1.0
add address=192.168.2.1/24 interface="VLAN2 Bridge" network=192.168.2.0
add address=192.168.3.1/24 interface="VLAN3 Bridge" network=192.168.3.0
add address=192.168.4.1/24 interface="VLAN4 Bridge" network=192.168.4.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=Port_01
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=8.8.8.8 gateway=192.168.4.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.2.0/24 list=Vlan2_3_4
add address=192.168.3.0/24 list=Vlan2_3_4
add address=192.168.4.0/24 list=Vlan2_3_4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=input comment="Block VLAN2/3/4 to 192.168.10.0/24" \
dst-address=192.168.1.0/24 src-address-list=Vlan2_3_4
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established
add action=accept chain=input comment="default configuration" \
connection-state=related
add action=accept chain=input comment="VPN Access" dst-port=1723 protocol=tcp
add action=accept chain=input comment="Remote Access For Winbox" protocol=gre
add action=drop chain=input comment="default configuration" in-interface=\
Port_01
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=Port_01
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24,192.168.99.1/32,192.168.99.2/32
set ssh address=192.168.1.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore
/system identity
set name=199-COR-RS01
/system ntp client
set enabled=yes primary-ntp=128.199.84.169 secondary-ntp=103.11.143.248
this is my first attempt to configure my RB2011. I am trying to configure VLAN Trunk on port_10 of my RB2011 to another RB2011 Vlan Trunk Port.
I have followed the tutorials and doesn't seem to be right, I can VLAN Trunk from RB2011 to another TPLink L2 Switch, but I cant trunk to another RB2011.
Both running on the latest version.
appreciate all experience mikrotik gurus to lend a helping hand,
thanks in advance.
below is the config of my main RB2011.
/interface bridge
add admin-mac=00:0C:42:A9:82:86 arp=proxy-arp auto-mac=no comment=\
"Home Internet Zone" fast-forward=no mtu=1500 name="VLAN1 Bridge"
add comment="Home Network Appliances Zone" fast-forward=no mtu=1500 name=\
"VLAN2 Bridge"
add comment="IP Camera Zone" fast-forward=no name="VLAN3 Bridge"
add comment="Guest Internet Zone" fast-forward=no name="VLAN4 Bridge"
/interface ethernet
set [ find default-name=ether1 ] comment="Internet" mac-address=\
00:0C:42:A9:82:85 name=Port_01 speed=1Gbps
set [ find default-name=ether2 ] mac-address=00:0C:42:A9:82:86 name=Port_02 \
speed=1Gbps
set [ find default-name=ether3 ] mac-address=00:0C:42:A9:82:87 name=Port_03 \
speed=1Gbps
set [ find default-name=ether4 ] mac-address=00:0C:42:A9:82:88 name=Port_04 \
speed=1Gbps
set [ find default-name=ether5 ] mac-address=00:0C:42:A9:82:89 name=Port_05 \
speed=1Gbps
set [ find default-name=ether6 ] mac-address=00:0C:42:A9:82:8A name=Port_06
set [ find default-name=ether7 ] mac-address=00:0C:42:A9:82:8B name=Port_07
set [ find default-name=ether8 ] mac-address=00:0C:42:A9:82:8C name=Port_08
set [ find default-name=ether9 ] mac-address=00:0C:42:A9:82:8D name=Port_09
set [ find default-name=ether10 ] mac-address=00:0C:42:A9:82:8E name=Port_10
set [ find default-name=sfp1 ] mac-address=00:0C:42:A9:82:84 name=SFP speed=\
100Mbps
/interface vlan
add interface=Port_10 name=Port_10-vlan1 vlan-id=1
add interface=Port_10 name=Port_10-vlan2 vlan-id=2
add interface=Port_10 name=Port_10-vlan3 vlan-id=3
add interface=Port_10 name=Port_10-vlan4 vlan-id=4
/interface list
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity="" \
wpa2-pre-shared-key=xxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no mode=ap-bridge name=VLAN3_wlan security-profile=profile1 \
ssid=Watching_You vlan-id=3 wireless-protocol=802.11 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=VLAN1-dhcp-pool ranges=192.168.1.101-192.168.1.200
add name=VLAN2-dhcp-pool ranges=192.168.2.101-192.168.2.200
add name=VLAN3-dhcp-pool ranges=192.168.3.101-192.168.3.200
add name=VLAN4-dhcp-pool ranges=192.168.4.101-192.168.4.200
/ip dhcp-server
add address-pool=VLAN1-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN1 Bridge" lease-time=3d name=VLAN1_dhcpsvr
add address-pool=VLAN2-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN2 Bridge" name=VLAN2_dhcpsvr
add address-pool=VLAN3-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN3 Bridge" name=VLAN3_dhcpsvr
add address-pool=VLAN4-dhcp-pool authoritative=after-2sec-delay disabled=no \
interface="VLAN4 Bridge" name=VLAN4_dhcpsvr
/interface bridge port
add bridge="VLAN1 Bridge" hw=no interface=Port_02
add bridge="VLAN1 Bridge" hw=no interface=Port_03
add bridge="VLAN1 Bridge" hw=no interface=Port_04
add bridge="VLAN2 Bridge" hw=no interface=Port_05
add bridge="VLAN1 Bridge" hw=no interface=Port_06
add bridge="VLAN1 Bridge" hw=no interface=Port_07
add bridge="VLAN1 Bridge" hw=no interface=Port_08
add bridge="VLAN4 Bridge" hw=no interface=Port_09
add bridge="VLAN1 Bridge" interface=Port_10-vlan1
add bridge="VLAN2 Bridge" interface=Port_10-vlan2
add bridge="VLAN3 Bridge" interface=Port_10-vlan3
add bridge="VLAN4 Bridge" interface=Port_10-vlan4
add bridge="VLAN3 Bridge" interface=VLAN3_wlan
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.1.1/24 interface="VLAN1 Bridge" network=192.168.1.0
add address=192.168.2.1/24 interface="VLAN2 Bridge" network=192.168.2.0
add address=192.168.3.1/24 interface="VLAN3 Bridge" network=192.168.3.0
add address=192.168.4.1/24 interface="VLAN4 Bridge" network=192.168.4.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=Port_01
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=8.8.8.8 gateway=192.168.4.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.2.0/24 list=Vlan2_3_4
add address=192.168.3.0/24 list=Vlan2_3_4
add address=192.168.4.0/24 list=Vlan2_3_4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=input comment="Block VLAN2/3/4 to 192.168.10.0/24" \
dst-address=192.168.1.0/24 src-address-list=Vlan2_3_4
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established
add action=accept chain=input comment="default configuration" \
connection-state=related
add action=accept chain=input comment="VPN Access" dst-port=1723 protocol=tcp
add action=accept chain=input comment="Remote Access For Winbox" protocol=gre
add action=drop chain=input comment="default configuration" in-interface=\
Port_01
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=Port_01
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24,192.168.99.1/32,192.168.99.2/32
set ssh address=192.168.1.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore
/system identity
set name=199-COR-RS01
/system ntp client
set enabled=yes primary-ntp=128.199.84.169 secondary-ntp=103.11.143.248