Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

connectivity between ports

Post Reply
 
bolmsted
just joined
Topic Author
Posts: 23
Joined: Mon Nov 13, 2017 7:03 pm

connectivity between ports

Tue Aug 06, 2019 7:09 pm

I have a hEX (rb750gr3) configured as my internet gateway and would like some help here. I want to avoid a misconfiguration leading to loss of access as it is painful to recover but thankfully I have a backup on the flash.

I have following setup as my port configuration
- ether1 - WAN
- ether2-master - I have my 24 port switch connected here
- ether3 - I have my 8 port switch connected here

I seem to have issue with forwarding traffic between the two switches or talking to the mgmt interface of the one switch from a computer connected from/to the other switch.
Code: Select all
macmini-ether-mgmt:~ brian$ ping 192.168.88.1
PING 192.168.88.1 (192.168.88.1): 56 data bytes
64 bytes from 192.168.88.1: icmp_seq=0 ttl=64 time=0.478 ms
^C
--- 192.168.88.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.478/0.478/0.478/0.000 ms
macmini-ether-mgmt:~ brian$ ping 192.168.88.2
PING 192.168.88.2 (192.168.88.2): 56 data bytes
64 bytes from 192.168.88.2: icmp_seq=0 ttl=64 time=4.032 ms
64 bytes from 192.168.88.2: icmp_seq=1 ttl=64 time=2.157 ms
^C
--- 192.168.88.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.157/3.095/4.032/0.938 ms
macmini-ether-mgmt:~ brian$ ping 192.168.88.3
PING 192.168.88.3 (192.168.88.3): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- 192.168.88.3 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
macmini-ether-mgmt:~ brian$
I basically have these setup as a bridge LAN segment and then want created different VLANs for my wifi SSIDs on the APs and also applied the same VLANs to some of the LAN wired ports.

If I go into the Winbox4Mac GUI and disable the "Use IP Firewall" checkbox then I can ping the gateway (.1), switch 1 (.2) and switch2 (.3) without issue. I have no idea where these options are in the CLI but would prefer to do it there if possible.

How can I enable the two switches to appear as one from the network perspective as far as configuring the /ip bridge setup? I tried to play around with the /ip bridge filter setting and was trying to log all the forward, input and output traffic and then put a drop at the end which was a mistake as I lost my access (or perhaps removing some of my permits) and spent about an hour recovering by the time I got the paperclip, etc.

Is there a basic template to allow the bridged physical and VLANs to be linked between the ether2 and ether3 port on the hEX?


thanks


Code: Select all
[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running 
 0 R name="lan-bridge" mtu=auto actual-mtu=1500 l2mtu=1596 arp=enabled arp-timeout=auto mac-address=64:D1:54:54:CC:3F protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=no 
     admin-mac=64:D1:54:54:CC:3F ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 1 R name="vlan10-LAN-bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:54:CC:3F protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 2 R name="vlan20-KIDS-bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:54:CC:3F protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 3 R name="vlan30-IoT-bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:54:CC:3F protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 4 R name="vlan50-Guest-bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:54:CC:3F protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 
[admin@MikroTik] /interface bridge> port 
[admin@MikroTik] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                                                            BRIDGE                                                           HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 0     ether2-master                                                        lan-bridge                                                       yes    1     0x80         10                 10       none
 1     vlan10-LAN                                                           vlan10-LAN-bridge                                                       1     0x80         10                 10       none
 2     vlan20-KIDS                                                          vlan20-KIDS-bridge                                                      1     0x80         10                 10       none
 3     vlan30-IoT                                                           vlan30-IoT-bridge                                                       1     0x80         10                 10       none
 4     vlan50-Guest                                                         vlan50-Guest-bridge                                                     1     0x80         10                 10       none
 5     ether3                                                               lan-bridge                                                       yes    1     0x80         10                 10       none
 6 I   ether4                                                               lan-bridge                                                       yes    1     0x80         10                 10       none
 7 I   ether5                                                               lan-bridge                                                       yes    1     0x80         10                 10       none
[admin@MikroTik] /interface bridge port>
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22208
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: connectivity between ports

Wed Aug 07, 2019 6:34 pm

What version of firmware are you running?
Please post config
/export hide-sensitive file=yourconfig8aug
Top
Post Reply
  4. RouterOS
  5. Beginner Basics