I new to mikrotik and have spent a long time researching how to set up my MikroTik CCR2116-12G-4S+ to do what I need it to do. Up to this point I really can't understand what I'm doing wrong, but clearly I am doing something wrong. I really hope that someone can point me in the direction to get this sorted.
I have read many articles, seen loads of YT tutorials and read many forum posts here without being able to understand what I'm doing wrong.
Here is a simple schematic over my environment:
Here is my usecase with references to the simple schematics attached to this post:
I like the following machines to be able to communicate:
- A and E, B and F, C and G, D and H on as close to wire speed as possible. These pairs should be separated from each other (pair to pair).
- J to be able to talk to E and K to G without any demand on wire speed. No other traffic should be routed to J and K than responses from E and G. Naturally J and G should not be able to talk to each other nor should E not be able to reach K.
A, B, C and D are virtual machines running on a hypervisor terminating them two trunk connections ("sfp-sfpplus3 – TRUNK1" and "sfp-sfpplus2 – TRUNK2"). Non of these VMs should be able to talk to each other.
E, F, G, H are physical machines with Gigabit Ethernet ports.
J and K are virtual machines running on another hypervisor. J and K are to share a physical trunk connection ("ether2 – TRUNK3") to the router.
This environment is not connected to internet nor have the need for any DHCP server functionality. All machines will have their IPs set staticky
Here is my export result:
Code: Select all
[@MikroTik] > export
# RouterOS 7.13
/interface bridge
add name=BR0 vlan-filtering=yes
add name=BR1 vlan-filtering=yes
add name=BR2 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether2 ] name="ether2 - TRUNK3"
set [ find default-name=sfp-sfpplus2 ] name="sfp-sfpplus2 - TRUNK1"
set [ find default-name=sfp-sfpplus3 ] name="sfp-sfpplus3 - TRUNK2"
/interface vlan
add interface="sfp-sfpplus2 - TRUNK1" name=VLAN10 vlan-id=10
add interface="sfp-sfpplus2 - TRUNK1" name=VLAN11 vlan-id=11
add interface=BR2 name=VLAN19 vlan-id=19
add interface="sfp-sfpplus3 - TRUNK2" name=VLAN20 vlan-id=20
add interface="sfp-sfpplus3 - TRUNK2" name=VLAN21 vlan-id=21
add interface=BR2 name=VLAN29 vlan-id=29
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\
ether4 pvid=10
add bridge=BR0 frame-types=admit-only-vlan-tagged interface=\
"sfp-sfpplus2 - TRUNK1"
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=\
"sfp-sfpplus3 - TRUNK2"
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
ether7 pvid=20
add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\
ether5 pvid=11
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
ether8 pvid=21
add bridge=BR0 frame-types=admit-only-vlan-tagged interface=VLAN19
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=VLAN29
add bridge=BR2 frame-types=admit-only-vlan-tagged interface="ether2 - TRUNK3"
/ip firewall connection tracking
set enabled=yes
/interface bridge vlan
add bridge=BR0 tagged="sfp-sfpplus2 - TRUNK1" vlan-ids=10
add bridge=BR0 tagged="sfp-sfpplus2 - TRUNK1" vlan-ids=11
add bridge=BR1 tagged="sfp-sfpplus3 - TRUNK2" vlan-ids=20
add bridge=BR1 tagged="sfp-sfpplus3 - TRUNK2" vlan-ids=21
add bridge=BR0 tagged=VLAN19 vlan-ids=19
add bridge=BR1 tagged=VLAN29 vlan-ids=29
/ip address
add address=192.168.125.11/24 interface=VLAN10 network=192.168.125.0
add address=10.0.11.11/24 interface=VLAN11 network=10.0.11.0
add address=192.168.125.11/24 interface=VLAN20 network=192.168.125.0
add address=10.0.21.11/24 interface=VLAN21 network=10.0.21.0
add address=192.168.125.11/24 interface=VLAN19 network=192.168.125.0
add address=192.168.125.11/24 interface=VLAN29 network=192.168.125.0
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
What I think I'm stuck on is sharing the "ether2 – TRUNK3" connection with BR0 and BR1 having VLAN19 to go to BR0 and VLAN29 to go to BR1.
Any suggestions would be much appreciated. And I know my usecase might seem a bit odd but its for a test environment where I'm going to run tests towards the machines E, F, G and H. There of no access to outside this environment.
If i have missed providing any information please do not hesitate to make me aware of it.
I have tried to understand the viewtopic.php?t=143620 thread but clearly not been able to sort my issues described above.
I like to understand where I have gone wrong.
With hopeful regards
Toby