Community discussions

MikroTik App
 
kolub
just joined
Topic Author
Posts: 3
Joined: Thu Oct 17, 2024 12:01 am

Problem with switches behind Mikrotik

Thu Oct 17, 2024 12:07 am

Hello.

I have an absolute standard config of my Mikro Tik.
Like after a reset. The only thing I changed is the IP pool of the DHCP server.
But I have the problem that switches behind the Mikto Tik don't work.

If I connect devices directly to a port on the Mikrotik, they work perfectly.
But if a switch is connected to a Mikrotik port, these devices are not accessible.

The switches work perfectly in a different config and I have already tried it with several switches.

What could be the reason for this?
Thanks
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1579
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Problem with switches behind Mikrotik

Thu Oct 17, 2024 7:01 am

That makes no sense as described. However without your config, we're guessing. Please post your configuration and either a drawing of what is connected to what, or a detailed description of the same. To export and paste your configuration (and I'm assuming you are using WebFig or Winbox), open a terminal window,
and type (without the quotes) "/export hide-sensitive file=any-filename-you-wish". Then open the files section
and right click on the filename you created and select download in order to download the file to your computer.
It will be a text file with whatever name you saved to with an extension of .rsc. Open that file in your favorite
text editor and redact any sensitive information if desired / needed. Then in your message here, click the code
display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks
like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
 
kolub
just joined
Topic Author
Posts: 3
Joined: Thu Oct 17, 2024 12:01 am

Re: Problem with switches behind Mikrotik

Thu Oct 17, 2024 7:46 am

Thanks for your help.

Here is the content of the file:
# oct/17/2024 06:44:43 by RouterOS 6.49.17
# software id = S0P8-EHUV
#
# model = 2011UiAS-2HnD
# serial number = B9070A66A7E9
/interface bridge
add admin-mac=74:4D:28:84:4D:E9 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=KKBitsVAir1 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.99.1-192.168.99.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.99.150/24 comment=defconf interface=bridge network=\
    192.168.99.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.99.200 mac-address=B8:EC:A3:DF:3C:2A
add address=192.168.99.100 mac-address=E4:8D:8C:7E:87:C2
add address=192.168.99.91 mac-address=CC:20:8C:B6:21:D6 server=defconf
add address=192.168.99.90 mac-address=6C:E8:74:57:BD:DE server=defconf
add address=192.168.99.82 client-id=1:b8:f0:9:a2:59:8c mac-address=\
    B8:F0:09:A2:59:8C server=defconf
/ip dhcp-server network
add address=192.168.99.0/24 comment=defconf dns-server=192.168.99.150 \
    gateway=192.168.99.150 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.99.150 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=MikroTik-VLan
/system note
set note="Router - VLan"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
rplant
Long time Member
Long time Member
Posts: 536
Joined: Fri Sep 29, 2017 11:42 am

Re: Problem with switches behind Mikrotik

Thu Oct 17, 2024 9:02 am

Hi,

My guess(es) is that it might be something to do with Spanning tree, or more likely Vlan configuration.

I would expect spanning tree to begin to work after a minute or so (worst case scenario)

Perhaps the switch port you have plugged the router into is on a different vlan to the port the device is connected too or is a trunk port.

Alternatively, still guessing, based on a comment in the config, perhaps you want the router to have multiple vlans on the connection feeding into the switch, and maybe provide routing between those vlans. Some idea of the switch configuration might be useful.
 
kolub
just joined
Topic Author
Posts: 3
Joined: Thu Oct 17, 2024 12:01 am

Re: Problem with switches behind Mikrotik

Thu Oct 17, 2024 10:49 am

I apologize very much.

The switch actually has a problem.

Under certain circumstances the switch doesn't seem to work, but I don't yet know why. And with the second switch I tested, there seems to be an error in the VLAN config.

I tested everything again with a brand new switch in the standard config and now everything works as expected.

So the problem doesn't seem to be with the Mikrotik config.

Sorry and thank you.
 
User avatar
patrikg
Member
Member
Posts: 362
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: Problem with switches behind Mikrotik

Thu Oct 17, 2024 7:22 pm

Hi, I'm very glad you solved the problem, but I and the forum would be so much happier
if you also mark your case in this forum as solved.

See the pictures below.
Where you click on the following places on the thread that solved your problem.

So the AI can take over and know what the problems are with the respective solution.

At board style: Canvas
Image

At board style: prosilver
Image

Who is online

Users browsing this forum: ciruliss and 25 guests