Community discussions

MikroTik App
 
martimk
just joined
Topic Author
Posts: 5
Joined: Thu Dec 19, 2024 12:28 pm

problem with vlan configuration

Thu Dec 19, 2024 12:31 pm

Hi, I have this vlans configuration on a mikrotik router ( not switch ). Why does the computer connected to port vlan10-eth1 not see the computer in vlan10-eth2 and ping to address 192.168.10.2 does not work ?

Computers with vlan-id=10 are connected to ports vlan10-eth1 and vlan10-eth2.
/interface vlan
add name=vlan10-eth1 vlan-id=10 interface=ether1
add name=vlan20-eth1 vlan-id=20 interface=ether1

/interface vlan
add name=vlan10-eth2 vlan-id=10 interface=ether2
add name=vlan20-eth2 vlan-id=20 interface=ether2

/ip address
add address=192.168.10.1/24 interface=vlan10-eth1
add address=192.168.20.1/24 interface=vlan20-eth1

/ip address
add address=192.168.10.2/24 interface=vlan10-eth2
add address=192.168.20.2/24 interface=vlan20-eth2
Last edited by martimk on Thu Dec 19, 2024 1:21 pm, edited 1 time in total.
 
User avatar
panisk0
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sun Mar 06, 2016 10:36 pm
Location: Cracow
Contact:

Re: problem with vlan configuration

Thu Dec 19, 2024 12:55 pm

 
martimk
just joined
Topic Author
Posts: 5
Joined: Thu Dec 19, 2024 12:28 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 1:17 pm

I don't want to use birdge. I want it to work in layer 3. This configuration is on the router side, not the switch side
 
User avatar
panisk0
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sun Mar 06, 2016 10:36 pm
Location: Cracow
Contact:

Re: problem with vlan configuration

Thu Dec 19, 2024 2:10 pm

to answer your question:
Why does the computer connected to port vlan10-eth1 not see the computer in vlan10-eth2 and ping to address 192.168.10.2 does not work ?

ARP <-- without layer 2 there is no layer 3 / simple logic
 
martimk
just joined
Topic Author
Posts: 5
Joined: Thu Dec 19, 2024 12:28 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 2:53 pm

But I can ping address 192.168.10.1/24 on interface vlan10-eth1. If it were as you write I wouldn't be able to ping the interface vlan10-eth1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21890
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: problem with vlan configuration

Thu Dec 19, 2024 2:55 pm

If you want answers provide more complete information starting with
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)

THe config is interrelated showing what you thing we need to see is NOT helpful.
By the way, a bridge is not absolutely required but its kinda how the ROS was designed to work most efficiently.
Once the config is shown, an optimal config based on your requirements can be designed.
 
User avatar
panisk0
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sun Mar 06, 2016 10:36 pm
Location: Cracow
Contact:

Re: problem with vlan configuration

Thu Dec 19, 2024 3:36 pm

@martimk - if you know better, why do you ask?

on the computer do arp -a
you will see an entry for 192.168.10.1
but not for: 192.168.10.2

you can divide the /24 network into 2x /25 then it will work L3
 
martimk
just joined
Topic Author
Posts: 5
Joined: Thu Dec 19, 2024 12:28 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 3:48 pm

my config file:
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
/interface vlan
add interface=ether1 name=vlan10-eth1 vlan-id=10
add interface=ether2 name=vlan10-eth2 vlan-id=10
add interface=ether1 name=vlan20-eth1 vlan-id=20
add interface=ether2 name=vlan20-eth2 vlan-id=20
/disk
set slot1 media-interface=none media-sharing=no slot=slot1
set slot2 media-interface=none media-sharing=no slot=slot2
set slot3 media-interface=none media-sharing=no slot=slot3
set slot4 media-interface=none media-sharing=no slot=slot4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/iot lora servers
add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=\
    UDP
add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=\
    UDP
add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=\
    UDP
add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
/interface bridge port
add bridge=*13 frame-types=admit-only-untagged-and-priority-tagged interface=\
    ether2 pvid=20
add bridge=*13 frame-types=admit-only-untagged-and-priority-tagged interface=\
    ether3 pvid=30
add bridge=*17 interface=*14
add bridge=*17 interface=ether1
/interface bridge vlan
add bridge=*13 tagged=*13 vlan-ids=20
add bridge=*13 tagged=*13 vlan-ids=30
/ip address
add address=192.168.99.1/24 interface=*14 network=192.168.99.0
add address=30.0.0.1/24 interface=*15 network=30.0.0.0
add address=192.168.10.1/24 interface=vlan10-eth1 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20-eth1 network=192.168.20.0
add address=192.168.10.2/24 interface=vlan10-eth2 network=192.168.10.0
add address=192.168.20.2/24 interface=vlan20-eth2 network=192.168.20.0
/system gps
set set-system-time=no
/system note
set show-at-login=no
 
martimk
just joined
Topic Author
Posts: 5
Joined: Thu Dec 19, 2024 12:28 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 4:15 pm

@martimk - if you know better, why do you ask?

on the computer do arp -a
you will see an entry for 192.168.10.1
but not for: 192.168.10.2

you can divide the /24 network into 2x /25 then it will work L3
that's not what I mean. The question is why the microtik does not forward traffic between eth1 and eth2 port
i must use 192.168.10.0 network but without bridge. is it possible ?
 
jaclaz
Forum Guru
Forum Guru
Posts: 1981
Joined: Tue Oct 03, 2023 4:21 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 4:23 pm

Before anything else, if you check your configuration, you will find several instances of * (asterisk) followed by a (hex) number.
This basically means that there was something there that was renamed/deleted/moved/changed in such a way that the RoS can't find it properly anymore, so it places there a sort of placeholder.
bridge *13 and *17, interface *14, etc. in the best case do nothing, in the worse they prevent the switching or routing.
You need to correct them before going on.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12978
Joined: Thu Mar 03, 2016 10:23 pm

Re: problem with vlan configuration

Thu Dec 19, 2024 4:27 pm

You've set 192.168.10.1/24 to one interface and 192.168.10.2/24 to the other interface. Every normal device will assume these two addresses are in same subnet and hence directly accessible without explicitly using router. And bridge is here to pass traffic from ether1 to ether2 (with appropriate VLAN headers attached).

If you want to force devices, connected to ether1, to use router when talking to devices, connected to ether2, then you have to make two distinct IP networks as already suggested by @panisk0

I'm feeling a XY problem here ... so why don't you explain the task you want to do in plain English words without thinking of ROS configuration.

Who is online

Users browsing this forum: No registered users and 17 guests