now, I ping from 192.168.6.244 to 192.168.6.236 is woring
I ping from 192.168.6.244 to 192.168.6.1 is timeout
Cisco switch and mikrotik router connect with one trunk port,and will add some more vlans
how can I bridge vxlan port and vlan?
I tried interface vlan and bridge vlan, none of them was worked
follow is my configure
Code: Select all
# model = E50UG
/interface bridge
add name=Bridge-VLAN1 vlan-filtering=yes
add name=Bridge-VLAN6 protocol-mode=mstp pvid=6 vlan-filtering=yes
/interface pppoe-client
add ac-name=SDQDA-MC-CMNET-BRAS62-ME60 allow=pap disabled=no interface=ether1 \
keepalive-timeout=disabled name=REMOVED user=REMOVED
/ip ipsec profile
add dh-group="ecp256,ecp384,ecp521,modp8192,modp6144,modp4096,modp3072,modp204\
8,modp1536,modp1024" enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha384 name=REMOVED prf-algorithm=sha384
/ip ipsec peer
add address=REMOVED exchange-mode=ike2 name=REMOVED \
profile=gxqcmcc
/ip ipsec proposal
add auth-algorithms=sha512,sha256 enc-algorithms="chacha20poly1305,aes-256-cbc\
,aes-256-ctr,aes-256-gcm,camellia-256,aes-192-cbc,aes-192-ctr,aes-192-gcm,\
camellia-192,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,blowfish,two\
fish" name=gxqwcmcc pfs-group=modp4096
/interface vxlan
add local-address=172.16.0.1 loop-protect=on mac-address=62:F0:39:CA:AE:F2 \
mtu=1200 name=VxLAN6 port=8472 vni=6 vrf=main vteps-ip-version=ipv4
/routing rip instance
add disabled=no name=rip-instance-1
/interface bridge port
add bridge=Bridge-VLAN6 interface=ether2 pvid=6 trusted=yes
add bridge=Bridge-VLAN6 interface=VxLAN6 pvid=6
/interface bridge vlan
add bridge=Bridge-VLAN6 vlan-ids=1
add bridge=Bridge-VLAN6 tagged=ether2 untagged=VxLAN6 vlan-ids=6
/interface vxlan vteps
add interface=VxLAN6 remote-ip=172.17.0.1
/ip address
add address=192.168.0.8/28 interface=Bridge-VLAN1 network=192.168.0.0
add address=172.16.0.1 interface=lo network=172.16.0.1
add address=192.168.6.236/24 interface=Bridge-VLAN6 network=192.168.6.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip firewall filter
add action=accept chain=forward connection-state=\
invalid,established,related,new,untracked dst-address=172.17.0.0/16 \
src-address=172.16.0.0/16
add action=accept chain=forward connection-state=\
invalid,established,related,new,untracked dst-address=172.16.0.0/16 \
src-address=172.17.0.0/16
/ip firewall nat
add action=accept chain=srcnat dst-address=172.17.0.0/16 src-address=\
172.16.0.0/16
/ip firewall raw
add action=notrack chain=prerouting dst-address=172.17.0.0/16 src-address=\
172.16.0.0/16
add action=notrack chain=prerouting dst-address=172.16.0.0/16 src-address=\
172.17.0.0/16
/ip ipsec identity
add peer=REMOVED
/ip ipsec policy
set 0 disabled=yes
add dst-address=172.17.0.0/16 peer=REMOVED proposal=gxqwcmcc src-address=\
172.16.0.0/16 tunnel=yes
/ip route
add disabled=no distance=1 dst-address=172.17.0.0/16 gateway=qdcmcc \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ipv6 address
add address=::6666 advertise=no from-pool=qdcmcc interface=qdcmcc no-dad=yes
/ipv6 dhcp-client
add add-default-route=yes interface=qdcmcc pool-name=qdcmcc request=prefix
/routing filter rule
add chain=DisableIPv4DefaultRoute comment=\
"\E7\A6\81\E7\94\A8IPv4\E9\BB\98\E8\AE\A4\E8\B7\AF\E7\94\B1" disabled=no \
rule="if (dst in 0.0.0.0/0 && dst-len==0) {reject} else {accept}"
/routing rip interface-template
add disabled=no instance=rip-instance-1 interfaces=Bridge-VLAN1
