Dear all,
I got a cisco L2 2950 catalyst switch and mikrotik router OS v3.5.

I have 3 Vlans as Vlan200-172.24.16.1/24
Vlan210-172.24.17.1/24
Vlan220-172.24.18.1/24

I have configured VLAN's in mikrotik as well as in switch also..and internet is also accesible.

But I want to have intervlan routing. Is there any way to configure mikrotik..so users in
Vlan200 can able to communicate users in vlan210.

Hello,

Maybe it's a stupid question but do you have trunk port configured on catalyst?
If not, this is the reason.

best regards

ofcourse everything is fine...and i too have trunked also...but the think is tat i want to have an intervlan communication...Is it possible in mikrotik..
Please help me somebody...

Of course it is possible, it's a router. If you put three VLANs on a switch and trunk it to a port on a RouterOS device and make it the layer 3 gateway for all three VLANs it will by default route between them. So post your relevant configuration, start with "/ip address", "/interface", "/ip route" and "/ip firewall filter" as well as the uplink port from the Catalyst.

well
thanks..
Here is my configuration...
in mikrotik OS:ether1:202.153.41.25
ether2: I have 3 Vlans as Vlan200-172.24.16.1/24
Vlan210-172.24.17.1/24
Vlan220-172.24.18.1/24
In cisco catalyst:port 1 is trunk
port:2-8 access port for vlan200
port:9-16 access port for vlan210
port:17-20 access port for vlan220

Please provide me the configuration to be modified on mikrotik os..

Thanks

Please provide your actual configuration. Run the below and post the output here in code tags:

in mikrotik router os:setup-a-a-(enable interface):ether1
ipaddress:202.153.41.25/255.255.255.28
gateway:202.153.41.17

for vlan set up:;interface vlan add name=vlan200 arp=enabled vlan-id=200
interface=ether2 disabled=no

interface vlan add name=vlan210 arp=enabled vlan-id=210
interface=ether2 disabled=no

interface vlan add name=vlan220 arp=enabled
vlan-id=2 interface=ether2 disabled=no
firewall:::ip firewall nat ip firewall nat add chain=srcnat action=masquerade disabled=no

/ ip address
add address=202.153.41.237/26 network=202.153.41.192 broadcast=202.153.41.255 \
interface=ether3 comment="" disabled=no
add address=172.24.17.1/24 network=172.24.17.0 broadcast=172.24.17.255 \
interface=vlan200 comment="" disabled=no
add address=192.168.100.1/29 network=192.168.100.0 broadcast=192.168.100.7 \
interface=ether1 comment="loopback interface" disabled=no
add address=172.24.18.1/24 network=172.24.18.0 broadcast=172.24.18.255 \
interface=vlan210 comment="" disabled=no
add address=172.24.19.1/24 network=172.24.19.0 broadcast=172.24.19.255 \
interface=vlan220 comment="" disabled=no



/ interface vlan
add name="vlan200" mtu=1500 arp=reply-only vlan-id=210 interface=ether2 \
comment="" disabled=no

add name="vlan210" mtu=1500 arp=reply-only vlan-id=211 interface=ether2 comment="" \
disabled=no

add name="vlan220" mtu=1500 arp=reply-only vlan-id=213 interface=ether2 \
comment="" disabled=no

/ interface ethernet
set ether1 name="ether1" mtu=1500 mac-address=00:08:02:87:64:16 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no

set ether2 name="ether2" mtu=1500 mac-address=00:19:5B:7D:6C:17 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no

set ether3 name="ether3" mtu=1500 mac-address=00:19:5B:7D:85:2E arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no


/ ip route
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 172.24.17.0/24 172.24.17.1 vlan200
1 ADC 172.24.18.0/24 172.24.18.1 vlan210
2 ADC 172.24.19.0/24 172.24.19.1 vlan220
3 ADC 192.168.100.0/29 192.168.100.1 ether3
4 ADC 202.153.41.192/26 202.153.41.237 ether3
5 A S 0.0.0.0/0 r 202.153.41.17 ether3

/ ip firewall nat
add chain=srcnat src-address=172.24.17.0/24 action=masquerade \
comment="masquerade all network" disabled=no

Hi..these are the conf file print

You're assigning VLAN IDs 210, 211 and 213 to interfaces named vlan200, vlan210 and vlan220. While you can do that, are you sure that those are the VLAN IDs you're using on the Catalyst?

hi..fewi.....

did u got my configuration....

is intervlan routing is possible.....'

hi

Actually....I mistyped something here....in catalyst i did everything correct.....

I am using now also....
I am getting the output.
Actually i dnt have a L3 switch. And I use to work in cisco..
But i dnt understand hw to do intervlan communication in mikrotik..
how is it possible in mikroitk...

What VLAN IDs are you using on the Catalyst? Please copy and paste (don't type) "show vlan brief". Then copy and paste (don't type) "/interface vlan export" from the router.

these are the specifications;;
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 200
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 210
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 220
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 220
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 220
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 220
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 220
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 220
switchport mode access
!

!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode access

!
end

So you're using VLANs 200, 210 and 220 on the Catalyst. You're using VLANs 210, 211 and 213 on the router, even though you named the interfaces after 200, 210 and 220. The only common VLAN ID is 210, which coincidentally is also the one that you're NAT'ing to the Internet, which is why that works.


Have you fixed that yet? Is it working after you fix it?

Edit: in case you don't know how to fix it, run this:

yes sir,,,
I have made all the corrections...
and
I nat all the vlan IP's and masquered also....

Now I am accessing internet from all the vlans...
Everything is fine now.

hi..fewi,,,
Next wat shud I have to do.....
for vlan routing in mikrotik..
Thanks

There is no difference for the router between routing from VLAN 200 to the Internet or to VLAN 210, so it should simply be working at this time. Show a traceroute between two VLANs.

Hello Fren, i use your above same scenario but my vlan does not works. plz help me too...

I use Mikrotik router RB1000 & Cisco switch 3550.

Post the same information. Post the output of "show vlan brief" and "show run interface" of the 3550 uplink port as well as the output of "/ip address print detail", "/ip route print detail", "/interface print", and "/ip firewall export" from the RB1000. Wrap all output in

I have the almost same problem. I user Procurve J9450A 1810G-24 L2 switch, web Managed.
I have 3 VLANs. Vlan id : 100, 101, 103. They must not communicate with each other.
I need to connect those VLANS to Application server, Admin PC, and Print Server. Also need those VLANs can connect to Internet via Mikrotik as gateway.

I think there are 2 options,
first option, connect trunked 3 VLANs from port 23 to ether 1 mikrotik and bridge them with ether 2 - Application Server, ether 3 - Admin PC and ether 4 - Print Server. I have tried to make 3 VLANs at Procurve and trunking them via port 23 to ether1 Mikrotik and bridge with port for ether 4 mac address D4:CA:6D:20:6F:53.
Please see the attachment for my Procurve configuration : I connect port 23 for trunking to ether 1 Mikrotik.
I bridged the ether 1 with ether 3.
This is the parts of the configuration in Mikrotik:
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=Bridge_VLAN priority=0x8000 protocol-mode=none
transmit-hold-count=6

/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment=\
"VLAN Trunk to RB1100AHx2 - Port on Bridge_VLAN" \
disabled=no full-duplex=yes mac-address=D4:CA:6D:20:6F:50 mtu=1500 name=\
F0/0 speed=1G
set 1 arp=enabled auto-negotiation=yes comment=\
Internet disabled=no full-duplex=no \
mac-address=D4:CA:6D:20:6F:51 mtu=1500 name=F0/1 speed=100M
set 2 arp=enabled auto-negotiation=yes comment=\
"To Maxial Server" disabled=no full-duplex=yes \
mac-address=D4:CA:6D:20:6F:52 mtu=1500 name=F0/2 speed=1G
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment="To Mail Server and Proxy" \
disable-running-check=yes disabled=no full-duplex=yes mac-address=\
D4:CA:6D:20:6F:53 mtu=1500 name=F0/3 speed=1G

/interface vlan
add arp=enabled comment="" disabled=no interface=Bridge_VLAN mtu=1500 name=\
VLAN_Finance vlan-id=100
add arp=enabled comment="" disabled=no interface=Bridge_VLAN mtu=1500 name=\
VLAN_SM vlan-id=101

/interface bridge port
add bridge=Bridge_VLAN comment=Print_Server disabled=no edge=auto external-fdb=auto \
horizon=none interface=F0/3 path-cost=10 point-to-point=auto priority=\
0x80
add bridge=Bridge_VLAN comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=F0/0 path-cost=10 point-to-point=auto priority=\
0x80

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address
add address=192.168.16.1/24 broadcast=192.168.16.255 comment=LAN disabled=no \
interface=Bridge_VLAN network=192.168.16.0
add address=192.168.16.2/24 broadcast=192.168.16.255 comment=Server disabled=no interface=VLAN_Finance \
network=192.168.16.0
But I wonder why they can't communicate with Mikrotik ?

Maybe because of my lack knowledge. I just make adjustment for the setting from here:
http://forum.mikrotik.com/viewtopic.php?f=2&t=24352

second option, another VLAN 40 at Procurve that consist of Application server, Admin PC and Print Server and bridge by RB1100AHx2 to those 3 VLANs. But not yet try this.
I don't know what is the effective method, I ever red in forum that if we made more bridges it will slow down the connection

Please need advice and help.
Thanks in advance.