Community discussions

MikroTik App
  4. RouterOS
  5. General

VLAN

Post Reply
 
axpress
just joined
Topic Author
Posts: 6
Joined: Thu Jan 31, 2013 10:01 am

VLAN

Fri Aug 09, 2013 1:08 pm

Hello,

I want to set up VLAN. I have RB750, Netgear Mng Switch 24p.
On Netgear i have VLAN 1 and VLAN10
VLAN Membership for VLAN1 all port untaged
VLAN Membership for VLAN10 port1 Untaged(where mikrotik is conected) port 2 taged where VLAN10 user is connected.


On Ether1 interface I have LAN and VLAN
name="ether1" type="ether" mtu=1500 l2mtu=1526
name="vlan_test" type="vlan" mtu=1500 l2mtu=1522

Ip adresses
192.168.2.1/24 192.162.2.0 192.162.2.255 vlan_test (VLAN ID 10)
192.168.0.1/24 192.168.0.0 192.168.0.255 ether1

IP Route
ADC 192.162.2.0/24 192.168.2.1 vlan_test 0
ADC 192.168.0.0/24 192.168.0.1 ether1 0

PC with GW 192.168.2.1 can't ping 192.168.2.1, bet another pc with GW 192.168.0.1 can ping 192.168.2.2.
What kind of FireWall rulles I need to allow connection between subnets?
Last edited by axpress on Fri Aug 09, 2013 2:16 pm, edited 1 time in total.
Top
 
onnoossendrijver
Member
Member
Posts: 488
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: VLAN

Fri Aug 09, 2013 1:20 pm

VLAN Membership for VLAN10 port1 Untaged(where mikrotik is conected) port 2 taged where VLAN10 user is connected.
You need to reverse that:
untagged vlan10 on port 2 to user and tagged vlan 10 on port 1 to mikrotik. Also remove vlan1 completely from port 2.
name="vlan_test" type="vlan" mtu=1500 l2mtu=1522
Make sure this vlan interface uses vlan tag 10.
Top
 
axpress
just joined
Topic Author
Posts: 6
Joined: Thu Jan 31, 2013 10:01 am

Re: VLAN

Fri Aug 09, 2013 2:09 pm

Thanks for reply.

I change settings, but without success.
VLAN10 PC can not ping GW and other members of VLAN10.
Top
 
axpress
just joined
Topic Author
Posts: 6
Joined: Thu Jan 31, 2013 10:01 am

Re: VLAN

Fri Aug 09, 2013 4:59 pm

DHCP gives VLAN10 subnet adress, but i can not ping other subnets from PC. From mikrotik i can't ping VLAN10 PC too. Maybe I need to provide some NAT un Filter rules?
Top
 
AlArenal
Member Candidate
Member Candidate
Posts: 131
Joined: Thu Aug 01, 2013 5:24 pm
Location: Iserlohn, Germany

Re: VLAN

Fri Aug 09, 2013 5:07 pm

PC with GW 192.168.2.1 can't ping 192.168.2.1, bet another pc with GW 192.168.0.1 can ping 192.168.2.2.
In that case routing / nating already works. If you cannot ping gw addresses (which are bound to ip interface on the router) you may just have deactivated icmp echos somewhere for security reasons and / or may even have firewall rules that prohibit the gw from echoing.
Top
 
axpress
just joined
Topic Author
Posts: 6
Joined: Thu Jan 31, 2013 10:01 am

Re: VLAN

Fri Aug 09, 2013 6:16 pm

I have not internet access from vlan10 PC's.
Top
 
AlArenal
Member Candidate
Member Candidate
Posts: 131
Joined: Thu Aug 01, 2013 5:24 pm
Location: Iserlohn, Germany

Re: VLAN

Sat Aug 10, 2013 5:05 pm

Do you have NAT configured for 192.162.2.0/24 ?
Top
 
axpress
just joined
Topic Author
Posts: 6
Joined: Thu Jan 31, 2013 10:01 am

Re: VLAN

Mon Aug 12, 2013 10:45 am

No, there ar not any NAT for 192.168.2.0/24. As I understand by default i don't need any. Am I wrong?
Top
 
AlArenal
Member Candidate
Member Candidate
Posts: 131
Joined: Thu Aug 01, 2013 5:24 pm
Location: Iserlohn, Germany

Re: VLAN

Mon Aug 12, 2013 11:01 am

When you want to access the internet from a local network (private ip range) the router has to do NAT (source NAT to be precise), because private ips don't get routed in the internet (potentially there are millions of devices that could have the same ip), so from the internet it seems requests come from your public wan ip. This is what every router box does at home, offices, etc.

I bet you have NAT for your network 192.162.0.0/24 configured and you just have to do the same for 192.162.2.0/24
Top
Post Reply

Who is online

Users browsing this forum: bonamin, sindy and 67 guests
  4. RouterOS
  5. General