MikroTik

Posted: **Fri Aug 09, 2013 1:08 pm**

Hello,

I want to set up VLAN. I have RB750, Netgear Mng Switch 24p.
On Netgear i have VLAN 1 and VLAN10
VLAN Membership for VLAN1 all port untaged
VLAN Membership for VLAN10 port1 Untaged(where mikrotik is conected) port 2 taged where VLAN10 user is connected.

On Ether1 interface I have LAN and VLAN
name="ether1" type="ether" mtu=1500 l2mtu=1526
name="vlan_test" type="vlan" mtu=1500 l2mtu=1522

Ip adresses
192.168.2.1/24 192.162.2.0 192.162.2.255 vlan_test (VLAN ID 10)
192.168.0.1/24 192.168.0.0 192.168.0.255 ether1

IP Route
ADC 192.162.2.0/24 192.168.2.1 vlan_test 0
ADC 192.168.0.0/24 192.168.0.1 ether1 0

PC with GW 192.168.2.1 can't ping 192.168.2.1, bet another pc with GW 192.168.0.1 can ping 192.168.2.2.
What kind of FireWall rulles I need to allow connection between subnets?

Posted: **Fri Aug 09, 2013 1:20 pm**

VLAN Membership for VLAN10 port1 Untaged(where mikrotik is conected) port 2 taged where VLAN10 user is connected.

You need to reverse that:
untagged vlan10 on port 2 to user and tagged vlan 10 on port 1 to mikrotik. Also remove vlan1 completely from port 2.

name="vlan_test" type="vlan" mtu=1500 l2mtu=1522

Make sure this vlan interface uses vlan tag 10.

Posted: **Fri Aug 09, 2013 2:09 pm**

Thanks for reply.

I change settings, but without success.
VLAN10 PC can not ping GW and other members of VLAN10.

Posted: **Fri Aug 09, 2013 4:59 pm**

DHCP gives VLAN10 subnet adress, but i can not ping other subnets from PC. From mikrotik i can't ping VLAN10 PC too. Maybe I need to provide some NAT un Filter rules?

Posted: **Fri Aug 09, 2013 5:07 pm**

PC with GW 192.168.2.1 can't ping 192.168.2.1, bet another pc with GW 192.168.0.1 can ping 192.168.2.2.

In that case routing / nating already works. If you cannot ping gw addresses (which are bound to ip interface on the router) you may just have deactivated icmp echos somewhere for security reasons and / or may even have firewall rules that prohibit the gw from echoing.

Posted: **Fri Aug 09, 2013 6:16 pm**

I have not internet access from vlan10 PC's.

Posted: **Sat Aug 10, 2013 5:05 pm**

Do you have NAT configured for 192.162.2.0/24 ?

Posted: **Mon Aug 12, 2013 10:45 am**

No, there ar not any NAT for 192.168.2.0/24. As I understand by default i don't need any. Am I wrong?

Posted: **Mon Aug 12, 2013 11:01 am**

When you want to access the internet from a local network (private ip range) the router has to do NAT (source NAT to be precise), because private ips don't get routed in the internet (potentially there are millions of devices that could have the same ip), so from the internet it seems requests come from your public wan ip. This is what every router box does at home, offices, etc.

I bet you have NAT for your network 192.162.0.0/24 configured and you just have to do the same for 192.162.2.0/24

MikroTik

VLAN

VLAN

Re: VLAN

Re: VLAN

Re: VLAN

Re: VLAN

Re: VLAN

Re: VLAN

Re: VLAN

Re: VLAN