Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Vlan with IP Firewall

Locked
 
plankanater
Member Candidate
Member Candidate
Topic Author
Posts: 172
Joined: Wed Mar 14, 2012 3:56 am

Vlan with IP Firewall

Mon Oct 14, 2013 10:48 pm

I have a mikrotik with a config that takes 2 vlans off of a bridge and untags them onto a port using another bridge. My config is outlined below. I do rate-limiting by packet marking the ports of the bridges. My issue is if I check the "use ip firewall" in the bridge setting the router quits passing traffic over the vlan. If I disable this setting the vlan starts working. ( Its the last setting in the config)

I need to do rate-limiting on a port that is on a bridge and using this is the only way I know how but it seems to be blocking the vlan.

/interface bridge
add l2mtu=1594 name="Vlan - 18 - Bridge"
add l2mtu=1594 name="Vlan - 29 - Bridge"
add l2mtu=1598 name="WAN Bridge"

/interface vlan
add interface="WAN Bridge" l2mtu=1594 name=vlan18 vlan-id=18
add interface="WAN Bridge" l2mtu=1594 name=vlan29 vlan-id=29

/interface bridge port
add bridge="WAN Bridge" interface="1 - Backhaul"
add bridge="WAN Bridge" interface="4"
add bridge="WAN Bridge" interface="10"
add bridge="Vlan - 18 - Bridge" interface=vlan18
add bridge="Vlan - 18 - Bridge" interface="5"
add bridge="WAN Bridge" interface="6"
add bridge="Vlan - 29 - Bridge" interface="7A"
add bridge="Vlan - 29 - Bridge" interface=vlan29

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
Top
 
efaden
Forum Guru
Forum Guru
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Vlan with IP Firewall

Mon Oct 14, 2013 11:18 pm

What does your firewall look like.

Sent from my SCH-I545 using Tapatalk
Top
 
plankanater
Member Candidate
Member Candidate
Topic Author
Posts: 172
Joined: Wed Mar 14, 2012 3:56 am

Re: Vlan with IP Firewall

Mon Oct 14, 2013 11:54 pm

My firewall rules are actually empty. The only reason I tell it to use firewall rules is because thats the only way I can get the queue tree to notice the packet marks.
Top
 
plankanater
Member Candidate
Member Candidate
Topic Author
Posts: 172
Joined: Wed Mar 14, 2012 3:56 am

Re: Vlan with IP Firewall

Thu Nov 07, 2013 5:13 pm

Any help anyone?
Top
 
deimos
just joined
Posts: 7
Joined: Wed Jun 20, 2007 12:43 am

Re: Vlan with IP Firewall

Mon Aug 18, 2014 8:49 pm

This has been broken since v6.xx and is a Royal PITA. Clearly enabling "Use IP Firewall" in the Bridge Settings should not stop forwarding of L3 packets, but that is what is happening. Either no one else is using VLANs, or there is just some fundamental misunderstanding here. The configuration that this breaks is ridiculously simple. Have a tagged packet enter the router. Untag the packet and send out another interface. Works fine until you enable "Use IP Firewall".

Perhaps some can explain why this is a good idea ....
Top
 
deimos
just joined
Posts: 7
Joined: Wed Jun 20, 2007 12:43 am

Re: Vlan with IP Firewall

Mon Sep 08, 2014 8:24 pm

See http://forum.mikrotik.com/viewtopic.php ... 21#p446221

Problem verified, solution unknown.
Top
Locked

Who is online

Users browsing this forum: CGGXANNX, iNSERTER, JohnTRIVOLTA and 17 guests
  4. RouterOS
  5. Beginner Basics