Community discussions

MikroTik App
  4. RouterOS
  5. General

Disable InterVLAN routing

Post Reply
 
nstorm
just joined
Topic Author
Posts: 14
Joined: Wed Sep 24, 2014 8:05 am

Disable InterVLAN routing

Wed Apr 29, 2015 12:50 pm

Hello.

I have CRS125 switch. Its configure with 2 VLANs created in switch ASIC, a trunk port (ether1+ether2) with both trunked VLANs. I've also created VLAN IP interfaces on CPU and attached them for the purpose of managing switch from both VLANs. Only 1 master port, no bridge.
I know that this will also enable InterVLAN routing inside CPU. I want to disable it, but keep CPU VLANs interfaces. I've tried using /ip firewall, but probmlem is I don't getting any packets on FORWARD chain at all. Even "log everything on FORWARD chain" rule doesn't logs anything.
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] master-port=ether3
set [ find default-name=ether2 ] master-port=ether3
...
/interface vlan
add interface=ether3 l2mtu=1584 name=vlan91 vlan-id=91
add interface=ether3 l2mtu=1584 name=vlan92 vlan-id=92

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether3,ether4,eth\
    er5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,et\
    her15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ethe\
    r24" forward-unknown-vlan=no

/interface ethernet switch trunk
add member-ports=ether1,ether2 name=trunk1

/interface ethernet switch ingress-vlan-translation
add new-customer-vid=91 ports=\
    ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16 \
    sa-learning=yes
add new-customer-vid=92 ports=\
    ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 \
    sa-learning=yes

/interface ethernet switch vlan
add ports="trunk1,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether\
    16,switch1-cpu" vlan-id=91
add ports="trunk1,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ethe\
    r24,switch1-cpu" vlan-id=92

/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk1,switch1-cpu vlan-id=91
add tagged-ports=trunk1,switch1-cpu vlan-id=92

/ip settings
set ip-forward=no send-redirects=no
  
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes \
    interface=sfp1 network=192.168.88.0
add address=192.168.91.46/24 interface=vlan91 network=192.168.91.0
add address=192.168.92.3/24 interface=vlan92 network=192.168.92.0
What am I doing wrong? I've even set ip-forward to no under /ip settings. Yet still if I add routes on hosts on 91 and 92 VLANs to route via switch VLAN IPs I can reach other VLAN.
Top
 
nstorm
just joined
Topic Author
Posts: 14
Joined: Wed Sep 24, 2014 8:05 am

Re: Disable InterVLAN routing

Wed Apr 29, 2015 2:56 pm

Nevermind, I've found what that was the other router, who was routing between VLANs. I've fixed its config and now everything works as intended, CRS125 doesn't forwards traffic with the above config.
Top
Post Reply
  4. RouterOS
  5. General