Problem with VLAN routing

crucker · March 20, 2020, 9:03am

Hello,
I’ve inherited mikrotic infrastructure and there is problem with public vlan, which should go to APs.
I have 3 switches: There is bridgePUBLIC on switch1 with DHCP running for 10.10.32.0/24 site, pair of PUBLIC/LAN vlans on physical ports.
Switch1 ehter1 is uplink to Zyxel, which gives DHCP for LAN (10.10.30.0/24) and is bridged via bridgeLAN with other ports
Switch3 ether1 is connected to Switch1 ether3. On both S1E3 and S3E1 there are vlan pairs mentioned above.
For testing purposes I’m using Switch3 ether2 for PUBLIC conectivity.
When i connect device to S3E2 i’d get ip from DHCP on S1bridgePUBLIC.

Problem is, that i cannot connect to internet, in fact a cannot get out through S1.
So far i can ping S1bridgePUBLIC (10.10.32.1), S1bridgeLAN (10.10.30.189) and thats it.

Masquerade rule is/was set up on S1 to no avail

chain=srcnat action=masquerade src-address=10.10.32.0/24 src-address-type="" out-interface=bridgeLAN nth=1,1 log=yes log-prefix="pubmasq

Default routes are set up

 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            D
 0 A S  0.0.0.0/0                          10.10.30.1          
 1 ADC  10.10.30.0/24      10.10.30.198    bridgeLAN           
 2 ADC  10.10.31.0/24      10.10.31.1      bridgeSERV          
 3 ADC  10.10.32.0/24      10.10.32.1      bridgePUBLIC

It will take some time to trim full config dump, but is there something i coul have overlooked?

crucker · March 20, 2020, 9:38am

Promised trimmed exports
switch3.rsc (1.66 KB)
switch1.rsc (7.16 KB)

anav · March 20, 2020, 4:19pm

Please add a diagram which will help understand the first post.

crucker · March 23, 2020, 7:38am

Here is the diagram, if you need something detailed, please specify what.

Zacharias · March 23, 2020, 10:14am

I can not see your VLAN configuration.
It sounds like the VLAN has no Access to the CPU so it stays isolated (no internet access)…

anav · March 23, 2020, 1:16pm

You dont state which MT devices you have. ALso you seem to be applying router type rules to switches???
Are the switches being used for switching or routing (which adds double nat as well).

crucker · March 23, 2020, 1:56pm

Hello,
device types are CRS326-24G-2S+ as stated in exports.
So far the were set up as switches with partly implemented vlans, where previous admin was not able to get Public lan functioning.

I’ve added MAC for bridgePublic to host table for shitchCPuu, but i didn’t help.

anav · March 23, 2020, 4:04pm

Suspect you need to read up on configuring MT switches and you can do it two ways.
Use SWOS, which is not always intuitive or use ROUTER OS and use hardware offloading.
example is check out last code block in this post…
http://forum.mikrotik.com/t/cant-use-vlan-1-as-management-vlan/137678/11