Hi guys,

I'm having some problems with routing inter-vlans on rb 1100ah, so I can´t ping between Vlans and I just can to do it when I enable NAT someone can help me with this issue.

Thanks,
Francisco.

Pleas post is your config so we can give you some advise.

Hi,

Here is my confs and screens Vlans.

Thanks for your help.

Hi,

many thanks for your replay.

Here is my screen and also my export file.

Regards,
Francisco.

Am I correct to think that you have connected a separate switch to the trunk port and from that switch connected multiple devices split over the various VLAN's
Are you able to ping the interface IP's from a system connected to the administrative interface (with disabled NAT rule)?

Hi,

When I'm connected in the RB1100 if I try to ping from it to any other Vlan, I can. But if I try from vlan to rb1100 or another vlan I get timeout.

I seems stranger because all the interfaces and also ip address are directly connected on the RB.

If I connect a router huawei or Cisco as a trunk I don´t have any problem.


Regards,
Francisco

Hi,

When I'm connected in the RB1100 if I try to ping from it to any other Vlan, I can. But if I try from vlan to rb1100 or another vlan I get timeout.

I seems stranger because all the interfaces and also ip address are directly connected on the RB.

If I connect a router huawei or Cisco as a trunk I don´t have any problem.


Regards,
Francisco

How are your systems connected to the RouterBoard? What is the trunk connected to?

Hi,

This is my topology, look it´s very simply. I just need that all vlans and LAN can to communicate between they.

I still not find out the problem, this is my first time with mikrotik ROS but I have a lot of cases alright with trunks on routers Cisco and Huawei etc...

Many thanks for any help.

Regards,
Francisco.

I think your NAT rule is the problem.
If you are trying to reach a system on one of the VLANs when you're coming from the 192.168.x.x part, the packets coming back will be hit by the src-nat rule, and therefor will have 192.168.200.254 as their source IP, which is unexpected by your system, since it is trying to communicate with a 172.x.x.x system.
Are you able to communicate when the NAT rule is disabled?

Hi,

I just can communicate if the NAT rule is enable. This is the problem!

I spoke with a friend and does he tell me that in the MK the "interface forward" just be enable if you create a NAT rule. I will make a test with a NAT rule without the "src-address=172.16.0.0/16" just keep the "action=masquerade and out-interface=\LAN_ADMINISTRATIVO", I wanna just try to enable the packet forward between the interfaces.

I think strongly that my problem is "packet forward" between interfaces on MK, what you think ?


/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=\
LAN_ADMINISTRATIVO

If your routing rules on your system which is (as far as I can imagine) on the "outside" of the mikrotik are correct, then you should be able to communicate with the different VLAN's without the NAT rule.
Possible problem is that if you try to go to 172.x.x.x from 192.168.200.x and the mikrotik is not your default gateway, your packet will not go to the mikrotik and therefor never reach the VLAN.
If your 192.168.x.x system does have the mikrotik as default gateway then you should be able to ping the 172.x.x.x addresses, without using NAT

Disable the NAT for now - complete distraction. With no forwarding chain filters RouterOS is routing the VLANs. Check ARP - are you seeing other devices on the VLANs? How are the gateways set on the devices on the VLANs?