Hi all!
I was looking for a way to assign IP addresses to devices in the management VLAN. I tried to create a VLAN interface on every device with an IP address and it works, but I can imagine that’s not the right way
How do you do it?
Take a look here : http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Thanks for your answer, the thread you posted is interesting but for other reasons.
I’m looking for a way to access to all my MT devices by IP, so I must assign an IP manually to everyone in the MGMT VLAN, and the only way I have found is to create a VLAN interface with VLAN_ID=99 and manually assign IP on everyone. I’m not talking about some generic devices by DHCP.
What makes you doubt about correctness of this method?
and the only way I have found is to create a VLAN interface with VLAN_ID=99 and manually assign IP on everyone
What is wrong with that ?
Simple, it comes from my mind. I’m just learning a lot of stuff and I’m not very experienced about right settings on VLANs, so I know that all I do there’s a better way to do it.
Do you know other way to do this?
I’m not aware of any other method. The only thing you have to be careful about is this: ROS is router OS and will happily route between all interfaces with IP address set … unless you block that using firewall filters. Which means you have to be extra careful if a device needs more than one IP interface (e.g. if you have router which has to route different LANs, you have to block connections to router from guest LAN … or in case of management VLAN, block all connections except those coming from management VLAN)
I thought about that, in my case I’ve only a main router and I use other ROS devices as switch or AP, so I need only the MGMT IP address. I think it can be blocked by a rule in the bridge filter…
If you’re not extremely paranoid, then you don’t need any firewall on these devices, only main router should control access to management LAN as a whole.
Thanks! I’m seeing a secondary problem with this config… The main router has internet connectivity, other devices can’t ping or connect to internet services like NTP.
Is it possible that the other RB can’t use internet connectivity they found on some VLANs? Are they trying to use the MGMT VLAN which is the only one having an IP address?
Because of wrong vlan configuration…!
It is really good to try achieve a configuration until you succeed, sometimes however we should read and study a bit first…
There is a huge theory in the wiki about the vlans… Even if you make it work, you will never understand why it worked…
When it comes to IP networking (internet is all about it) there is one basic thing: device needs IP address. In case when device has multiple interfaces (be it physical such as ethernet or logical such as VLAN or PPPoE) it can only comunicate over those interfaces with IP address set.
So in case of a switch (such as CRSxxx) it might have many interfaces and plenty VLANs, but it doesn’t use IP to pass traffic betwern them, it’s using MAC addresses. Hence it’s only normal that a switch with management LAN configured can communicate only through that (V)LAN. Which is exactly the whole point of having management network.
Found the problem, there’s no route to internet. I add the 0.0.0.0/0 route on every RB, and now it works properly.
I hope you know that this is not about VLANs…
Yep I know, I’m sorry for my english, I didn’t write it very clear, sorry for the misunderstanding.
Anyway I’ll go back on my books, there’s something I’m missing.
Thanks to all!