MikrotiK OS 2011UiAS 6.27
So on Mikrotik I have bridge (Eth0-Eth5,Eth9)
On bridge there are:
Devices with addresses 10.105.100.X and 10.105.200.X connected to Eth1-Eth3 ports (DHCP on VLAN’s works fine)
Now I trying to ping with Ping Mikrotik Utilite (source address 10.105.10.1)
I can ping 10.105.100.1, 10.105.200.1 and any device on Vlan200 (10.105.200.X)
But I cant access Vlan100 devices (10.105.100.X) from Mikrotik
From devices on Vlan100 Mikrotik is acessable
Help!
here is my route table:
> ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=178.X.X.X
gateway-status=178.X.X.1 reachable via sfp1 distance=1 scope=30
target-scope=10
2 ADC dst-address=10.105.10.0/24 pref-src=10.105.10.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
3 ADC dst-address=10.105.100.0/24 pref-src=10.105.100.1 gateway=vlan100
gateway-status=vlan100 reachable distance=0 scope=10
7 ADC dst-address=10.105.200.0/24 pref-src=10.105.200.1 gateway=vlan200
gateway-status=vlan200 reachable distance=0 scope=10
That’s the expected behaviour, as you segmented vlan100 and vlan200 devices in seperate L2 broadcast domains.
You have to create vlan devices on the proper mikrotik ports, and assign IP on each so that RouterOS will route between vlans (L3), i.e. .100.1 on vlan100 and .200.1 on vlan200.
I assume from your routing table you’ve already done that, make sure you included the CPU port on the switch VLAN setup, you need to raise it to L3.
pukkita:
That’s the expected behaviour, as you segmented vlan100 and vlan200 devices in seperate L2 broadcast domains.
You have to create vlan devices on the proper mikrotik ports, and assign IP on each so that RouterOS will route between vlans (L3), i.e. .100.1 on vlan100 and .200.1 on vlan200.
I assume from your routing table you’ve already done that, make sure you included the CPU port on the switch VLAN setup, you need to raise it to L3.
I created vlans on bridge and can’t create it on definite eth ports cause on eth1, eth2, eth3 of Mikrotik connected tagged ports of D-Link DES-1210-28 commutators
All traffic from devices on vlan100 or vlan200 network comes to Mikrotik already tagged and Mikrotik gives to all devices IP addresses depending on tag
I don’t use swithes, I use bridge instead.
/interface vlan
add arp=enabled disabled=no interface=bridge1 l2mtu=1594 mtu=1500 name=\
vlan100 use-service-tag=no vlan-id=100
add arp=enabled disabled=no interface=bridge1 l2mtu=1594 mtu=1500 name=\
vlan200 use-service-tag=no vlan-id=200
/interface bridge port
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=\
0x80
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=\
0x80
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=\
0x80
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether4 path-cost=10 point-to-point=auto priority=\
0x80
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether5 path-cost=10 point-to-point=auto priority=\
0x80
add auto-isolate=no bridge=bridge1 disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether9 path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
What cant I do to access from 10.105.10.1 (IP of MikroTik) to all devices on vlan100 ?
what’s the VLAN100 devices gateway?
DHCP on Mikrotik gives gateway 10.105.100.7 - Kerio Control server