We have recently acquired a CCR1036 and have been finding it difficult to set up the way we would like. We’ve looked around and haven’t found the answer to our issue as of yet. Essentially we are having trouble getting ports to communicate across VLANs.
The setup we would like to have is the following:
Ether1 – Receiving a gateway from our ISP1 over VLAN 11 – public /30
Ether2 – Receiving a gateway from our ISP2 no VLAN – public /30
Ether4 – Private /24 on VLAN 10 accessible from ether1 and can communicate with VLAN100 and VLAN200
Ether5 to 8 – LAG/Bonded Interfaces communicating with public /27 on VLAN 200 containing our equipment – also communicating with a public /22 on VLAN 100
Sfp1 – BGP peering link (not currently needing configuration as not yet in use)
Sfp2 – BGP peering link (also not currently needing configuration as not yet in use)
We’ve tried adding the ports to the appropriate VLANs and then bridging the VLANs but could not communicate from port to port. We think our LAG is working as we can connect to the CCR from our managed switch on VLAN 100 ports but we seem unable to reach anything on VLAN10 or get an outside connection over VLAN11 on Ether1.
We then attempted a number of other variations of port and VLAN bridging to no avail.
Any advice would be greatly welcomed!
Open a Terminal and issue
export compact
Then paste the output here. (edit out any sensitive information)
As requested:
RouterOS 6.33rc22
# software id = LCXV-845U
#
/interface bridge
add name=Ext-to-LAG
add name=RAR-to-LAG
/interface ethernet
set [ find default-name=ether1 ] name=ether1-HE-Uplink
set [ find default-name=ether2 ] name=ether2-Enta-Uplink
set [ find default-name=ether3 ] name=ether3-management
set [ find default-name=ether4 ] name=ether4-RAR-Uplink
set [ find default-name=ether5 ] name=ether5-LAG
set [ find default-name=ether6 ] name=ether6-LAG
set [ find default-name=ether7 ] name=ether7-LAG
set [ find default-name=ether8 ] name=ether8-LAG
set [ find default-name=sfp-sfpplus1 ] name=sfp1-linxxtreme
set [ find default-name=sfp-sfpplus2 ] name=sfp2-linxjuniper
/interface vlan
add interface=ether4-RAR-Uplink l2mtu=1576 name=vlan10-RAR vlan-id=10
add interface=ether1-HE-Uplink l2mtu=1576 name=vlan11-HE vlan-id=11
/interface bonding
add mode=802.3ad name=4GB-LAG slaves=\
ether5-LAG,ether6-LAG,ether7-LAG,ether8-LAG transmit-hash-policy=\
layer-2-and-3
/interface vlan
add interface=4GB-LAG name=vlan10-LAG vlan-id=10
add interface=4GB-LAG name=vlan100-LAG vlan-id=100
add interface=4GB-LAG name=vlan200-LAG vlan-id=200
/interface bridge port
add bridge=Ext-to-LAG interface=4GB-LAG
add bridge=Ext-to-LAG interface=ether1-HE-Uplink
add bridge=Ext-to-LAG interface=ether2-Enta-Uplink
add bridge=RAR-to-LAG interface=vlan10-LAG
add bridge=RAR-to-LAG interface=vlan10-RAR
add bridge=RAR-to-LAG interface=vlan11-HE
add bridge=RAR-to-LAG interface=vlan100-LAG
add bridge=RAR-to-LAG interface=vlan200-LAG
/ip address
add address=216.XX.XX.XX/29 interface=ether1-HE-Uplink network=216.XX.XX.XX
add address=185.XX.XX.XX/22 interface=4GB-LAG network=185.XX.XX.XX
add address=199.XX.XX.XX/27 interface=4GB-LAG network=199.XX.XX.XX
add address=10.XX.XX.XX/24 interface=ether4-RAR-Uplink network=10.XX.XX.XX
add address=78.XX.XX.XX/30 interface=ether2-Enta-Uplink network=78.XX.XX.XX
/ip route
add distance=1 gateway=ether1-HE-Uplink
add distance=10 gateway=ether2-Enta-Uplink
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
Note that our ether1 feed is a /29 and not a /30 as in my previous post, this was a typo and /29 is the correct value.