Communication problem between switch related to VLAN

RouterOS Beginner Basics
1

Hi,

I have some connection problem on some VLAN on one of my switch.

First, let’s start with a diagram:
Network.png

Here’s the network component:

  • Router RT1 that provide NTP, DHCP services and internet routing.


  • Switch SW1 that gets it’s IP from the VLAN1 through DHCP.


  • Switch SW2 that gets it’s IP from the VLAN1 through DHCP


  • Server SRV2 that gets it’s IP from the VLAN50 through DHCP(the traffic from SRV2 is untagged)


  • Server SRV1 that gets it’s IP from the VLAN100 through DHCP (the traffic from SRV1 is tagged with pvid 100)


  • PC PC1 that gets it’s IP from the VLAN50 through DHCP (the traffic from PC1 is untagged)

And now, the problems:
SW2(192.168.1.3) device on VLAN1 can’t have access to internet ,can’t ping RT1(192.168.1.2) or PC1 (192.168.50.16) [it CAN ping SW1(192.168.1.2) ]
PC1(192.168.50.16) can connect to SW2(192.168.1.3) with winbox using the mac address but cannot connect to SW1 with the mac address (it works with SW1 IP 192.168.1.2)
SRV1(192.168.100.10) can receive an IP address on VLAN100 but has no internet access
SRV2(192.168.50.3) can connect to PC1(192.168.50.16), can connect to SW2(192.168.1.3) with winbox using the mac address but can’t reach at all SW1(192.168.1.2) [with IP or mac address]

What works as expected :
SW1(192.168.1.2) can ping RT1(192.168.1.2), PC1 (192.168.50.16) or SRV2(192.168.50.3) and SW2(192.168.1.3)

Finally my conf :
SW1(192.168.1.2)

/interface bridge
add name=BR1 vlan-filtering=yes

/interface list
add name=WAN
add name=LAN

/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=50
add bridge=BR1 interface=sfp-sfpplus1
add bridge=BR1 interface=sfp-sfpplus2
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=50

/interface bridge vlan
add bridge=BR1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=sfp-sfpplus3,sfp-sfpplus4,BR1 vlan-ids=50
add bridge=BR1 tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=100

/interface list member
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=WAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN

/ip dhcp-client
add interface=BR1

/ip service
set telnet disabled=yes
set api disabled=yes

/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore

/system identity
set name=Crs305

/system leds
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes

/system leds settings
set all-leds-off=immediate

/system note
set show-at-login=no

/system ntp client
set enabled=yes

/system ntp client servers
add address=192.168.1.1

/system routerboard settings
set boot-os=router-os

SW2(192.168.1.3) :

/interface bridge
add name=BR1 vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] poe-out=off
set [ find default-name=ether3 ] poe-out=forced-on
set [ find default-name=ether4 ] poe-out=off
set [ find default-name=ether5 ] poe-out=off
set [ find default-name=ether6 ] poe-out=off
set [ find default-name=ether7 ] poe-out=off
set [ find default-name=ether8 ] poe-out=off

/interface bonding
add mode=802.3ad name=bond1 slaves=ether7,ether8

/interface list
add name=WAN
add name=LAN

/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=50
add bridge=BR1 interface=ether3 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=bond1 pvid=50
add bridge=BR1 interface=sfp-sfpplus1

/interface bridge vlan
add bridge=BR1 tagged=sfp-sfpplus1 untagged=ether1,ether2,ether4,ether5,ether6,bond1,BR1 vlan-ids=50
add bridge=BR1 tagged=sfp-sfpplus1,ether3 vlan-ids=100

/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=sfp-sfpplus1 list=WAN

/ip dhcp-client
add interface=BR1

/ip service
set telnet disabled=yes
set api disabled=yes

/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore

/system identity
set name=Rb5009

/system note
set show-at-login=no

/system ntp client
set enabled=yes

/system ntp client servers
add address=192.168.1.1

I noticed that /ip arp that RT1(192.168.1.1) appears (flip flop from reachable to stale) , it’s not good but I don’t know what to do about it…

Anyway, thanks for reading up to this point and sorry if it’s confusing (I’m a bit lost).
Any suggestion is welcome!

2

Plwase recheck your post.
RT1 is 192.168.1.1, you wrote 192.168.1.2 in a few places.
Post the configuration of the RT1 too.
I think it is better to go step by step, i.e. if PC1 connection to RT1 is not working the issue can be in three places, (besides PC1), SW2, SW1 and RT1, but if SRV2 connection to RT1 is not working, the issue can be (besides SRV2) only in two, either SW1 or RT1 configurations.

3

well, that embarrassing, now most of the things I was complaining about do work somehow ( e.g SRV1 had a dangling vpn connection messing with things).
I didn’t post the config of RT1 because it’s not a mikrotik device ( pfsense).
yeah, RT1 ip was wrong in my post that I read again 3 times…Anyway, I shouldn’t write post at 2am obviously.

I managed to update SW2 to the latest version of ROS ( somehow, NTP and internet got working [I suspect the mikrotik fairies :slight_smile: ] )

Only thing left is that winbox does not see the all the mikrotik mac adress ( but I can connect with the IP so it’s not a problem)

Thanks jaclaz for your time , let’s call it a day !