Hi all,
I hope you all are doing well.
Recently, we have purchased RouterBoard 952Ui 2Hnd. I configured the load balancer and it worked without issues.
I need a solution to connect this board to Layer 3 switch (cisco). I tried several steps but I failed. Can anyone tell me how to configure it?
Details:
Cisco VLAN IPs: 172.x.x.1 (cisco) and 172.x.x.2 (should be mikrotik interface ip)
Cisco IP range given to me: 10.x.x.0/24, gateway 10.x.x.1 (for users)
Mikrotik supports software based L3 but I’m failing to do it. Any help is appreciated.
If those are private IPs, there’s no reason to ‘x’ them out as they are not routable across the internet anyways. You also need to provide a bit more information as to your configuration on the Cisco and the Mikrotik for anyone to be of any use.
Can your cisco device ping the Mikrotik interface and vice-a-versa?
What do your ip tables look like on both devices?
What isn’t specifically working? (without knowing the problem, no one can offer solutions)
They gave just these VLAN IPs 172.20.123.0/30 and 10.1.200.0/24 to use Internet. When a client has 10.x.x.10 IP then it can connect to Internet through Layer3 switch. Same thing If possible I want to use it on Mikrotik.
I don’t know much about the Mikrotik but I tried some few things.
IP > Address.
Ether1: 10.1.200.2/24
Ether5: 172.20.123.2/30
1- Added the NAT in IP > Firewall
srcnat to out interface ether5 and action to masquerade
Note: No other rules defined except NAT.
2- Added IP > Routes
0.0.0.0 to gateway 172.x.x.1 and 0.0.0.0 to gateway 10.x.x.1 and vice versa.
When I ping to 172.20.123.1 from Mikrotik then it replies me back but there’s no reply from 10.1.200.1 gateway.
So it looks like your ISP gave you a WAN IP in the 172.20.123.0/30 scope and you’d assign 10.1.200.0/24 to your clients. Or are both assigned by your ISP to use?
Which interface is going to your ISP? I assume ether5.
That should be good there.
Should not need to add these routes. They should be added automatically. You do want to make sure you have a default route our ether5 or the IP assigned to it - assuming that is your “WAN IP.”
Yes the ISP gave me the vlan scope 172.20.123.0/30 and 10.1.200.0/24 for clients to use internet otherwise no internet. The client will get internet if they have set 10.x.x.x IP.
The ISP said that you have to use layer3 switch in order to get internet.
Ether5 port is going out. Ether1 is for local users.
One more thing. They said that if I use Cisco switch (for example 3560 series) then it will work. The configuration on the switch should be like this.
config t
interface giga*
no switchport
ip addr 172.20.123.2 255.255.255.252
ip routing
vlan10
interface vlan10
ip addr 10.1.200.1 255.255.255.0
interface range fastethernet/1-24
switchport access vlan10
ip route 0.0.0.0 0.0.0.0 172.20.123.1
wr
This type of configuration is needed in Mikrotik (to support Layer3). So need guidance to configure it.
I don’t have any experience with the RouterBoard 952Ui 2hd GUI interface. Is it web based only or can you use CLI or WinBox?
The same configuration should be possible with that device. What you want to look at doing is configuring the 172.20.123.2/30 address on port 1 and plug your cable into that interface. That will become your WAN interface.
Change the network on your Mikrotik to the 10.1.200.0/24, specifically assigning 10.1.200.1 to your Mikrotik. You then want to look at the routing table. Ensure there is a default route out of the WAN interface / IP.
Finally look for a NAT feature and disable that. That would give you a similar setup to the Cisco config.
On your WAN interface (I believe you said ether5):
Make sure master-port is set to “none”
Make sure that ether5 is not connected to any bridge in the /bridge > ports menu.
Then in IP addresses menu, add 172.20.123.2/30 interface=ether5
Then in IP routes menu, add (or modify if it exists) the default GW route:
destination=0.0.0.0/0 gateway=172.20.123.1
Then make sure your LAN bridge is connected to the interface that is the switch master (look in interfaces > ethernet menu)
I recommend that you configure ether1 as the master, so ether1 has master=none, ether2 - ether4 have master=ether1
In bridge, make sure that wlan1 and ether1 are connected to bridge-local as ports.
Put IP address 10.0.0.1/24 as an IP address on interface bridge-local
Configure the RB’s DNS server address in IP > DNS menu.
Go into IP DHCP Server menu, and run the “DHCP Setup” wizard (click the button)
It sounds like the ISP is going to route 10.x.x.x IP addresses to you so you don’t need to use NAT, so disable all rules in srcnat.
Or - if this doesn’t work, try using srcnat chain rule:
out-interface=ether5
action=masquerade
You don’t need a VLAN on the inside - that’s just how they gave you an example configuration.
Thanks for the steps ZeroByte and for the explanation, I will try your way, thank you.
10.1.200.1 is a Cisco switch IP, so I need to set Mikrotik interface IP 10.1.200.2/24=ether1.
Scenario the ISP has:
Cisco switch and gateway: 10.1.200.1/24
DNS: 82.x.x.1
Yes, ISP route only 10.x.x.x IP’s traffic and it doesn’t recongnize any other IP’s because I just lend a Cisco switch 3560 series for couple of days, I applied the cisco configuration and it worked but I will try again on Mikrotik.
One question ZeroByte, setting “switchport” in Cisco, enables the Layer3. Does enabling layer3 is needed in Mikrotik or your steps are enough?
Actually, it’s “no switchport” that makes an interface layer3-only. (i.e. it disables layer 2)
“switchport” would enable layer2.
Just fyi…
And no, you don’t need to do anything like that in Mikrotik. If an interface isn’t configured as part of a bridge or switch group, then it’s a layer3-only interface by default.