Connectivity trouble moving from HP to Mikrotik, need help to spot the issue.

Zlyfer · January 24, 2018, 10:58am

Hello,
I’ve just bought this RB2011 iLS-IN version, and having abit trouble understanding why my setup aint working correctly.

A detailed explanation of what i want my mikrotik to do:
Port1/SFP1 - Connected directly to another Router, which via. DHCP will pull an address from the Modem/Internet. - Assigned to VLAN 100
Port2 - Connected directly to Modem/Internet - Assigned to VLAN 100
Port3 - Currently my management interface
Port4-10: Those ports should deliver network to ipPhones - assigned to VLAN 5

ipPhones should get IP via. DHCP Relay to address: 10.x.x.x/24
VLAN 5 Therefor have 10.x.x.1 assigned as internal gateway for the phones.
VLAN 100 will act as external gateway for the phones, and therefor have 172.22.2.18/30 assigned.
To route phone traffic, I’ve always been running with default route 0.0.0.0 0.0.0.0 172.22.2.17

Somehow I cant manage to get this working correctly on Mikrotik, probably because of bad configuration, and thats why I’m asking you guys for help, after days of troubleshooting.
I’m compltetly new to Mikrotik - I’ve read alot about configuration, but first time practicing it during education.
If it can help, I’ll show my HP Switch configuration at the bottom, to compare my old setup with this new setup.

Mikrotik - New config not working
by RouterOS 6.37.4

software id = 8MCE-PI4Z

/interface bridge
add admin-mac=64:D1:54:09:12:D3 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WANRouter
set [ find default-name=ether2 ] name=ether2-Modem
set [ find default-name=ether3 ] master-port=ether2-Modem
set [ find default-name=ether4 ] name=ether4-ipPhone
set [ find default-name=ether5 ] name=ether5-ipPhone
set [ find default-name=ether6 ] name=ether6-ipPhone
set [ find default-name=ether7 ] name=ether7-ipPhone
set [ find default-name=ether8 ] name=ether8-ipPhone
set [ find default-name=ether9 ] name=ether9-ipPhone
set [ find default-name=ether10 ] name=ether10-ipPhone
set [ find default-name=sfp1 ] name=sfp1-WANRouter
/ip neighbor discovery
set ether1-WANRouter discover=no
set bridge comment=defconf
/interface vlan
add interface=bridge name=vlan5 vlan-id=5
add interface=bridge name=vlan100 vlan-id=100
/interface ethernet switch port
set 0 default-vlan-id=100
set 1 default-vlan-id=100
set 2 default-vlan-id=100
set 4 default-vlan-id=5
set 5 default-vlan-id=5
set 6 default-vlan-id=5
set 7 default-vlan-id=5
set 8 default-vlan-id=5
set 9 default-vlan-id=5
set 10 default-vlan-id=5
set 12 default-vlan-id=5
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server

DHCP server can not run on slave interface!

add address-pool=default-dhcp disabled=no interface=ether3 name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-Modem
add bridge=bridge interface=ether5-ipPhone
add bridge=bridge interface=ether1-WANRouter
/interface ethernet switch vlan
add independent-learning=no ports=ether5-ipPhone,ether4-ipPhone switch=
switch1 vlan-id=5
add ports=“ether6-ipPhone,ether7-ipPhone,ether8-ipPhone,ether9-ipPhone,ether10
-ipPhone” switch=switch2 vlan-id=5
add independent-learning=no ports=
ether1-WANRouter,ether2-Modem,sfp1-WANRouter switch=switch1 vlan-id=100
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
192.168.88.0
add address=10.8.132.1 interface=vlan5 network=10.8.132.0
add address=172.22.2.18 interface=vlan100 network=172.22.2.16
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether1-WANRouter
/ip dhcp-relay
add dhcp-server=10.0.1.138 disabled=no interface=vlan5 name=relay1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept established,related”
connection-state=established,related

in/out-interface matcher not possible when interface (ether1) is slave - use master instead (bridge)

add action=drop chain=input comment=“defconf: drop all from WAN”
in-interface=ether1-WANRouter
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related”
connection-state=established,related
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid

in/out-interface matcher not possible when interface (ether1) is slave - use master instead (bridge)

add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface=ether1-WANRouter
/ip firewall nat

in/out-interface matcher not possible when interface (ether1) is slave - use master instead (bridge)

add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=ether1-WANRouter
/ip route
add distance=1 gateway=172.22.2.17
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge

HP 1910 Configuration - Working

version 5.20.99, Release 1111

sysname HP

dhcp relay server-group 0 ip 10.x.x.x

domain default enable system

ipv6

telnet server enable

password-recovery enable

vlan 1

vlan 5
description ipPhone

vlan 100
description WAN

domain system
access-limit disable
state active
idle-cut disable
self-service-url disable

user-group system
group-attribute allow-guest

local-user admin
password cipher ****
authorization-attribute level 3
service-type ssh telnet terminal
service-type web

stp mode rstp
stp enable

interface NULL0

interface Vlan-interface1
ip address dhcp-alloc

interface Vlan-interface5
ip address 10.8.132.1 255.255.255.0
dhcp select relay
dhcp relay server-select 0

interface Vlan-interface100
ip address 172.22.2.18 255.255.255.252

interface GigabitEthernet1/0/1
port access vlan 100
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/2
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/3
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/4
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/5
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/6
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/7
port access vlan 5
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/8
port access vlan 100
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/9
port access vlan 100
port auto-power-down
stp edged-port enable

interface GigabitEthernet1/0/10
port access vlan 100
port auto-power-down
stp edged-port enable

ip route-static 0.0.0.0 0.0.0.0 172.22.2.17

snmp-agent
snmp-agent local-engineid 800063A203D07E289B6972
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all

dhcp enable

ssh server enable

load xml-configuration

user-interface aux 0
authentication-mode scheme
user-interface vty 0 15

return