I’m trying to set up a vlan with dhcp on my crs running 6.10 and I cannot get the default route to work, no access to other networks. My ubiquiti passes the vlan20 packet and I get an address from dhcp on my device but nothing pass the .254 gateway. just as a test I tried to create another network attached directly to ether3 and the same issue, no access outside of the network. Also the dhcp does not work if I use the wizard to create it, I had to create the pool, add dhcp server, and create network for it to dish out addresses. Either I am doing something wrong or I wasted 20 hours with a bug. any help is greatly appreciated.
so I’m the only one with this issue?
Post your export. My CRS works fine.
I reset the switch to try again since I was not getting replies, but here is a diagram of what I was trying to accomplish. I’m actually doing this for 5 buildings on this company’s property but I put 2 in the diagram for simplicity. I will try to configure my crs the same way later tonight if I find time and post that config.
vlan diagram.pdf (19.6 KB)
Building A config
# jan/04/1970 14:12:21 by RouterOS 6.9
# software id = 35V0-3J1K
#
/interface bridge
add admin-mac=D4:CA:6D:1E:5D:4C auto-mac=no l2mtu=1588 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local name=\
ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local name=\
ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local name=\
ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local name=\
ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local name=\
ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local name=\
ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local name=\
ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local name=\
ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local name=\
ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local name=\
ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local name=\
ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local name=\
ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local name=\
ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local name=\
ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local name=\
ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local name=\
ether24-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway
/ip neighbor discovery
set ether1-gateway discover=no
set sfp1-gateway discover=no
/interface vlan
add interface=ether1-gateway l2mtu=1584 name=vlan20 vlan-id=20
add interface=ether1-gateway l2mtu=1584 name=vlan50 vlan-id=50
add interface=ether1-gateway l2mtu=1584 name=vlan110 vlan-id=110
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=10.1.1.11-10.1.1.254
add name=pl-vlan20 ranges=10.6.238.20-10.6.238.199
add name=pl-vlan50 ranges=10.6.239.51-10.6.239.199
add name=pl-vlan110 ranges=10.7.238.51-10.7.238.199
/ip dhcp-server
add address-pool=pl-vlan20 disabled=no interface=vlan20 lease-time=1d name=20
add address-pool=pl-vlan50 disabled=no interface=vlan50 lease-time=1d name=50
add address-pool=pl-vlan110 disabled=no interface=vlan110 lease-time=1d name=\
110
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether1-gateway
add bridge=bridge-local interface=sfp1-gateway
/interface ethernet switch ingress-vlan-translation
add customer-vid=30 port=ether3-slave-local
add customer-vid=30 port=ether4-slave-local
/ip address
add address=10.1.1.10/24 comment="default configuration" interface=\
ether2-master-local network=10.1.1.0
add address=10.6.238.254/24 interface=vlan20 network=10.6.238.0
add address=10.6.239.1/24 interface=vlan50 network=10.6.239.0
add address=10.7.238.254/24 interface=vlan110 network=10.7.238.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=bridge-local
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=sfp1-gateway
/ip dhcp-server network
add address=10.1.1.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=10.1.1.10 netmask=24
add address=10.6.238.0/32 dns-server=8.8.8.8,4.2.2.2 gateway=10.6.238.254 \
netmask=24
add address=10.6.239.0/32 dns-server=8.8.8.8,4.2.2.2 gateway=10.6.239.1 \
netmask=24
add address=10.7.238.0/32 gateway=10.7.238.254
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=sfp1-gateway
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set ether1-gateway interface=ether1-gateway
set ether2-master-local interface=ether2-master-local
set ether3-slave-local interface=ether3-slave-local
set ether4-slave-local interface=ether4-slave-local
set ether5-slave-local interface=ether5-slave-local
set ether6-slave-local interface=ether6-slave-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
set ether11-slave-local interface=ether11-slave-local
set ether12-slave-local interface=ether12-slave-local
set ether13-slave-local interface=ether13-slave-local
set ether14-slave-local interface=ether14-slave-local
set ether15-slave-local interface=ether15-slave-local
set ether16-slave-local interface=ether16-slave-local
set ether17-slave-local interface=ether17-slave-local
set ether18-slave-local interface=ether18-slave-local
set ether19-slave-local interface=ether19-slave-local
set ether20-slave-local interface=ether20-slave-local
set ether21-slave-local interface=ether21-slave-local
set ether22-slave-local interface=ether22-slave-local
set ether23-slave-local interface=ether23-slave-local
set ether24-slave-local interface=ether24-slave-local
set sfp1-gateway interface=sfp1-gateway
/lcd interface pages
set 0 interfaces="ether1-gateway,ether2-master-local,ether3-slave-local,ether4\
-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ethe\
r8-slave-local,ether9-slave-local,ether10-slave-local,ether11-slave-local,\
ether12-slave-local"
set 1 interfaces="ether13-slave-local,ether14-slave-local,ether15-slave-local,\
ether16-slave-local,ether17-slave-local,ether18-slave-local,ether19-slave-\
local,ether20-slave-local,ether21-slave-local,ether22-slave-local,ether23-\
slave-local,ether24-slave-local"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-slave-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=bridge-local
Building B config
# jan/02/1970 04:41:58 by RouterOS 6.10
# software id = J77V-5TVP
#
/interface bridge
add l2mtu=1588 name=vlan30
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master-local
set [ find default-name=ether2 ] master-port=ether1-master-local name=\
ether2-slave-local
set [ find default-name=ether3 ] name=ether3-master-vlan30
set [ find default-name=ether4 ] master-port=ether3-master-vlan30 name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether3-master-vlan30 name=\
ether5-master-local
set [ find default-name=ether6 ] master-port=ether3-master-vlan30 name=\
ether6-slave-local
set [ find default-name=ether7 ] master-port=ether3-master-vlan30 name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether3-master-vlan30 name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether3-master-vlan30 name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether3-master-vlan30 name=\
ether10-slave-local
set [ find default-name=ether11 ] master-port=ether3-master-vlan30 name=\
ether11-slave-local
set [ find default-name=ether12 ] master-port=ether3-master-vlan30 name=\
ether12-slave-local
set [ find default-name=ether13 ] master-port=ether3-master-vlan30 name=\
ether13-slave-local
set [ find default-name=ether14 ] master-port=ether3-master-vlan30 name=\
ether14-slave-local
set [ find default-name=ether15 ] master-port=ether3-master-vlan30 name=\
ether15-slave-local
set [ find default-name=ether16 ] master-port=ether3-master-vlan30 name=\
ether16-slave-local
set [ find default-name=ether17 ] master-port=ether3-master-vlan30 name=\
ether17-slave-local
set [ find default-name=ether18 ] master-port=ether3-master-vlan30 name=\
ether18-slave-local
set [ find default-name=ether19 ] master-port=ether3-master-vlan30 name=\
ether19-slave-local
set [ find default-name=ether20 ] master-port=ether3-master-vlan30 name=\
ether20-slave-local
set [ find default-name=ether21 ] master-port=ether1-master-local name=\
ether21-slave-local
set [ find default-name=ether22 ] master-port=ether1-master-local name=\
ether22-slave-local
set [ find default-name=ether23 ] master-port=ether1-master-local name=\
ether23-slave-local
set [ find default-name=ether24 ] master-port=ether1-master-local name=\
ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether1-master-local name=\
sfp1-slave-ether1
/interface vlan
add interface=ether1-master-local l2mtu=1584 name=vlan20 vlan-id=20
add interface=ether1-master-local l2mtu=1584 name=vlan50 vlan-id=50
add interface=ether1-master-local l2mtu=1584 name=vlan110 vlan-id=110
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=10.6.237.51-10.6.237.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether3-master-vlan30 \
lease-time=1d name=dhcp1 relay=10.6.237.254
/port
set 0 name=serial0
/interface bridge port
add bridge=vlan30 interface=ether3-master-vlan30
/ip address
add address=10.6.237.254/24 interface=ether3-master-vlan30 network=10.6.237.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-master-local
/ip dhcp-server network
add address=10.6.237.0/24 dns-server=8.8.8.8,4.2.2.2 gateway=10.6.237.254
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set ether1-master-local interface=ether1-master-local
set ether2-slave-local interface=ether2-slave-local
set ether3-master-vlan30 interface=ether3-master-vlan30
set ether4-slave-local interface=ether4-slave-local
set ether5-master-local interface=ether5-master-local
set ether6-slave-local interface=ether6-slave-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
set ether11-slave-local interface=ether11-slave-local
set ether12-slave-local interface=ether12-slave-local
set ether13-slave-local interface=ether13-slave-local
set ether14-slave-local interface=ether14-slave-local
set ether15-slave-local interface=ether15-slave-local
set ether16-slave-local interface=ether16-slave-local
set ether17-slave-local interface=ether17-slave-local
set ether18-slave-local interface=ether18-slave-local
set ether19-slave-local interface=ether19-slave-local
set ether20-slave-local interface=ether20-slave-local
set ether21-slave-local interface=ether21-slave-local
set ether22-slave-local interface=ether22-slave-local
set ether23-slave-local interface=ether23-slave-local
set ether24-slave-local interface=ether24-slave-local
set sfp1-slave-ether1 interface=sfp1-slave-ether1
/lcd interface pages
set 0 interfaces="ether1-master-local,ether2-slave-local,ether3-master-vlan30,\
ether4-slave-local,ether5-master-local,ether6-slave-local,ether7-slave-loc\
al,ether8-slave-local,ether9-slave-local,ether10-slave-local,ether11-slave\
-local,ether12-slave-local"
set 1 interfaces="ether13-slave-local,ether14-slave-local,ether15-slave-local,\
ether16-slave-local,ether17-slave-local,ether18-slave-local,ether19-slave-\
local,ether20-slave-local,ether21-slave-local,ether22-slave-local,ether23-\
slave-local,ether24-slave-local"
/system identity
set name=Motorsports01
still can’t ping any of the new networks from anywhere, even gateways. I read that the routes are automatic so it should just work. thanks to everyone for helping.
Anyone see what I missed that is causing the routes to not work? running out of time on this.
So what exactly isn’t working… I’m a little busy today but I can try to look if I get time. Can you diagram what your trying to do?
-Eric
- Check the gateway settings on both the ping originator and ping recipient. Also check firewall settings on the recipient if relevant.
- Check the routing table entries on the Routerboard.
- Check the forwarding filters on the Routerboard.
I’m not sure what is missing, the routes in winbox look correct
OK - well try splitting the problem in two. Check using Torch that you see the ping requests on the Routerboard ingress interface. Then look for them on the Routerboard egress interface. That way you will know if the ping requests and making it through the Routerboard or not. If they are making it through the ROuterboard then look at the recipient configuration. If not, the problem is on the Routerboard.
I opened torch and set it on ether3 which is the master port of the second networkand has the gateway address (.254) assigned to it. when I choose ether3 and ping the gateway of the second network it times out and torch shows no activity. when I change torch to ether1 which is my main network I can see alot going on so I know its working.
do I have to add a bridge somewhere to get it routing between networks?
No - a RouterOS bridge is a layer 2 device. IP Routing is layer 3.
Can you be clear about where on your diagram the client issuing the ping quest is, what IP settings (Address, Mask, Gateway) it has received via DHCP and what the tested ping target is?
I was using winbox ping under tools, picking a port in the vlan30 (building B port 3-20) as the interface and tried to ping the vlan30 gateway which is assigned to ether3. Then I tried the same from ether1 which can ping google but not the vlan30 gateway.
If you are using the Winbox Ping tool you can easily get some weird effects if you aren’t careful about picking the source IP address. Were you setting the src IP address? Have you tried an actual client on the VLAN?
If possible I would try an actual client on the VLAN and trace the traffic through the router.
ok I must have broke the gateway pinging while trying to get routing to work. I can take my laptop and plug into each vlan port and pull an address and proper gateway for that network along with solid ping times. I can even pull address’s and ping gateways between switches as but only on same network so all vlan trunks are working properly. now the only thing missing is working routes. the auto-configured routes still dont work between networks. at this point the only fixes in my head involve a hammer, lol. what would a simple route between networks look like on winbox?
Try uploading the output from IP Route for us to see.
When you apply an IP address and subnet to an interface the router automatically creates a connected route in the routing table.
You could try temporarily disabling all forward chain filters to make sure that there isn’t a block on forwarding in the forward chain filters.
here is the output of ip route>export. it looks to be empty but there are routes showing in winbox. Also I just downgraded back to 6.7 but my other switch is still on 6.10 with the same issue.
# feb/23/2014 05:14:19 by RouterOS 6.7
# software id = 35V0-3J1K
#
The routes in Winbox look like the connected routes that you would expect to see. At the command line do you see addresses in /IP Address yet no routes in /IP Route?
correct, here is a screenshot of both commands. I bought a bunch of these for my project and have 3 that I set up for testing and all 3 are doing the same thing. I’ve also tried wiping the units and configuring by cli and exporting the whole config and running it as a script( separate attempts), both with no luck.
