CRS125-24G-1S - inter-vlan routing problem

evghoul · December 11, 2015, 2:31pm

Hi!

I have troubles implementing the simpliest scheme from the CRS Examples wiki.

Interfaces ether1-ether23 are slaves to ether24.

VLAN interfaces:

> /interface vlan print
Flags: X - disabled, R - running, S - slave 
 #    NAME                                                                    MTU ARP        VLAN-ID INTERFACE                                                                 
 0 R  vlan1                                                                  1500 enabled          1 ether24                                               
 1 R  vlan10                                                                 1500 enabled         10 ether24

VLAN memberships:

> /interface ethernet switch vlan print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID PORTS                                                           SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP                                                          
 0 D    4095 switch1-cpu                                                     no  no    no    no             none                                                               
 1         1 ether3                                                          no  yes   no    no             none
             ether4                                         
             ether9                                             
             ether19                                        
             ether20                                   
             ether21                                             
             ether22                                 
             ether23                                 
             ether24                                    
             switch1-cpu                                                    
 2        10 ether2                                                          no  yes   no    no             none
             ether5                                      
             ether6                                          
             ether7                                    
             ether8                                            
             ether11                                       
             ether19                                        
             switch1-cpu

VLAN tagging:

> /interface ethernet switch egress-vlan-tag print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID TAGGED-PORTS                                                   
 0 D    4095
 1         1 switch1-cpu                                                    
 2        10 switch1-cpu

Ingress translation:

> /interface ethernet switch ingress-vlan-translation print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether3,ether4,ether9,ether20,ether21,ether22,ether23,ether24
     service-vlan-format=any customer-vlan-format=any new-customer-vid=1 
     pcp-propagation=no sa-learning=yes 

 1   ports=ether2,ether5,ether6,ether7,ether8,ether11 
     service-vlan-format=any customer-vlan-format=any new-customer-vid=10 
     pcp-propagation=no sa-learning=yes 

 2 D ports="" service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 
     pcp-propagation=no sa-learning=no

IP addresses:

   > /ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                        
 0   xxx.xxx.xxx.190/28 xxx.xxx.xxx.176 vlan1                                         
 1   10.109.73.190/24   10.109.73.0     vlan10

So, the problem is I cannot access from host in VLAN1 to host in VLAN10
Host in VLAN1 has static route to network 10.109.73.0/24 via IP address of vlan1 interface

10.109.73.0     xxx.xxx.xxx.190 255.255.255.0   UG    0      0        0 vmbr0

But hosts in both vlans are accessible from the Mikrotik.

> ping 10.109.73.87
HOST                                     SIZE TTL TIME  STATUS                        
10.109.73.87                               56 255 1ms  
10.109.73.87                               56 255 0ms  

> ping xxx.xxx.xxx.179
HOST                                     SIZE TTL TIME  STATUS                        
xxx.xxx.xxx.179                            56  64 0ms  
xxx.xxx.xxx.179                            56  64 0ms

I also used packet sniffer to find out that packets are received on vlan1 interface, but seem to be “stuck” inside Mikrotik — vlan10 interface has no traffic at the time of tests.

Please help me find out what I am missing in configuration.

Thanks!

evghoul · December 15, 2015, 9:03pm

Solved it.
IP forwarding seems to be disabled on CRS by default, so I just had to turn it on.