Hello,
I have problem with Cloud Switch CRS326-24G-2S+RM (FW: 6.46) InterVLAN routing by bridge.
My current scheme for better understading:
The thing I want to manage to do is quite simple, I just need that several VLANs with different subnets should be connected (should be reachable).
In attached image you can see that PC is connected to router through Eth23 port and Device is connected through Eth24 port.
What I’m testing now: trying from PC (192.168.20.10) to ping device (192.168.10.10). Ping doesn’t answer.
I think this solution in mikrotik page was suitable for me: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Example_.233_.28InterVLAN_Routing_by_Bridge.29
My RouterOS configuration:
/interface bridge
add name=bridge1 vlan-filtering=no
/interface bridge set bridge1 vlan-filtering=yes
If with this solution is even possible to reach my needs?
Maybe there is some additional procedure? (Adding some IP routes or something)
Do you have any firewall rules? When pinging DEVICE from CRS it’s output chain, when pinging DEVICE from PC it’s forward chain.
Also can you ping from PC ip address of CRS from vlan 10, 192.168.10.1 (input chain).
Hello,
I think I spotted a problem. It’s quite stupid, because problem was not in Mikrotik, but in PC (Win10).
I tried change PC with Raspberry Pi, and ping goes to DEVICE perfectly.
And I realized that ping work in PC just then, when I turn off WiFi on my PC.
What I should do with that?
If a PC has two connections to the same LAN subnet, it will also have two IP addresses from the same subnet, but the rest of settings (e.g. default gateway) will most probably be the same. So when there’s a connection going on (e.g. ICMP ping), packet will be received with correct interface because sender will take care of that (mapping destination IP to correct MAC address). But the return packet might get misplaced … PC sending the reply will consult its routing tables and in case of two entries with same data (in case of communication within same subnet this means two entries for directly connected network) the selection of output interface is kind of magic (some IP stacks select the entry where interface has lower MAC address) … and selection of output interface then defines which IP address will be recorded as src-address in the reply packet. If “wrong” interface gets selected, then the connection peer (the one starting the pings in this case) will see reply as coming from wrong address and thus won’t use them as part of original connection …
Some laptop vendors include own software which automatically deal with such connections … when that software detects that same subnet is available through more than one network device, it will block surplus interfaces (usually the wired connection is the preferred one).
Thank you!
But my PC is connected to office WiFi network (which does not belong to network that I’m testing, it is just for internet on my PC) and ethernet is connected to Mikrotik router. Network adapters has different settings (WiFi has DHCP 192.168.1.0 subnet and Ethernet has 192.168.20.0 subnet). My pings to Device works just when I disconnect WiFI. As I understand, the problem is when WiFI is on, and I try to ping 192.168.10.10 packets goest through WiFi adapter not through Ethernet adapter?
I think the problem was when I was pinging 192.168.10.10 it was going not through ethernet adapter (GW: 192.168.20.1), but through wifi adapter and requests were lost.
So in Win10 command line I added route:
route ADD 192.168.10.0 MASK 255.255.255.0 192.168.20.1
And it started to work!
Have anybody other comments about this situation? Does I understand this situation right or something is still not in right way?
Similar problem to the problem I described, only that windows had two default gateways set (each on separate adapter). The “DEVICE” is only accessible through a gateway and without any specific gateway set, windows used one of default gateways … obviously the one without knowledge about how to reach 192.168.10.0/24 … After you set specific route that gateway setting wins over default route setting (because the winning entry is always the most specific destination setting - the one with longest subnet mask).
