Hello,
first of all let me start by saying thank you for all help you’ve given me before!
Current situation:
I have two ports and two VLANs configured on my router. All four of them are interfaces.
ether1
is my WAN port that gets the DHCP address from the modem/router combo from my ISP.
```text
ether2
is currently my uplink port to my current switch (Cisco 2950-24 that is going to be replaced now). This port is set as untagged on the router, and as trunk on the Cisco.
VLAN10
is my VLAN set up on interface ether2
VLAN20
is my VLAN set up on interface ether2
I have NAT set up on my inside network (VLAN10, VLAN20) and WAN. (ports 80, 443, etc.)
What I would like to setup:
The current router I have has five 1Gbps ports and five 100Mbps ports, and two switch chips. I know I can’t put all of this ports on the same chip.
ether1
would stay my WAN port
all other ports would be a switch where I can tag each port any VLAN (but for starters 10 and 20), or mark them as trunks
I would like to have the traffic routed in between this VLANs and the WAN (Internet)
I would still like to have NAT (ports 80, 443, etc.)
This way I would be able to remove the switch and downsize a bit on power consumption.
Could this be done?
Thank you all!
**Ninja edit:**
The router is RouterBOARD 2011UiAS-RM (RouterOS L5).
Currently - ether2-5 are master-slave; and so are ether6-10. I’ve created two VLAN interfaces (10 and 20) and assigned them addresses.
I’ve then set the VLAN tag on the ports that I want to be 10 (ether4 and ether5), and on ports that I want to be 20 (ether6 and ether7). I have also added VLAN table entries to allow frames with specific VLAN IDs between ports.
What the problem is that I can’t ping devices from VLAN10 to VLAN20. I also can’t ping either VLAN10 or VLAN20 thru the router itself. I can’t ping the router from inside both of the VLANS. If I access the router thru an untagged port I can ping the internet (8.8.8.
and the router, but none of the VLANs.
What am I missing?
I’d set up two set’s of vlans on both master ports, create two bridges (br-vlan10, br-vlan20) bridge the vlans10’s together and the vlans20’s together and put the IP’s on the bridges.
The switch will also need configuration:
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Both ‘switch1 cpu’ and ‘switch2 cpu’ ports will need to allow their respective vlan tags for 10 and 20.
Untagged ports will need to have their default vlan id set (4, 5 to 10; 6, 7 to 20) and set to always strip vlan header.
Once that’s done you can try and set vlan mode to secure for needed ports.
This can be tricky and order dependent. You can easily lock yourself out of the switch. I recommend connecting via MAC on one of the switches and configuring RoS and the other switch first, then get the other working.