I have a relatively advanced network. in that network I defined VLAN88 which have you did all ready guess, as address range ‘192.168.88.0/24’
The gateway of that VLAN is my pfsense router. Normally I use address ‘1’ as gateway address, however since RouterOS defaults to 192.168.88.1 I did choose 192.168.88.10.
I did that to be capable to setup the router and to access the router after a clean boot. However that does not work
If I try to ping the CRS using the pfSense ping test facility it works, If I use a locally connected PC (subnet 192.168.88.0/24) as well.
I think that the CRS in default setup does not know how to find the gateway / wrongly assumes it is the gateway. What I observe it that ARP-requests coming from the network are not answered.
As you will probably understand I do not like to go the CRS in case it has to be reconfigured, and I neither like to use the cli. So does any one have a solution for this ?
On your pfSense router you’ll need to add an Outbound NAT rule on the VLAN88 interface. The goal is to translate the source address of the packets going out of this interface (to the RouterOS device) to 192.168.88.10 (the IP address of pfSense on the interface). On the rule, you only need to keep the default parameter values (with Translation Address being “interface address”). You might have to switch the Firewall → NAT → Outbound setting to Hybrid Outbound NAT first before being able to add the new rule.
The problem is that I would like to have an option to remotely access the switch after ‘default booting’ so without any config.
Generally spoken there are two ways to communicate to a certain IP-address:
the other IP is in the same lan/vlan, that will / should always work since you do not need a gateway
second the other IP can be reached via a gateway.
In this case situation-1 works (just connecting a pc having an IP in the same network)
Situation-2 does not seems to work. Probably because the router does not know the gateway, it thinks that it is the gateway itself which it is not.
There are no configuration changes to be made on the MikroTik device, only on the pfSense router, and that modification only needs to be done once. Did you try to apply what I wrote on post #2? Namely:
pfSense has interface VLAN88, configured with 192.168.88.10/24 (no gateway needed).
On pfSense, Firewall → NAT → Outbound setting needs to be Hybrid Outbound NAT or Manual (if it’s already set to Manual), not Automatic
On pfSense, an Outbound NAT rule needs to be added for interface VLAN88 (with default parameters, only the interface of the rule needs to be set to VLAN88).
On pfSense make sure that the firewall allows connections from your PC’s subnet (for example LAN) to VLAN88’s subnet.
Once this is done, you can use WinBox on your PC (connected to pfSense’s LAN) to manage the switch (connected to VLAN88) by using the 192.168.88.1 IP address.
