Inter vLan Comunnication not working...

2fast4youbr · May 7, 2013, 5:12am

Hi guys, each day I get further and further

I setup 3 vLans on my RB450G, but I dont have inter comunnication between then, every article that I read says that this is out of the box, but in my case is not working…

vLan 10 - 192.168.10.0/24
vLan 20 - 192.168.20.0/24
vLan 30 - 10.0.0.0/24

On vLan 30 I have a Hotspot. From any computer on each vLan I can ping de gatways of all of them, but no the client connected to them.

Should I add some route or firewall rule ? all this shouldn’t be automatic ?

cheers
/interface ethernet
set 0 name=eth1-Link1
set 1 name=eth2-Link2
set 2 name=eth3-Local-Trunk
set 3 master-port=eth3-Local-Trunk name=eth4-Local-M
set 4 master-port=eth3-Local-Trunk name=eth5-Local-S2
/ip neighbor discovery
set eth1-Link1 discover=no
set eth2-Link2 discover=no
/interface vlan
add interface=eth3-Local-Trunk l2mtu=1516 name=vlan10-ADM vlan-id=10
add interface=eth3-Local-Trunk l2mtu=1516 name=vlan20-DMZ vlan-id=20
add interface=eth3-Local-Trunk l2mtu=1516 name=vlan30-GUEST vlan-id=30
/ip hotspot profile
add hotspot-address=10.0.0.1 name=hs-profile-GUEST
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m shared-users=
5 transparent-proxy=yes
/ip pool
add name=Pool-Root ranges=192.168.88.8-192.168.88.10
add name=Pool-Adm ranges=192.168.10.10-192.168.10.30
add name=Pool-Dmz ranges=192.168.20.100-192.168.20.105
add name=Pool-Guest ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=Pool-Root disabled=no interface=eth3-Local-Trunk lease-time=
1w3d name=Dhcp-ROOT
add address-pool=Pool-Adm authoritative=yes disabled=no interface=vlan10-ADM
name=Dhcp-ADM
add address-pool=Pool-Dmz disabled=no interface=vlan20-DMZ lease-time=4w2d
name=Dhcp-DMZ
add address-pool=Pool-Guest disabled=no interface=vlan30-GUEST lease-time=1d
name=Dhcp-GUEST
/ip hotspot
add address-pool=Pool-Guest disabled=no interface=vlan30-GUEST name=
Hotspot-GUEST profile=hs-profile-GUEST
/port
set 0 name=serial0
/ip address
add address=192.168.88.1/24 comment=Default interface=eth3-Local-Trunk
network=192.168.88.0
add address=192.168.10.1/24 comment=vLan-ADM interface=vlan10-ADM network=
192.168.10.0
add address=192.168.20.1/24 comment=vLan-DMZ interface=vlan20-DMZ network=
192.168.20.0
add address=10.0.0.1/24 comment=vLan-GUEST interface=vlan30-GUEST network=
10.0.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1-Link1
/ip dhcp-server lease
add address=192.168.88.10 client-id=1:f4:ac:c1:29:82:67 mac-address=
F4:AC:C1:29:82:67 server=Dhcp-ROOT
add address=192.168.20.100 mac-address=00:1C:C0:80:05:3C server=Dhcp-DMZ
/ip dhcp-server network
add address=10.0.0.0/24 comment=GUEST dns-server=8.8.8.8,8.8.4.4 gateway=
10.0.0.1 netmask=24
add address=192.168.10.0/24 comment=ADM dns-server=8.8.8.8,8.8.4.4 gateway=
192.168.10.1 netmask=24
add address=192.168.20.0/24 comment=DMZ dns-server=8.8.8.8,8.8.4.4 gateway=
192.168.20.1 netmask=24
add address=192.168.88.0/24 comment=ROOT dns-server=192.168.88.1 gateway=
192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=Root
add address=192.168.10.1 name=ADM
add address=192.168.20.1 name=DMZ
add address=10.0.0.1 name=GUEST
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=eth1-Link1
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
src-address=10.0.0.0/24 to-addresses=0.0.0.0
/ip hotspot user
add name=alameda password=guest server=Hotspot-GUEST
/ip hotspot walled-garden
add dst-host=.alameda.tur.br server=Hotspot-GUEST
add dst-host=.googleapis.com server=Hotspot-GUEST
/system clock
set time-zone-name=America/Sao_Paulo
/system logging
set 0 prefix=info
set 1 prefix=err
set 2 prefix=war
set 3 prefix=crit
add prefix=dhcp topics=dhcp
add prefix=fw topics=firewall
add prefix=route topics=route
add prefix=hots topics=hotspot
add prefix=dns topics=dns
/system ntp client
set enabled=yes mode=unicast primary-ntp=216.239.32.15 secondary-ntp=
216.239.34.15
/tool mac-server
add disabled=no interface=eth3-Local-Trunk
add disabled=no interface=eth4-Local-M
add disabled=no interface=eth5-Local-S2
add disabled=no interface=vlan10-ADM
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=eth3-Local-Trunk
add interface=eth4-Local-M
add interface=eth5-Local-S2
add interface=vlan10-ADM
/tool sniffer
set filter-direction=any filter-interface=eth3-Local-Trunk

CelticComms · May 7, 2013, 12:56pm

The routes should be created automatically for the connected networks. Check that your clients are actually showing the routerboard as their default gateway. If you can ping the other LAN gateway but not clients attached to it then the return route may be the problem.

2fast4youbr · May 7, 2013, 1:00pm

Celtic,

yes I can ping the gateway of each vLan , no matter what vLan I am connected, the problem is to ping the clients.

How can I check the return ? what do you mean by return ?

Is this something to do with my switch ? if I am on vLan10, I am tagged as 10, if I try to ping clients on vLan20, I think the sswitch blocks as I am tagged as 10 and not 20.. is this correct ?

cheers

CelticComms · May 7, 2013, 1:22pm

A remote client can only reply to your ping if it has a path back to you - e.g. via the routerboard. If for instance the remote client has no default route or explicit route back to your subnet then it can’t reply to the pings.

As far as connected networks, RouterOS will route them by default unless there are filters in the forwarding chain to block the forwarding.

Hotspot does some funky things so test the non-hotspot interfaces first.