Inter-vlan routing in cisco and Mikrotik for internet access

RouterOS Beginner Basics
1

Dear Friends,

I have a network where several vlan’s in layer-2 switch (2960-x series) and all vlan’s and ap’s IP are declared in core switch ( catalyst 3650 24 port). all layer-2 switches are connected to core through trunk port and internet allowed from mikrotik through core switch.

I have attached two configuration file’s here:

  1. core conf:


    !
    ! Last configuration change at 05:47:30 UTC Tue Jun 6 2017
    !
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    service compress-config
    !
    hostname CORE-SWITCH-1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    vrf definition Mgmt-vrf
    !
    address-family ipv4
    exit-address-family
    !
    address-family ipv6
    exit-address-family
    !
    enable secret 5 $1$dPiA$Rt9Rzz/HjvsfJUGthAMoy.
    !
    username admin privilege 15 password 0 ######
    no aaa new-model
    switch 1 provision ws-c3650-24ts
    !
    !
    !
    !
    !
    ip routing
    !
    ip dhcp excluded-address 172.16.0.1 172.16.0.10
    ip dhcp excluded-address 172.16.1.1 172.16.1.10
    ip dhcp excluded-address 172.16.2.1 172.16.2.10
    ip dhcp excluded-address 172.16.3.1 172.16.3.10
    !
    ip dhcp pool NG-Level_0
    network 172.16.0.0 255.255.255.0
    default-router 172.16.0.1
    dns-server ##################
    !
    ip dhcp pool NG-Level_1
    network 172.16.1.0 255.255.255.0
    default-router 172.16.1.1
    dns-server #####################
    !
    ip dhcp pool NG-Level_2
    network 172.16.2.0 255.255.255.0
    default-router 172.16.2.1
    dns-server #######################
    !
    ip dhcp pool NG-Level_3
    network 172.16.3.0 255.255.255.0
    default-router 172.16.3.1
    dns-server ######################
    !
    !
    qos queue-softmax-multiplier 100
    !
    crypto pki trustpoint TP-self-signed-2472373411
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2472373411
    revocation-check none
    rsakeypair TP-self-signed-2472373411
    !
    !

diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-4,10,20,30,40,50,60,70,80,99 priority 24576
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class

!
interface Port-channel1
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/2
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/3
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/4
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/5
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/6
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/7
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/8
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/9
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/10
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/11
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/12
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport mode trunk
!
interface GigabitEthernet1/0/15
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/16
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/17
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/18
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/19
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/20
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/21
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/22
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/23
description CONNECTED TO ASW
switchport mode trunk
!
interface GigabitEthernet1/0/24
description CONNECTED-TO-MIKROTIK-PORT-8
no switchport
ip address 192.168.0.1 255.255.255.252
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 172.16.0.1 255.255.255.0
!
interface Vlan2
ip address 172.16.1.1 255.255.255.0
!
interface Vlan3
ip address 172.16.2.1 255.255.255.0
!
interface Vlan4
ip address 172.16.3.1 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.128
!
interface Vlan20
ip address 192.168.20.1 255.255.255.192
!
interface Vlan30
ip address 192.168.30.1 255.255.255.192
!
interface Vlan40
ip address 192.168.40.1 255.255.255.240
!
interface Vlan50
ip address 192.168.50.1 255.255.255.240
!
interface Vlan60
ip address 192.168.60.1 255.255.255.240
!
interface Vlan70
ip address 192.168.70.1 255.255.255.240
!
interface Vlan80
ip address 192.168.80.1 255.255.255.240
!
interface Vlan90
description port for AccessControl
ip address 192.168.90.1 255.255.255.224
!
interface Vlan99
ip address 192.168.99.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.128
!
interface Vlan210
ip address 192.168.210.1 255.255.255.128
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.2
!

!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password #############
login
transport input all
transport output all
line vty 5 15
login
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end


2###################layer 2 switch configuration######################


!
! Last configuration change at 11:34:35 UTC Wed Jun 7 2017
! NVRAM config last updated at 11:34:31 UTC Wed Jun 7 2017
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2nd-Flr-ITSRV-48-SW
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$vFCH$qtRXQpaWXueX7/f4UQI2G.
!
username admin privilege 15 password 0 ######
no aaa new-model

!
crypto pki trustpoint TP-self-signed-3953440640
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3953440640
revocation-check none
rsakeypair TP-self-signed-3953440640
!
!
crypto pki certificate chain TP-self-signed-3953440640
certificate self-signed 01
58F800C5 838DF88E 17AFFBC5 499530
quit
spanning-tree mode pvst
spanning-tree extend system-id
!

vlan internal allocation policy ascending
!

interface FastEthernet0
no ip address
!
interface GigabitEthernet0/1-35
description Port for Broadcast
switchport access vlan 10
switchport mode access
storm-control broadcast level 70.00
spanning-tree portfast
!
!
interface GigabitEthernet0/36-37
description Port for Management
switchport access vlan 60
switchport mode access
storm-control broadcast level 70.00
spanning-tree portfast
!

interface GigabitEthernet0/38-39
description Port for Production
switchport access vlan 20
switchport mode access
storm-control broadcast level 70.00
spanning-tree portfast


!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
description CONNECTED TO CORE-SWITCH-1
switchport mode trunk
!
interface GigabitEthernet0/48
description CONNECTED TO CORE-SWITCH-1
switchport mode trunk
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface Vlan1
no ip address
!
interface Vlan99
description for Device IT
ip address 192.168.99.10 255.255.255.128
!
no ip http server
ip http secure-server
!

line con 0
password #####
login
line vty 0 4
password ######
login
transport input all
transport output all
line vty 5 15
login
!
end


##########Problems##############

  1. I didn’t get mac address from client pc’s. is there anything required to change in my mikrotik router board?

Dear Friends please save me to show - what I have mistaken in my switch configuration’s and what I have to do to get the mac address in my mikrotik router.

Thanks in advance..

2

Are you sure that it is the question for this forum? It seems to be more CISCO-centric.
Have you tried to replace mikrotik with different device and check if you receive expected MAC?
If yes, then you have problem with Mikrotik, if not, then you need to review switches configuration with help from CISCO’s world.

3

You need to configure your Cisco switch for 802.1Q mode.

interface GigabitEthernet1/0/24
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-4,10,20,30,40,50,60,70,80,99
 switchport mode trunk
 switchport nonegotiate