Hi all, my first post here. Have recently bought myself a RB750 - wanted the cheapest available model to play with and learn before buying something bigger…
Anyway, that aside, i’m having some difficulty and was hoping someone can point me in the right direction as I’m stuck.
Default RB750 config in place plus the following:
- Three VLAN’s set up on the Router.
- Put DHCP on to two of them and thats dishing out addresses fine.
- The DHCP clients are able to hit the internet just fine so all good.
I can ping the router IP on all VLANs but no machines inside each one.
The issue is that I want a management VLAN to be able to get to machines on the other VLANs but the others to be isolated but right now I’ve been unable to get any communication between VLAN’s to work at all. The reason for wanting VLAN’s is that i will eventually have WiFi units connected which will offer multiple networks out end up in trunk ports with traffic tagged accordingly.
I’ve tried no rules in the Firewall list at all, i’ve also seen posts about adding in forward chain rules like this…
/ip firewall filter
add chain=forward action=accept in-interface=all-vlan out-interface=all-vlan
But to no avail. If anyone can help me out that would be great as its driving me nuts that this isnt working.
As i say, this is an RB750 running 6.23.
The full config as it stands is as follows
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether2-master-local l2mtu=1594 name=VLAN10 vlan-id=10
add interface=ether2-master-local l2mtu=1594 name=VLAN20 vlan-id=20
add interface=ether2-master-local l2mtu=1594 name=VLAN99 vlan-id=99
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=Pool-VLAN10 ranges=192.168.10.10-192.168.10.20
add name=Pool-VLAN20 ranges=192.168.20.10-192.168.20.20
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local name=default
add address-pool=Pool-VLAN10 disabled=no interface=VLAN10 name=DHCP-VLAN10
add address-pool=Pool-VLAN20 disabled=no interface=VLAN20 name=DHCP-VLAN20
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2-master-local network=192.168.88.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.99.254/24 interface=VLAN99 network=192.168.99.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 netmask=24
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 netmask=24
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
Thanks in advance for any pointers