Hello everyone,
I’m encountering an unexpected behaviour with an hEX board, why with this configuration the inter-VLAN traffic doesn’t work? I’m trying to ping the IP 192.168.12.1 from the interface VLAN_13 but a timeout happens (https://i.imgur.com/H3tBaiX.png).
(the ether1 port is a trunk port for me that connects to another router, but not useful to know/fix this scenario)
You can’t ping (either remote or local) address through interface which doesn’t have access (nor route) to it. So pinging 192.168.12.1 via interface VLAN_13 won’t work (even though 192.168.12.1 is router’s own address).
BTW, I’m sure you’re aware that your L2 setup is flakey: /interface bridge port only sets ether2 as member of BR1 … then /interface bridge vlan implies ether1 is member of BR1 as well … while ether1 explicitly gets its own L3 setup (address, …).
It’s just a board where I test some configurations, actually all etherX (except the 1) are unused.
I’d like to understand what I’m missing here, it’s clear that the dynamic routes here:
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.105 BR1 0
2 ADC 192.168.12.0/24 192.168.12.1 VLAN_12 0
3 ADC 192.168.13.0/24 192.168.13.1 VLAN_13 0
aren’t sufficient even for an internal ping, so, which way I could try?
The dynamic routes are plenty enough for communication between router and the 3 subnets. If L2 (ethernet and VLANs) is configured correctly.
Since you only use single ether port in your lab test, where do you connect “normal” devices, belonging to different VLANs?
Try to describe your (test?) use case more thoroughly, I have hard time to understand what you’re trying to do …
Sure.
The ether1 is the trunk port connected to another router where there’s the main network (other VLANs). The ether2,3 and 4 will host some devices (like a pine64 and similar) that will be in two different VLANs (that I called 12 and 13 just as example, but will reflect the final scenario. We can keep these two numbers).
The main router manages other VLANs/subnets, these two VLANs are managed by the Mikrotik board and “shared” via the trunk (ether1) port.
Just to test, now I’m trying to understand how to allow the inter-VLAN traffic between the VLAN 12 and the VLAN 13. Maybe is conceptual a wrong test, but I tried to ping as described in the first post without success.
The problem with your test is that if you run ping with output interface set, it will bypass the usual output interface selection[*] … resulting in non-working test if the selected interface doesn’t have connectivity to the target. Besides, test by running ping between two IP interfaces of same device is inconclusive anyway.
[*] The usual operation is: 1) perform route selection according to packet final destination, 2) based on selected route select output interface.
IMHO correct test would be: create two access ports, one for each VLAN, connect two devices to those two ports, and then run tests (between the two devices in different VLANs, between each device and router itself, …). No trunk towards the rest of network is needed at this stage. After you’re confident that inter-VLAN routing is fine, connect your router to the rest of network (using trunk connection).
Yes, mkx, which comes back to properly identifying the requirements before becoming muddled in a twisted configuration… 99.9% of the problems in this forum are errors in requirements or uncommunicated requirements. Config design as does code flow easily after requirements are understood. Most every thread is a choatic route to the basic question WTF are you trying to accomplish without talking about configuration but in terms of end users/devices …
Personally I would like to see the FORUM adopt a standard process for entering in issues, such as a template approach where a more systematic approach is taken.
Description of desired functionality overall
End user use cases (how the system will be used by real people - in terms of functionality
Diagram of current network
Current configuration
Problems to date to include roadblocks in thinking…
etc…
Thank you very much for your clarification, especially the one marked with an asterisk. That’s what I’ve been looking for.
The inter-VLAN traffic between a Mikrotik VLAN and the Ubiquiti (on the trunk port) is already working on the “production” environment. I never tried with two devices and two VLANs on the Mikrotik routerboard, but I really guess that there aren’t issues. I was stuck in a preliminary test and the most important thing I wanted to understand was whether the method itself failed a priori.
