Hello,
im currently facing a strange problem with a CRS226-24G-2S+ (Firmware 3.19). Ive set up two VLANs (40 for LAN, 30 for DMZ), ether1-ether22 need to be untagged ports for client computers, ether23-24 are supposed to be used for a KVM virtualisation host (with openvswitch for tagging) and so need to be configured as VLAN trunk ports with access on ID40 and ID30. Management of the Switch will be located at the LAN-VLAN (ID 40).
Both VLANs are trunked via a 10G-SFP-Module to another Miktrotik-Routerboard (CCR 1009-8G-1S) - but in my opinion this can`t be a problem as local switching in the same VLAN/Subnet should not pass to the Routerboard.
I got it managed somehow to do the configuration, i can now ping the switch from the routerboard, routerboard->switch is also ok. If i connect clients to ether1-ether20 they get a IP from DHCP on the Routerboard - but they can`t ping anything. Same results if i connect to port #23/24 and turn on tagging in my OS. No answer to pings from other hosts at the same VLAN/subnet, not from the management IP of the switch and also not from the management-IP of the switch itself.
It would be very nice if someone could have a look at my configuration and tell me what i`ve done wrong?
Thanks,
Maxi
Infos:
[admin@switch01.office.local] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 ether1 1500 4C:5E:1A:64:CB:4B enabled sfp-sfpplus1-master switch1
1 RS ether2 1500 4C:5E:1A:64:CB:4C enabled sfp-sfpplus1-master switch1
2 RS ether3 1500 4C:5E:1A:64:CB:4D enabled sfp-sfpplus1-master switch1
3 S ether4 1500 4C:5E:1A:64:CB:4E enabled sfp-sfpplus1-master switch1
4 RS ether5 1500 4C:5E:1A:64:CB:4F enabled sfp-sfpplus1-master switch1
5 S ether6 1500 4C:5E:1A:64:CB:50 enabled sfp-sfpplus1-master switch1
........
18 RS ether19 1500 4C:5E:1A:64:CB:5D enabled sfp-sfpplus1-master switch1
19 RS ether20 1500 4C:5E:1A:64:CB:5E enabled sfp-sfpplus1-master switch1
20 S ether21 1500 4C:5E:1A:64:CB:5F enabled sfp-sfpplus1-master switch1
21 RS ether22 1500 4C:5E:1A:64:CB:60 enabled sfp-sfpplus1-master switch1
22 S ether23 1500 4C:5E:1A:64:CB:61 enabled sfp-sfpplus1-master switch1
23 S ether24 1500 4C:5E:1A:64:CB:62 enabled sfp-sfpplus1-master switch1
24 R ;;; Uplink
sfp-sfpplus1-master 1500 4C:5E:1A:64:CB:63 enabled none switch1
25 sfpplus2 1500 4C:5E:1A:64:CB:64 enabled none switch1
[admin@switch01.office.local] /interface ethernet switch> ingress-vlan-translation print
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,
ether20
service-vlan-format=any customer-vlan-format=any new-customer-vid=40 pcp-propagation=no sa-learning=no
1 D ports=ether1,sfpplus2 service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 pcp-propagation=no sa-learning=no
[admin@switch01.office.local] /interface ethernet switch> egress-vlan-tag print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID TAGGED-PORTS
0 40 switch1-cpu
ether23
ether24
sfp-sfpplus1-master
1 30 ether23
ether24
sfp-sfpplus1-master
2 D 4095
[admin@switch01.office.local] /interface ethernet switch egress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20
service-vlan-format=any customer-vlan-format=any customer-vid=40 pcp-propagation=no
[admin@switch01.office.local] /interface ethernet switch> port-isolation print
Flags: X - disabled, D - dynamic, I - invalid
0 D ports=switch1-cpu,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether1,
ether20,ether21,ether22,ether23,ether24,sfp-sfpplus1-master
type=dst forwarding-type=bridged,routed traffic-type=unicast,multicast,broadcast registration-status=known,unknown
protocol-type=arp,nd,dhcpv4,dhcpv6,ripv1 port-profile=29
1 D ports=switch1-cpu type=dst forwarding-type=bridged,routed traffic-type=unicast,multicast,broadcast registration-status=known,unknown
protocol-type=arp,nd,dhcpv4,dhcpv6,ripv1 port-profile=30
[admin@switch01.office.local] /interface ethernet switch> vlan print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP
0 30 ether23 no yes no no none
ether24
sfp-sfpplus1-master
1 40 switch1-cpu no yes no no none
ether1
ether2
ether3
ether4
ether5
ether6
.....
ether16
ether17
ether18
ether19
ether20
ether21
ether23
ether24
sfp-sfpplus1-master
2 D 4095 switch1-cpu no no no no none
ether1
sfpplus2
[admin@switch01.office.local] /interface vlan> print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan40 1500 enabled 40 sfp-sfpplus1-master
[admin@switch01.office.local] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 172.19.40.2/24 172.19.40.0 vlan40
Configuration export:
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] comment=Uplink name=sfp-sfpplus1-master
/ip neighbor discovery
set sfp-sfpplus1-master comment=Uplink
/interface vlan
add interface=sfp-sfpplus1-master l2mtu=1584 name=vlan40 vlan-id=40
/interface ethernet
set [ find default-name=ether1 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether2 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether3 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether4 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether5 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether6 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether7 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether8 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether9 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether10 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether11 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether12 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether13 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether14 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether15 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether16 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether17 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether18 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether19 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether20 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether21 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether22 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether23 ] master-port=sfp-sfpplus1-master
set [ find default-name=ether24 ] master-port=sfp-sfpplus1-master
/interface ethernet switch
set forward-unknown-vlan=no
/port
set 0 name=serial0
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,ether23,ether24,sfp-sfpplus1-master vlan-id=40
add tagged-ports=ether23,ether24,sfp-sfpplus1-master vlan-id=30
/interface ethernet switch egress-vlan-translation
add customer-vid=40 ports=\
ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=40 ports=\
ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20
/interface ethernet switch vlan
add ports=ether23,ether24,sfp-sfpplus1-master vlan-id=30
add ports="switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18\
,ether19,ether20,ether21,ether23,ether24,sfp-sfpplus1-master" vlan-id=40
/ip address
add address=172.19.40.2/24 interface=vlan40 network=172.19.40.0
/ip route
add distance=1 gateway=172.19.40.1