Hi all.
I’m relative newbie in mikrotik, and I’m trying to setup a network like this:
I’m using a RB922 as WAN device and as wAP with 3 vlan: local vlan10, test vlan20 and management vlan 99. Connected to RB922 sfp port there is a CRS109, all ethernet ports are in the same switch and in vlan10. Also theres are two wireless interface, a wlan1 in vlan10 and a wlan2 in vlan20.
RB922 config:
/interface bridge
add name=bridge_wlan protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=xxxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee country=spain disabled=no frequency=auto mode=ap-bridge radio-name=Luna_router rx-chains=0,1 ssid=Luna_5GHz tx-chains=0,1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/ip neighbor discovery
set ether1 comment=WAN discover=no
/interface vlan
add interface=ether1 l2mtu=1596 name=vlan_isp_70 vlan-id=70
add interface=sfp1 l2mtu=1596 name=vlan10_local vlan-id=10
add interface=sfp1 l2mtu=1596 name=vlan20_test vlan-id=20
add interface=sfp1 l2mtu=1596 name=vlan99_manag vlan-id=99
/interface pppoe-client
add add-default-route=yes default-route-distance=1 disabled=no interface=vlan_isp_70 max-mru=1480 max-mtu=1480 name=internet password=xxxx user=xxxx
/ip neighbor discovery
set vlan_isp_70 discover=no
set internet discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=pool_local ranges=192.168.1.10-192.168.1.254
add name=pool_test ranges=192.168.2.10-192.168.2.254
/ip dhcp-server
add address-pool=pool_local disabled=no interface=bridge_wlan name=dhcp_local
add address-pool=pool_test disabled=no interface=vlan20_test lease-time=1d name=dhcp_test
/interface bridge port
add bridge=bridge_wlan interface=wlan1
add bridge=bridge_wlan interface=vlan10_local
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes
/ip address
add address=192.168.0.1/24 interface=vlan99_manag network=192.168.0.0
add address=192.168.1.1/24 interface=vlan10_local network=192.168.1.0
add address=192.168.2.1/24 interface=vlan20_test network=192.168.2.0
/ip dhcp-server lease
add address=192.168.1.254 client-id=1:b4:18:d1:ea:ed:8b comment=iMac mac-address=B4:18:D1:EA:ED:8B server=dhcp_local
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=77.241.112.23,8.8.8.8 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1
/ip firewall address-list
add address=10.0.0.0/8 list=privadas
add address=172.16.0.0/12 list=privadas
add address=192.168.0.0/16 list=privadas
add address=169.254.0.0/16 list=privadas
add address=192.0.2.0/24 list=privadas
/ip firewall filter
add action=add-src-to-address-list address-list="IP Asignadas" chain=forward src-address=192.168.1.0/24
add chain=input protocol=icmp
add chain=input dst-port=8291 protocol=tcp
add chain=input disabled=yes dst-port=8729 protocol=tcp
add chain=input dst-port=2424 protocol=tcp
add chain=input dst-port=2323 protocol=tcp
add chain=input comment=Camara disabled=yes dst-port=8888,443,554,50000 protocol=tcp
add action=drop chain=forward src-address-list=Bloqueadas
add action=drop chain=forward dst-address-list=privadas out-interface=internet
add action=drop chain=input
/ip firewall nat
add action=masquerade chain=srcnat comment="Nat PPPoE" out-interface=internet src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment=Camara dst-port=8888 in-interface=internet protocol=tcp to-addresses=192.168.1.214 to-ports=8888
add action=dst-nat chain=dstnat dst-port=443 in-interface=internet protocol=tcp to-addresses=192.168.1.214 to-ports=443
add action=dst-nat chain=dstnat dst-port=554 in-interface=internet protocol=tcp to-addresses=192.168.1.214 to-ports=554
add action=dst-nat chain=dstnat dst-port=50000 in-interface=internet protocol=tcp to-addresses=192.168.1.214 to-ports=50000
/ip service
set telnet port=2424
set ftp disabled=yes
set www address=192.168.0.0/16
set ssh port=2323
set api disabled=yes
set api-ssl disabled=yes
/queue interface
set ether1 queue=ethernet-default
set sfp1 queue=ethernet-default
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system identity
set name=Router_Casa
/system leds
set 1 interface=wlan1
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool sniffer
set filter-interface=ether1
CRS109 config:
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=xxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-ht-below country=spain disabled=no frequency=2452 frequency-mode=superchannel l2mtu=2290 mode=ap-bridge ssid=Luna_2Ghz l2mtu=1600 master-interface=wlan1 name=wlan2 ssid=Test wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface ethernet
set numbers=1,2,3,4,5,6,7,8 master-port=sfp1
/interface ethernet switch vlan
add ports=sfp1,switch1-cpu vlan-id=99
add ports=sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,switch1-cpu vlan-id=10
add ports=sfp1,switch1-cpu vlan-id=20
/interface ethernet switch ingress-vlan-translation
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 new-customer-vid=10
/interface ethernet switch egress-vlan-tag
add vlan-id=10 tagged-ports=sfp1,switch1_cpu
add vlan-id=20 tagged-ports=sfp1,switch1-cpu
add vlan-id=99 tagged-ports=sfp1,switch1-cpu
/interface vlan
add name=vlan10_local interface=sfp1 vlan-id=10
add name=vlan20_test interface=sfp1 vlan-id=20
add name=vlan99_manag interface=sfp1 vlan-id=99
/ip address
add address=192.168.0.2/24 interface=vlan99_mang network=192.168.0.0
add address=192.168.1.2/24 interface=vlan10_local network=192.168.1.0
add address=192.168.2.2/24 interface=vlan20_test network=192.168.2.0
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1
/interface bridge
add name=bridge_wlan1
add name=bridge_wlan2
/interface bridge port
add bridge=bridge_wlan1 interface=wlan1
add bridge=bridge_wlan1 interface=vlan10_local
add bridge=bridge_wlan2 interface=wlan2
add bridge=bridge_wlan2 interface=vlan20_test
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system identity
set name=Switch_Casa
RB922 is working right, but CRS not. If send a ping from switch to vlan 10,20 or 99 ip in router that’s what happen:
[admin@switch_Casa] > ping 192.168.0.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.0.1 56 64 0ms
1 192.168.0.1 timeout
2 192.168.0.1 timeout
3 192.168.0.1 56 64 0ms
4 192.168.0.1 timeout
5 192.168.0.1 56 64 0ms
6 192.168.0.1 56 64 0ms
7 192.168.0.1 56 64 0ms
8 192.168.0.1 timeout
9 192.168.0.1 56 64 0ms
10 192.168.0.1 timeout
11 192.168.0.1 56 64 0ms
12 192.168.0.1 timeout
13 192.168.0.1 56 64 0ms
14 192.168.0.1 timeout
15 192.168.0.1 timeout
16 192.168.0.1 timeout
17 192.168.0.1 56 64 0ms
18 192.168.0.1 timeout
19 192.168.0.1 56 64 0ms
sent=20 received=10 packet-loss=50% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@switch_Casa] > ping 192.168.1.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.1 56 64 0ms
1 192.168.1.1 timeout
2 192.168.1.1 56 64 0ms
3 192.168.1.1 timeout
4 192.168.1.1 56 64 0ms
5 192.168.1.1 timeout
6 192.168.1.1 56 64 1ms
7 192.168.1.1 56 64 0ms
8 192.168.1.1 timeout
9 192.168.1.1 56 64 0ms
10 192.168.1.1 timeout
11 192.168.1.1 56 64 0ms
12 192.168.1.1 timeout
13 192.168.1.1 56 64 0ms
14 192.168.1.1 timeout
15 192.168.1.1 56 64 0ms
16 192.168.1.1 timeout
17 192.168.1.1 56 64 0ms
18 192.168.1.1 timeout
19 192.168.1.1 timeout
sent=20 received=10 packet-loss=50% min-rtt=0ms avg-rtt=0ms max-rtt=1ms
[admin@switch_Casa] > ping 192.168.2.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.2.1 56 64 0ms
1 192.168.2.1 timeout
2 192.168.2.1 56 64 0ms
3 192.168.2.1 timeout
4 192.168.2.1 56 64 0ms
5 192.168.2.1 56 64 0ms
6 192.168.2.1 56 64 0ms
7 192.168.2.1 56 64 0ms
8 192.168.2.1 timeout
9 192.168.2.1 56 64 0ms
10 192.168.2.1 timeout
11 192.168.2.1 56 64 0ms
12 192.168.2.1 timeout
13 192.168.2.1 timeout
14 192.168.2.1 56 64 0ms
15 192.168.2.1 timeout
16 192.168.2.1 56 64 0ms
17 192.168.2.1 timeout
18 192.168.2.1 56 64 0ms
19 192.168.2.1 timeout
sent=20 received=11 packet-loss=45% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
And making pings from router to switch time out is the response. DHCP is working on router wlan, but if attach a computer to any switch port or to a wlan not.
What i’m doing wrong?