Strange Routing at least I do not understand :)

RouterOS Beginner Basics
1

I am struggling with the setup of a combined router & managed switch setup.
20231008 StrangeRouting.JPG
The picture shows the for this problem relevant part of the configuration

  • The Main Bridge is the default bridge acting as Manages Switch in favor of an external router (not shown)
  • I decided to use the CRS317 also as(back-up) router.
  • For that functionality I had to add additional vlan’s to the Managed switch part of the CRS
  • Among them VLAN200 with Bridge200
  • VLAN200 has also clients connected via other switches, for which reason the CRS is connected via a trunk (many vlans) to another managed switch
  • VLAN10 is my generic management lan as defined on an external router. That vlan is used to manages some devices connected to CRS
  • In order to add the CRS managed new vlans to the existing “Main Bridge” I defined interface vlan’s in the bridge menu (1,2,3)
  • I also added bridges 200 since that seems the way to interconnect vlan-interfaces 2 and 3 and to attach a DHCP-server and address range
  • Bridge 200 is intended as VLAN-interface/gateway to the router/firewall
  • Bridge 10, I did add but do not know if it is required. Note that the gateway for that lan is remote
  • There is a second local ^WAN^ to the management port of the CRS (not drawn) which also have an external gateway
  • Because the CRS has multiple “WAN-destinations” (for the original vlans’s the wan is on the external router), the route to the internet (the WAN on the picture) and external managment of the switch I think it is required to use VRF’s
  • bridge10 uses ‘vrf10’ and bridge200 uses ‘vrf200’ the rest is using the default routing


    The problem I try to solve right now is the connection between the test PC (PC1) and vlan200.

To test that I did add IP-addresses to vlan-interfaces 2 and 3. First thing to test with the ping tool was if they could reach the address of bridge200. That worked.

In this setup the test-PC should become an address of the DHCP-server and should be capable to ping bridge200. However NOT so :frowning: :frowning:

I started wireshark on the PC had a look at the LAN-interface. Strange things!~

  • On the interface I see as expected packages from the routerbord related to vlan200-interface-2 “saying hello”
  • And … bizar … I also see packages related to vlan10 interface-1 … and that vlan should and can not arrive on the PC !!
  • the PC is desperately trying to get an address from a DHCP-server. But the DHCP-server is not reacting :frowning:
  • with lack of an address the pc is using addresses 169.254.x.y"

So the setup is not working. I home that some mikrotik-expert can help.
Note that the CRS317 is running latest RouterOS version (now 7.11)

Louis