I’m setting up my first MikroTik switch (crs328 24 port PoE 4sfp+ yada yada) and have encountered a weird anomaly. The switch sits behind an RB5009 and I have gotten all my vlans set up and things work outstandingly. However, when I open Winbox on a laptop and look at the Neighbors tab, I see the RB5009 (MAC address and VLAN interface IP). I see the switch too along with its MAC address. The IP address shows up however only as 0.0.0.0 instead of the expected IP of 10.20.2.14 that it should have. Switch gets its IP via dhcp and the assignment is statically set in the RB5009 dhcp server. I can ping the switch and can connect to it via Winbox if I manually enter its IP. I figure I’m likely missing some minor configuration option. Can anyone help steer me the right direction? Thanks!
Your switch by any chance doesn’t have an IP in the same VLAN-subnet as your PC, I guess ?
And since your RB5009 (guessing again) is the one used for setting up the VLANs, it does show it’s address when you connect via Winbox.
Yeah the switch is on a 10.20.2.x subnet while the laptop is on a 10.200.2.x subnet. I guess that makes sense now since the laptop should not be aware of the other subnet directly. The 10.200.2.x subnet does however have access (firewall rule permitting this) to the 10.20.2.x which would explain why I can connect if I manually put the IP in. Please correct me if my understanding is wrong. The RB5009 handles the vlans, firewalling, etc. CRS basically just tags traffic and forwards.
Why didn’t I have this fabulous understanding while I was pounding my head on the desk?! Thanks for helping me think this through. Guess I’ll either connect via MAC or just save a connection using the switch IP.
Is what I’m trying to do something that Romon would fix?
yes and no.
You first would have to connect to a device to be able to use ROMON. As long as there is MAC connection and active ROMON agents, it will then find the neighbors. VLAN or not.
Downside however: that same device will not become visible in the discovered devices.
So, if you know the IP addresses and you allow connection from your computer to other VLANs, the easiest approach is Winbox (add/set).
Second best option might indeed be ROMON (which ofcourse has to be enabled on all devices you want to reach).
From a security point of view, we can argue if that is the best solution.
I don’t even trust my own PC. Not with ‘for granted’ access. I will open gates for printer and NAS access, yes. But not everything without control.
So it IS logical when your PC is NOT part of a VLAN, devices on that VLAN not having an IP in the VLAN the PC belongs to, will not show their IP in Winbox.
Is not a config issue per se. Is more a conceptual issue.
Big difference
