Hello,

I’m creating two VLAN on RouterOS (VLAN10 and VLAN20) to test vlan routing, please see below diagram:

But VLAN10 and VLAN20 PCs can’t ping gateway 10.0.0.1 or 10.1.0.1

Information:

[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU MAX-L2MTU

0 R ether1 ether 1500
1 R ether3 ether 1500
2 R boss vlan 1500
3 R hr vlan 1500
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 10.0.0.165/24 10.0.0.0 ether1
1 10.0.0.1/24 10.0.0.0 boss
2 10.1.0.1/24 10.1.0.0 hr
[admin@MikroTik] > interface vlan print
Flags: X - disabled, R - running, S - slave

NAME MTU ARP VLAN-ID INTERFACE

0 R boss 1500 enabled 10 ether1
1 R hr 1500 enabled 20 ether3

Thanks !!

Any one can help ?

Just tested RouterOS can ping VLAN10 PC (example: 10.0.0.10). but VLAN10 PC unable to ping VLAN10 gateway 10.0.0.1 …

Also tested VLAN20, RouterOS and VLAN20 PC unable ping between them …

Why ??

Is lan card problem ? two VLAN lan card is different brand.

Are you sure, that you understand the idea of trunking correctly?? If you add vlan10 on interface ether1 - the packets sent to interface “vlan10” are TAGGED - have additional 802.11q header attached to ethernet frame. Packets sent to ether1 are untagged, “normal”. And what are the devices between RouterOS and PC? Managable switches with vlan trunks configured and untagged to PC’s? If not - the PC needs to have the vlan configured… And I think it doesn’t .

[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 10.0.0.165/24 10.0.0.0 ether1
1 10.0.0.1/24 10.0.0.0 boss
2 10.1.0.1/24 10.1.0.0 hr

Can you also see 2 addresses from 10.0.0.0/24 subnet? ]:-> I think that if you ping from RouterOS to PC - it uses 10.0.0.165 src address on interface ether1 (not boss!) And PC should be able to ping 10.0.0.165, but not 10.0.0.1… Am I correct? If so - it is the problem with “unnecessary” vlan tagging. If you create vlans, you need to have vlan-configured devices connected to the interface .

Thank for reply !

One dump switch connected bewteen RouterOS and PC , I will re-configure VLAN 10 and VLAN 20 with untagged.


Is following command to configure untagged VLAN ?

/interface vlan add name=vlan10 interface=ether1 untag=10

Thanks !

Well, that’s the point, that you DON’T have a vlan at all! The vlan number is used to tag frames (or to separate different virtual LAN’s on one switch). As you don’t have anything tagged - you don’t create any vlan interface! Just configure the IP directly on ether1 - and that’s all . The rest is done by routing.
The only need for vlans is when you have few bridging (broadcast) domains on your switches (also RouterOS’es working as switches - with bridge interfaces) and want to separate them or send through one physical channel in a trunk (trunk = tagging frames with vlan numbers). These work in layer 2 = switching. If you have different IP addresses on different ether interfaces, without tagging - it’s layer 3 = routing, and it’s something different .

OK, I will try to create bridge interface and then create VLAN on bridge inteface, is the command same as /interface vlan add … ether1 ?

Thanks !!!

No, no, no!! Stop! You have misunderstood me…
Please tell me, why do you need VLANs so much? Why do you have to call the 10.0.0.0/24 and 10.1.0.0/24 subnets “vlan 10” and “vlan 20”?
If I took your picture and changed “VLAN10” and “VLAN20” to just “10.0.0.0/24” and “10.1.0.0/24” - what would that change?? Why did you put the “vlan” labels on the picture, who gave you the idea? Who told you that you need vlans to do anything in this particular network?

Hi,

I know what you mean, but I want to create VLAN on same subnet, but I don’t have RouterOS switch hardware, can I use following diagram to test VLAN ?

also can I use one RouterOS to test following diagram ? like VLAN simple example : http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

Thanks !