Escuse me in advance if this topic would result as duplucated, but I read a lot and don’t found a solution.
My scenario:
A generic “managed” switch (could be Cisco, HP, Mikrotik CRS, ecc.). To be manageable, the switch has an IP address (we can assume 192.168.115.25/24) accessible from it’s default broadcast domain (also known as “no vlan” or “vlan1”)
On this switch I’ve defined a vlan (vlan125) with two ports: one “untagged” and another “tagged”. On the untagged port I’ve connected a generic device with ip address 192.168.25.125/24
I’ve connected the ether5 port of an RB (version 6.37.4) to the “tagged” port of the switch and defined a vlan125 on ether5. I’ve assigned ip addr 192.168.115.15/24 to ether5 and ip addr 192.168.25.15/24 to vlan125.
My question:
Why can’t I reach device on vlan125 from Mikrotik?
If I ping the ip address 192.168.115.25 I got responses, if I ping the ip address 192.168.25.125 I got timeouts. I read lots of forum articles about vlan, L2 vlan, L3 vlan but the only solution I’ve found is to bridge ether5 with vlan125 and this is exactly what I do not want, because I need to maintain the two broadcast domain isolated (for example, to give out DHCP address only on devices connected to untagged vlan125 ports on the switch)
I suppose it’s a command misunderstanding, because I normally solved a scenario like this with a Linux machine configured exactly in the same fashion (that I suppose corresponds to a L3 vlan): the ethernet port and the vlan defined over it have two addresses on different broadcast domain and each of them communicate only with devices on it’s broadcast domain.
Thanks for any help
The way you describe it it should normally work as you expect, so please post the output of /export hide-sensitive and replace any public addresses if they are there. There must be something you haven’t mentioned or even noticed which breaks it.
Hi sindy. It'a a laboratory, so there is no sensitive data. Please find following the export (the no-working one).
Thanks to what you said, I've re-check again and again the configutaion itself and, finally, I got the solution.
The configuration only works if ether5 in not slave (i.e. adding /interface ethernet set master-port=none - on ether5).
I don't found a reason for this, but anyway the problem is SOLVED.
Thanks for your help
[admin@MikroTik] > export
feb/04/1970 04:06:20 by RouterOS 6.37.4
software id = PA81-D2E5
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether5 name=vlan125 vlan-id=125
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip address
add address=192.168.115.15/24 comment=defconf interface=ether5 network=
192.168.115.0
add address=192.168.25.15/24 interface=vlan125 network=192.168.25.0
/ip dns
set allow-remote-requests=yes
/system routerboard settings
set cpu-frequency=800MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
Thank you sindy. I think it’s a matter of reading capabilities (obviously by myself, perhaps because english is not my first language): I’ve read that manual (expecially VLAN pages) lot of times, but I haven’t caught the point. Anyway, now everything works fine.
Thanks again