VLAN for WAN over private network

BobcatGuy · January 15, 2016, 7:09am

I got a couple vlans working over my LAN, Its a simple set up. CRS 125 with ether 1 as the ISP uplink, or WAN, ether 2 unused, will be for a voip device so it gets a public IP, and ether 1 and 2 are in a bridge, called, Bridge - WAN. The rest 3 - 24 are in switch mode, as ether 3 as the master.
I have other Mikrotik devices connected to ports 3 and 4, and want to put a vlan on them so that they can get a public IP, and use that as the masquarde out interface.

So I set up vlan interface on ether 3 ( master port), with ID 100, I put that vlan interface on Bridge - WAN. On the other device I create a VLAN on the ether 1 port ( cat5 between the two) and set it as vlan 100 as well. I set a DHCP Client on that VLAN interface, but it doesn’t get an IP address. If I switch the vlan interface on the first CRS125, to Bridge - LAN bridge, the other DHCP client gets the IP address from the LAN side of the first CRS.

SO, I know the vlan is set up right, but it will not get one from the ISP. I get 6 Ip’s from the ISP on the cable modem. verified as well.

Any ideas?

basically my goal is to take my flat network, and get a WAN, public IP to each router, and that router does its own masquerading/NAT. I have 4 other routers connected with either cat 5 or a wireless ptp bridge to the CRS 125. There then is 1 that connects to one of those, through another ptp bridge, wireless. it is a flat network, and all devices are accessible, I just want to clean it up a bit.

Any better way to do this?

Thanks

BobcatGuy · January 19, 2016, 3:02am

Just an update to this…

I removed the VLANS that I associated with the Wan and then re-did them exactly as I described above, which logically makes sense, and well, as strange as it is, the vlan worked, the far router got a Public IP on the vlan interface, and was able to NAT the request’s on its Private lan side.

Yes, this seems stupid that this issue would even happen. But I have seen this sort of thing a bunch of times, not particularly with vlan, but variouse settings. I use Winbox primarily, most of the time the changes work, however, there are issues like this where the expected behavior doesn’t happen. Its not even a complicated vlan set up. I do recall a few times where I was using winbox and the settings that I was trying to do, did not work. However if I do them through command line, they do work.

Anyone else ever seen this issue with improper updating of settings using winbox?

BobcatGuy · January 20, 2016, 9:45am

I have proven this again. Weird issues. My vlan that I created above, worked, until a reboot of the CRS, then didn’t, the far end RB493AH couldn’t get an IP from the ISP. I moved the Ethernet cable from Ether 18 to Ether 9, then it worked. moved it back to ether 18, didn’t. Checked to see if ether 18 had any rules etc, nothing, only set as having the ether 3 as master, which is what ALL the ports except 1 and 2 are set to.

I installed that router at the location, and it worked. I even moved it from Ether 9 to Ether 5, still worked.

I then created a VLAN for my NEST products at the different locations. Created VLAN 99 on Ether 3 on the CRS, which is the master port, set up dhcp, ip pool etc. Every device got an IP address from the CRS, even over the vlan. But none had internet access. I used a laptop, tried to figure out why. I could ping any ip address that was assigned to devices, or even new ones that I created a DHCP client on a router that passed that vlan traffic. Gets an IP, can ping it. But cannot ping the 192.168.99.1 address, which is the ip I gave the Vlan interface on the CRS. I verified, no rules to block pings, etc, the clients always got proper DNS, as 192.168.99.1, proper gateway, 192.168.99.1. everything was proper… as a joke, I delete the Ip address 192.168.99.1 that is assigned to the vlan interface on the CRS125, I then re-create it. Literally, nothing different…

Now I can ping the 192.168.99.1, I have internet access, and so do all of the devices. All works properly now. Keep in mind, the CRS125 and any other Router board in my set up was never rebooted.

My question is, why does this happen, strange bugs that have no real reason. I created the vlan 99 interface, assigned it an Ip, created DHCP on it with an IP pool, etc. same as the “lan” part of my private network, except with a different IP range.

What gives? There is a lot of wasted time troubleshooting this issue and others, and there is nothing wrong in the set up.

using 6.33.3 on ALL boards!