Hello, I’m sting up a Router OS but I’m stuck, I think i have a mistake I’m not able to see and I would like to have some eyes on my config.
My 2011UiAS have 5 Gb and 5 Fe interfaces. Internet is suplied by a router device, this is ISP wide and I can ask to config it by them but I can’t control it. they provide us with a local IP in the range of 192.168.x.y. They can asign you fixed IP, put you in a DMZ with all ports open, open a few ports, and make routes to your subnets. Nothing more.
Wan arrives to eth1 in MK RoS wich has a fixed IP.
ETH2<->5 are inside a bond. this bond is used in a lab wich has a smart switch I can config. This bond has some vlan tagged in it, (200,300,400,500) the swich will forward tagged packets on them. What is used to be called a TRUNK port.
This bond also recibes a untagged (no vlan header outside the swich), what makes it’s a named hybrid port.
At this moment the bond says it has a link down, but I don’t know how to search for more info in mikrotik. switch says nothing about a link down. anyway the default subnet is reaching internet, with a mascarade nat rule, and the vlans are also reaching internet if NAT is properly setup.
eth6 will be dedicated to reach the Ros config using winbow/ssh. Now the config is open util the setup is finished. Is using a Vlan 100.
Eth7,8,10 are bridged just to experiment with bridges, we will talk later about it.
eth9 is making me crazy, I can understant why is no reaching internet. I don’t see nothing on firewall so maybe the problem is other layer.
In this interfaz is a simplistic wifi ap wich operates in bridge mode. I can have a local ip asiogned by the DHCP server listening in this eth. I can ping the dhcp/gateway ip but no other router ip’s.
What I want to do with the setup:
Internet for untagged traficc must flow.
Each Vlans: I want to setup in my home LAB so I can mess them, broke them and repair them as my will. Isolating them is a must so:
- Each one has their Vlan
- One subnet for each vlan
- Planned: include VRF on each vlan. (vid note 1)
- Planed: firewall rules avoiding subnets to reach other subnets (input rules???) or reach internet(forward rules???), I don’t preperly understant how firewall rules flow.
Eth 9, I want to setup here what is called a Acces port, so incoming traffic arrives untagged and the add a tag, switch it and remove the tagg before go to the router chip. them VRF and Firewall rules.
The bridge experiment is about that. I was trying to use the chip switch that the device has but no luck on it. I readed a lot about how to setup it and I was one weck or so with htem stop because I was unable to setup it. I readed is much faster tham vlan on interface wich is also faster tham bridge and them Vlan. let me know if that is not true.
Thank you for reading
Note: I was able to setup a VRF and rotue some traffic inside this table, but I’m not able to configure a route to default gataway in wan port