Hi,
I tried to search, but unfortunately I don’t know how to set up a “tunnel” over the VLAN provided by the ISP.
The ISP assigned me VLAN ID 3006 and told me to set it up as a VLAN interface for ether1-gateway for both mikrotiks.
What is the easiest way to connect both internal networks?
Thank You for any advice!
Hello,
I tried the following configurations, but ping does not pass between devices.
Mikrotik 1:
/interface bridge
add arp=proxy-arp name=bridge-vlan-isp
/interface vlan
add interface=ether1-gateway name=3006_vlan vlan-id=3006
/interface bridge port
add bridge=bridge-vlan-isp interface=3006_vlan
/ip address
add address=192.168.13.2/24 interface=3006_vlan network=192.168.13.0
add address=192.168.13.1/24 interface=bridge-vlan-isp network=192.168.13.0
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=udp
add action=drop chain=output dst-address=192.168.13.0/24 out-interface=ether1-gateway
add action=drop chain=forward dst-address=192.168.13.0/24 out-interface=ether1-gateway
add action=accept chain=input comment="Accept Established Input" connection-state=established
add action=accept chain=input comment="Accept Related Input" connection-state=related
add action=accept chain=forward comment="Accept Established Forward" connection-state=established
add action=accept chain=forward comment="Accept Established Forward" connection-state=related
add action=accept chain=input comment="Accept ICMP all IFACE" protocol=icmp
add action=fasttrack-connection chain=forward connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
Mikrotik 2:
/interface bridge
add arp=proxy-arp name=bridge-vlan-isp
/interface vlan
add interface=ether1-gateway name=3006_vlan vlan-id=3006
/interface bridge port
add bridge=bridge-vlan-isp interface=3006_vlan
/ip address
add address=192.168.13.12/24 interface=3006_vlan network=192.168.13.0
add address=192.168.13.11/24 interface=bridge-vlan-isp network=192.168.13.0
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=udp
add action=drop chain=output dst-address=192.168.13.0/24 out-interface=ether1-gateway
add action=drop chain=forward dst-address=192.168.13.0/24 out-interface=ether1-gateway
add action=accept chain=input comment="Accept Established Input" connection-state=established
add action=accept chain=input comment="Accept Related Input" connection-state=related
add action=accept chain=forward comment="Accept Established Forward" connection-state=established
add action=accept chain=forward comment="Accept Established Forward" connection-state=related
add action=accept chain=input comment="Accept ICMP all IFACE" protocol=icmp
add action=fasttrack-connection chain=forward connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway to-addresses=0.0.0.0
Solved, my ISP has forgotten some settings.