Vlan Question

lemonmagic · April 30, 2013, 2:43pm

I tried to set up a Port based Vlan on my RB750, but as I couldn’t get it to work properly I switched to 802.1Q Tags.

Unfortunatly I have the same behaviour as with my port based Vlan Setup, as I am still able to ping from one Vlan into a different one.

Here is my Setup: (I used the standard config and only removed the slave ports)

[admin@MikroTik RB750] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                             TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1-gateway                   ether             1500  1600       4076
 1     ether2                           ether             1500  1598       2028
 2     ether3                           ether             1500  1598       2028
 3     ether4                           ether             1500  1598       2028
 4  R  ether5                           ether             1500  1598       2028
 5  R  vlan1                            vlan              1500  1594
 6  R  vlan2                            vlan              1500  1594
 7  R  vlan3                            vlan              1500  1594
 8  R  vlan4                            vlan              1500  1594
 9  R  vlan5                            vlan              1500  1594

[admin@MikroTik RB750] > interface vlan print
Flags: X - disabled, R - running, S - slave
 #    NAME                    MTU ARP        VLAN-ID INTERFACE
 0 R  vlan1                  1500 enabled          1 ether5
 1 R  vlan2                  1500 enabled          2 ether5
 2 R  vlan3                  1500 enabled          3 ether5
 3 R  vlan4                  1500 enabled          4 ether5
 4 R  vlan5                  1500 enabled          5 ether5

[admin@MikroTik RB750] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    ether2
 1   192.168.0.254/24   192.168.0.0     vlan1
 2   192.168.20.1/24    192.168.20.0    vlan2
 3   192.168.30.1/24    192.168.30.0    vlan3
 4   192.168.11.1/24    192.168.11.0    vlan4
 5   192.168.10.254/24  192.168.10.0    vlan5
 6 D 83.215.249.195/27  83.215.249.192  ether1-gateway

[admin@MikroTik RB750] > ip dhcp-server print
Flags: X - disabled, I - invalid
 #   NAME     INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   default  ether2                        default-dhcp     3d
 1   dhcp1    vlan1                         dhcp_pool1       3d
 2   dhcp2    vlan2                         dhcp_pool2       3d
 3   dhcp3    vlan3                         dhcp_pool3       3d
 4   dhcp4    vlan4                         dhcp_pool4       3d
 5   dhcp5    vlan5                         dhcp_pool5       3d

On the Switch Side, I connected ether5 with a trunk Port on the Switch, and created 5 Access Ports for each vlan. Having the Router unplugged I am not able to ping any other Vlan, so the Switch should be configured properly.

What am I missing? Do I have to set a Firewall Rule?
Looking at the Wikis, it seems that there shouldn’t be any more steps necessary.

CelticComms · April 30, 2013, 3:58pm

The router will route among any connected networks unless you place rules in the forwarding chain to stop it from doing so.