VLAN routing

augo · February 13, 2018, 5:22pm

My provider is giving me a link with a different VLAN ID. I have tried various combinations of routing and using bridges but I am not getting it right. I am still a relative noob on Mikrotik

I have read some posts which say you need a bridge and some which seem to suggest you don’t. I don’t know which is the best option or how to get it working. I have pasted in part of my configuration below.

Thank you for your help experts

/interface ethernet
set [ find default-name=ether10 ] name=OtherPublic
set [ find default-name=ether11 ] name=Local
set [ find default-name=ether1 ] name=Public
/interface vlan
add interface=Public name=VLAN2820 vlan-id=2820
/ip neighbor discovery
set VLAN2820 discover=no
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery settings
set default=no
/ip settings
set rp-filter=strict
/ip address
add address=100.100.100.100 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.101 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.102 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.103 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.104 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.105 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.106 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.107 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.108 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.109 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.110 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.111 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.112 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.113 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.114 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.115 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.116 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.117 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.118 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.119 interface=VLAN2820 network=100.100.100.96
add address=100.100.100.98/27 interface=VLAN2820 network=100.100.100.96
add address=11.1.0.1/24 interface=OtherPublic network=11.1.0.0
add address=11.0.0.1/24 interface=Local network=11.0.0.0
/ip route
add distance=1 gateway=100.100.100.97

mkx · February 13, 2018, 6:00pm

Is there any particular reason for assigning whole bunch of addresses to the VLAN2820 interface? Only one is probably needed.

augo · February 13, 2018, 9:58pm

Well I did say I was a noob

I should have been clearer so sorry about it. I am presenting those as external addresses. 100.100.100.100 thru 100.100.100.119 are the servers I am presenting to the outside world. 100.100.100.98 is the address of the Mikrotik and 100.100.100.97 is the gateway.

mkx · February 14, 2018, 7:57pm

Your configuration quote does not contain any routing information. There must exist loads of routing and filtering setup, every single public address needs some.

I don’t think that routing between multiple external IP addresses and multiple internal hosts has anything to do with VLAN though. Unless you have internaly many VLANs, which you hadn’t mention here yet. Regardless the fact that externally you use tagged ethernet.

augo · February 15, 2018, 11:59pm

I must have deleted that by accident. Here is the output of print:

 #      DST-ADDRESS           PREF-SRC        GATEWAY                 DISTANCE
 0   S  0.0.0.0/0                             100.100.100.97          1
 1  DC  11.0.0.0/24           11.0.0.1        Local                   255
 2  DC  11.1.0.0/24           11.1.0.1        OtherPublic             255
 3  DC  100.100.100.96/27     100.100.100.98  VLAN2820                255

Export:

/ip route
add distance=1 gateway=100.100.100.97/27