I am trying to configure a trunk port between Mikrotik CCR and Edgepoint . I have configured Edgepoint s16 . It works fine when tested . But I am having some trouble in cofiguring trunk port in mikrotik router. My configuration is as follows in mikrotik CCR1009
Created a trunk port by assigning vlans 100 200 and 300 on ethernet5 .
/interface vlan
add name=VLAN200 vlan-id=200 interface=ether5 disabled=no
add name=VLAN300 vlan-id=300 interface=ether5 disabled=no
add name=VLAN100 vlan-id=100 interface=ether5 disabled=no
My Edgepoint s16 switch configuration is attached as newconfig.txt with this post .
I want to create a trunk port between mikrotik and edgepoint . But as per this configuration I am getting traffic from all vlans . For example if I connect my laptop with vlan 100 , I can ping to vlan 100, 200 and 300 , which is not an acceptable traffic .
Could anyone help me to solve this issue. newconfig.txt (2.41 KB)
Hi ,
Thank you for the comment .
I have tried this command , but no change .. traffic goes between the three vlans .
Is there anything I can do with my Edgepoint switch ?
I am trying to create forbidden vlans . I have searched online .. but not able to find any configuration so that i can forbid vlan ports .
I tried the exclude command . But when i logged in as GUI user in edgepoint I cannot find any forbidden vlans in GUI .
I am wondering , where to change the configration , in mikortik ccr or edgepoint … Nothing works on my side .
When you say you can ping through VLAN, I guess you can ping from PC on VLAN 100 to PC on VLAN 200, is that correct?
The rule I have indicated is just an example. You have to create the rest of the rules for the rest of VLANs
Also remember the rule must be at the appropriate point in the chain, you may have to move it up to just below the
established/related rule(s). And even the you need to wait a bit, when you have been testing just before there
may still be an established connection in the router.
Why don’t u try creating bridge? create VLAN on bridge, rather then creating VLAN on physical interface?
try this..
create a Bridge say “UPLINK”
Create your VLAN’s on the Bridge “UPLINK”. (Adding multiple VLAN’s on an Interface eventually makes it a trunk interface. Here in this case your bridge is an interface)
Assign the IP address as planned by you, on the Interface VLAN. (not the bridge)
Create another Bridge “DOWNLINK” for the access port.
Add a VLAN to the bridge “DOWNLINK” & the physical interface where you will connect your edge, say your PC.
Don’t forget to give default route for the gateway of the VLAN if you want to access it remotely by the Interface VLAN IP address.
Note: Every VLAN for Downlink shall have new bridge, and the physical port added to the same bridge for access port.
I am connecting my PC with Edgepoint to test vlan , not connecting with mikrotik .
My cabling is as follows : Mikrotik connected to Edgepoint via a trunk port . Edgepoint has vlan access ports which i connect my PC to get the vlan tested .
What you describe is normal expected behaviour.
When you don’t want it, the first question of course is: why do you connect a router when you don’t want to route?
Maybe you want to route the individual segments to some other place, but in that case you must setup proper firewall rules as has been explained.
I guarantee you that that works OK and that you have just misconfigured something.
To go any further, you need to post your configuration, else everyone will just be guessing.
Hi ,
i am sharing my configuration as attachments. I am confused that I have some misconfiguration in my mikrotik or Edgepoint vlantest.rsc (1.62 KB) newconfig.txt (2.41 KB)
My mikrotik Router carries one trunk port and have one wan connection to internet . This trunk port is connected to Edgepoint . The edgepoint is also configured with 3 access ports (vlans)along with the trunk port . And i am testing whether this vlan is working by connecting my laptop with one of the access port of edgepoint . For ex . 10.100.2.6 is my pc ip and trying to ping to 10.100.2.1 which is configured in mikrotik .
I think now what I am asking is carified . Here traffic is going to all vlans .. 10.100.1.1 and 3.1