Hi,
I have a problem setting my RB2011L to use Vlans and Bridges.
I have on Ether 2 my firewall that acts for DHCP server
Ether5 PC1
Ether6 - 7 two Aruba switches with Management interfaces
Ether8 PC2
My goal is to: have the management interface of the two switches in one Vlan that i can access via PC2, but i need to be in contact with the FW that gives me the DHCP lease and internet connection;
And to have PC1 in the same Vlan as the FW (that gives DHCP lease and internet connection) but without connection with the two switches.
So, i want two bridges: Bridge-Vlan1 with PC1 and FW, Bridge-Vlan50 with FW, Eth6,7,8. but i can’t add the same Eth in two different bridges.
I hope you can understand me.
Yup, lots of ways to skin this cat. Let’s do it with 6.41rc based bridging (VLAN aware) just because it is the most future proof solution.
Step 1, remove master-port from all Ethernet interfaces (if it exists, the option has now been removed in 6.41rc)
Step 2, pick an Ethernet interface to use for configuration temporarily. Let’s say ether2. Set it up with an IP address, say 10.99.99.1/24. Plug a PC into it and set the IP to say 10.99.99.2/24. Connect back to the router on 10.99.99.1.
Step 3, rename all “ether” interfaces to “eth” ok well that’s just for me because ether is dumb and too long to type.
Step 4, remove any bridges you currently have
You now have everything setup as VLAN11 for PC1 and FW and VLAN12 for PC2 and the aruba switches. You are sending VLANs 11 and 12 tagged with an untagged (native) VLAN of 1 to the FW. Additionally, I set the IP of .1 for 10.1.11.0/24 and 10.1.12.0/24 for VLANs 11 and 12 respectively. You may have these present on the firewall so maybe the MikroTik doesn’t need an IP on them at all. If that’s the case you can apply the necessary security enforcement at the firewall. Alternatively, use /ip firewall to do it in the MikroTik.