I have a working vlan network but there is a little tiny thing not working, and I think this is the tree hiding the forest
I followed multiples guides to configure my routers. I'm not an expert especially with mikrotik products (I discovered it recently).
I have a RB 3011, a mAP and a few manageable switchs (TPLINK).
I have two VLAN, one named "private" with workstations, NAS, printers on it and one named "public" with a lot of different devices that only want internet. The mAP is emitting two SSID, one for the private VLAN and the other for the public VLAN.
This is working fine, but strangely, the mAP and the RB 3011 are not able to ping each other. This is (so far) the only problem I have. But I reviewed all my configurations and I cannot figure it out, so I think I have a deep misunderstanding of something. I will try to paste the releveant piece of configuration below. Please tell me if you need more informations.
General informations :
Vlan public : 10.0.10.0/24
Vlan private : 10.0.0.0/24
IPs of the RB : 10.0.0.1 on private and 10.0.10.1 on public
IPs of the mAP : 10.0.0.2 on private and 10.0.10.2 on public
On the RB 3011 the mAP is plugged on eth10
On the mAP the RB is plugged on eth1
RB 3011 configuration :
(I removed everything unrelated such as DHCP, DNS, etc.)
mAP configuration :
Code: Select all
/interface bridge add admin-mac=6C:3B:6B:F8:8E:BB auto-mac=no comment=defconf fast-forward=no name=bridge add admin-mac=AA:24:75:31:E9:DD arp=reply-only auto-mac=no fast-forward=no name=bridge-vlan-private add admin-mac=1C:FC:4B:89:A7:74 auto-mac=no fast-forward=no name=bridge-vlan-public /interface vlan add interface=ether10 name=vlan-private-map-wifi-eth10 vlan-id=3 add interface=ether10 name=vlan-public-map-wifi-eth10 vlan-id=2 /interface bridge port add bridge=bridge-vlan-public interface=vlan-public-map-wifi-eth10 add bridge=bridge-vlan-private interface=vlan-private-map-wifi-eth10 /ip address add address=10.0.10.1/24 interface=vlan-public-map-wifi-eth10 network=10.0.10.0 add address=10.0.0.1/24 interface=vlan-private-map-wifi-eth10 network=10.0.0.0 add address=ww.xx.yy.zz/nn interface=ether1 network=ww.xx.yy.zz /ip firewall filter add action=drop chain=forward disabled=yes dst-address=10.0.10.0/24 src-address=10.0.0.0/24 add action=drop chain=forward disabled=yes dst-address=10.0.0.0/24 src-address=10.0.10.0/24
The problem is : when I try to ping the mAP from the RB or the RB from the mAP I get a timeout.
Code: Select all
/interface bridge add admin-mac=32:E6:45:4A:04:DB auto-mac=no comment=defconf name=bridge add admin-mac=CE:E8:70:01:FD:B9 auto-mac=no name=bridge-vlan-private add admin-mac=FB:CE:B6:36:DE:8B auto-mac=no name=bridge-vlan-public /interface vlan add interface=ether1 name=vlan-private-eth1 vlan-id=3 add interface=ether1 name=vlan-public-eth1 vlan-id=2 /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge name=wlan-public security-profile=wifi-public ssid=public wireless-protocol=802.11 add disabled=no mac-address=E6:8D:8C:7F:3C:E7 master-interface=wlan-public name=wlan-private security-profile=wifi-private ssid=intra wds-default-bridge=bridge-vlan-private wds-mode=dynamic-mesh /interface bridge port add bridge=bridge-vlan-public interface=vlan-public-eth1 add bridge=bridge-vlan-private interface=vlan-private-eth1 add bridge=bridge-vlan-private interface=wlan-private add bridge=bridge-vlan-public interface=wlan-public /ip address add address=10.0.10.2/24 interface=vlan-public-eth1 network=10.0.10.0 add address=10.0.0.2/24 interface=vlan-private-eth1 network=10.0.0.0 /ip route add distance=1 gateway=bridge-vlan-public
Everything else is working. All my eth in the public bridge on the RB are well associated on the public vlan and get the right IP from the DHCP, and the same for private network. The two differents SSID are working well too.
I think I missed something on addresses because I dont really get why I should put addresses there and not there, but I read the guides twice and I don't see what I did wrong.
Here are the guides I'm talking about :
https://wiki.mikrotik.com/wiki/Vlans_on ... nvironment
Thank you all !