Community discussions

 
bge
just joined
Topic Author
Posts: 1
Joined: Tue Oct 09, 2018 1:47 pm

Pinging from VLAN interface not working

Tue Oct 09, 2018 2:17 pm

Hi,

i'd like to implement a router-on-a-stick scenario with a mikrotik router (OS version 6.43.2).
Ether1 - WAN
Ether12 - LAN Trunk to the switch with 6 VLANs.

The VLAN interfaces and ether1 have IP addresses, default route and srcnat masquarde rule is in place.

When i ping 8.8.8.8 from the ether1, it works, but if i ping it from any VLAN interface like (ping 8.8.8.8 interface=VLAN3), all I get is timeout.
Pinging other VLAN's gateways from a VLAN interface also not working.

Later on I have to enable communication between hosts in different VLANs.
Is this configuration a good start?

/interface ethernet
set [ find default-name=ether1 ] comment=WAN speed=100Mbps
set [ find default-name=ether12 ] comment="LAN Trunk to DLINK" speed=100Mbps
/interface vlan
add interface=ether12 name=VLAN1 vlan-id=1
add interface=ether12 name=VLAN2 vlan-id=2
add interface=ether12 name=VLAN3 vlan-id=3
add interface=ether12 name=VLAN4 vlan-id=4
add interface=ether12 name=VLAN5 vlan-id=5
add interface=ether12 name=VLAN6 vlan-id=6
/ip settings
set rp-filter=strict
/ip address
add address=1.2.3.167/24 comment=WAN interface=ether1 network=1.2.3.0
add address=192.168.1.254/24 interface=VLAN1 network=192.168.1.0
add address=192.168.2.254/24 interface=VLAN2 network=192.168.2.0
add address=192.168.3.254/24 interface=VLAN3 network=192.168.3.0
add address=192.168.4.254/24 interface=VLAN3 network=192.168.4.0
add address=192.168.5.254/24 interface=VLAN5 network=192.168.5.0
add address=192.168.6.254/24 interface=VLAN6 network=192.168.6.0
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat log=yes log-prefix=MASQ
/ip route
add distance=1 gateway=1.2.3.1
 
User avatar
xvo
Long time Member
Long time Member
Posts: 603
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Pinging from VLAN interface not working

Tue Oct 09, 2018 2:59 pm

For sure it does!
When you specify a port it tries to ping TO this port, not FROM this port.
And since you don't have 8.8.8.8 available through any of your vlans - it timeouts.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 603
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Pinging from VLAN interface not working

Tue Oct 09, 2018 3:06 pm

And also you need to specify out-interface=ether1 for your masquerade rule.
Otherwise it changes src-address to the router's addresses for everything that passes through it.
 
mkx
Forum Guru
Forum Guru
Posts: 3223
Joined: Thu Mar 03, 2016 10:23 pm

Re: Pinging from VLAN interface not working

Tue Oct 09, 2018 5:45 pm

And also you need to specify out-interface=ether1 for your masquerade rule.
This.

And don't forget to set up good firewall rules.
BR,
Metod

Who is online

Users browsing this forum: No registered users and 30 guests