Community discussions

MikroTik App
 
BLAMM0
just joined
Topic Author
Posts: 1
Joined: Thu Oct 01, 2020 12:20 am

Hex and VLAN trunk port Ether5

Wed Oct 07, 2020 7:21 pm

Hi there,

my first post so don't be hard on me :)

I'm trying to setup a trunk port on ether5 of my Hex router, afterwards I connect it to a CSS326 switch that I think I've managed to configure already.

The problem now is that a client get's an IP, but gets no internet access, so I think I'm missing something, but not sure what. I'm also not sure if what I have is configured properly.

Config:
# oct/07/2020 19:19:04 by RouterOS 6.47.4
/interface bridge
add admin-mac=B8:69:F4:C3:DC:C2 auto-mac=no comment=defconf name=bridge protocol-mode=none
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan20 vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.2.70-192.168.2.100
add name=pool10 ranges=10.0.10.10-10.0.10.100
add name=pool20 ranges=10.0.20.10-10.0.20.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=pool10 disabled=no interface=vlan10 name=server-vlan10
add address-pool=pool20 disabled=no interface=vlan20 name=server-vlan20
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=192.168.2.0
add address=192.168.1.150/24 interface=ether1 network=192.168.1.0
add address=10.0.10.1 interface=vlan10 network=10.0.10.0
add address=10.0.20.1 interface=vlan20 network=10.0.20.0
add address=192.168.2.0/24 disabled=yes interface=vlan2 network=192.168.2.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=10.0.10.0/32 dns-server=10.0.10.1 gateway=10.0.10.1 netmask=32
add address=10.0.20.0/32 dns-server=10.0.20.1 gateway=10.0.20.1 netmask=32
add address=192.168.2.0/24 comment=defconf dns-server=192.168.2.40 gateway=192.168.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.254
/ip dns static
add address=192.168.2.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=8080 protocol=tcp to-addresses=192.168.2.40
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=943 protocol=tcp to-addresses=192.168.2.40
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=9443 protocol=tcp to-addresses=192.168.2.40
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=1194 protocol=udp to-addresses=192.168.2.40
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=443 protocol=tcp to-addresses=192.168.2.40
add action=dst-nat chain=dstnat dst-address=192.168.1.150 dst-port=9091 protocol=tcp to-addresses=192.168.2.40
add action=masquerade chain=srcnat out-interface=ether5 src-address=10.0.10.0/24
/ip route
add distance=1 gateway=192.168.1.254
/ip ssh
set forwarding-enabled=remote
/system clock
set time-zone-name=Europe/Vilnius
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Thanks in advance.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Hex and VLAN trunk port Ether5

Wed Oct 07, 2020 11:58 pm

Why your vlan-interfaces are created on top of the bridge if you want ether5 to be a trunk port?
Move them to ether5. Also add all of them to interface-list=LAN.

And also move the address from ether2 to the bridge.
Despite the fact that it is in the default config it is wrong.

Who is online

Users browsing this forum: LeoNaXe and 27 guests