Community discussions

MikroTik App
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

No internet connection on VLAN

Sun Jun 13, 2021 7:37 am

I have a RB3011 that has 5 VLAN's setup on port 6. I am able to pass these VLAN's to my CSS326-24g Switch wit no problem. The issue I have is that I am able to aquire the correct VLAN address on the proper switch port on the CSS but I get no internet connection. I do get the following.......
IP Address
Subnet
Gateway
DNS
Here is my config file for the 3011
3011config.rsc
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN

Sun Jun 13, 2021 1:20 pm

Why is your WAN connection setup with DHCP and pool, and even on bridge etc.................. ??
It is dhcp client only........

DHCP server networks are missing dns-server=
add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1

Interface list members is missing all the vlans list=LAN
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Sun Jun 13, 2021 3:53 pm

Why is your WAN connection setup with DHCP and pool, and even on bridge etc.................. ??
It is dhcp client only........

DHCP server networks are missing dns-server=
add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1

Interface list members is missing all the vlans list=LAN
Thank you so very much. This is my first attempt at VLAN config. I will do your changes and repost my results.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN

Sun Jun 13, 2021 3:59 pm

Oh in that case,
please read this excellent reference.
viewtopic.php?f=23&t=143620
I personally use vlans for all subnets and the only thing the bridge does is bridging.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Sun Jun 13, 2021 4:20 pm

Oh in that case,
please read this excellent reference.
viewtopic.php?f=23&t=143620
I personally use vlans for all subnets and the only thing the bridge does is bridging.
I applied your instructions and it is working just fine now. I guess I messed up when I attempted the first config. Can I post my new config file for your review?
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Sun Jun 13, 2021 4:38 pm

Oh in that case,
please read this excellent reference.
viewtopic.php?f=23&t=143620
I personally use Vlan's for all subnets and the only thing the bridge does is bridging.
Here is my new config file with the VLANS working. I would appreciate it if you could look at it and see if there are any issues. If all is well with the firewall settings I am going to reconfigure this from scratch with these settings.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN

Sun Jun 13, 2021 5:21 pm

This can be set to NONE, known to cause issues........
/interface detect-internet
set detect-interface-list=WAN

Still dont see your DNS server settings..........
/ip dhcp-server network
add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1
add address=100.100.12.0/24 gateway=100.100.12.1 etc
add address=100.100.13.0/24 gateway=100.100.13.1 etc
add address=100.100.14.0/24 gateway=100.100.14.1 etc
add address=100.100.15.0/24 gateway=100.100.15.1 etc
add address=192.168.100.0/24 gateway=192.168.100.1 etc

This should be set to NONE
/tool mac-server
set allowed-interface-list=LAN

Left over from default settings, can be removed.
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

Maybe add some decent DNS servers from the net
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9,9,9
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Sun Jun 13, 2021 6:23 pm

This can be set to NONE, known to cause issues........
/interface detect-internet
set detect-interface-list=WAN

Still dont see your DNS server settings..........
/ip dhcp-server network
add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1
add address=100.100.12.0/24 gateway=100.100.12.1 etc
add address=100.100.13.0/24 gateway=100.100.13.1 etc
add address=100.100.14.0/24 gateway=100.100.14.1 etc
add address=100.100.15.0/24 gateway=100.100.15.1 etc
add address=192.168.100.0/24 gateway=192.168.100.1 etc

This should be set to NONE
/tool mac-server
set allowed-interface-list=LAN

Left over from default settings, can be removed.
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

Maybe add some decent DNS servers from the net
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9,9,9
I am going to start over with no configuration in the 3011. Maybe I can understand my error by doing that from scratch.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Sun Jun 13, 2021 6:25 pm

This can be set to NONE, known to cause issues........
/interface detect-internet
set detect-interface-list=WAN

Still dont see your DNS server settings..........
/ip dhcp-server network
add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1
add address=100.100.12.0/24 gateway=100.100.12.1 etc
add address=100.100.13.0/24 gateway=100.100.13.1 etc
add address=100.100.14.0/24 gateway=100.100.14.1 etc
add address=100.100.15.0/24 gateway=100.100.15.1 etc
add address=192.168.100.0/24 gateway=192.168.100.1 etc

This should be set to NONE
/tool mac-server
set allowed-interface-list=LAN

Left over from default settings, can be removed.
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

Maybe add some decent DNS servers from the net
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9,9,9
I am going to start over with no configuration in the 3011. Maybe I can understand my error by doing that from scratch.

Learning from my mistakes is a wonderful thing. Thanks for all the pointers and help.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Mon Jun 14, 2021 5:19 pm

UPDATE ON MY ISSUE

After a reset of RB3011 and removing factory config I was able to create a completed VLAN configuration on the router. I also have a CSS326-24g setup to accept my VLANS from the RB3011. All is well with this setup. I have been able to understand the VLAN setup in the RB and the CSS. My next task is to setup a proper firewall in the 3011. Is there any example of a good firewall setup for the 3011?

Here is my Setup on the 3011
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN  [SOLVED]

Mon Jun 14, 2021 5:51 pm

Start with rextended default settings as listed at the below link.
This is what you need to get started.
viewtopic.php?f=13&t=175129&p=856824#p856824

Then I would recommend moving from an allow concept of the default settings. to a block everything concept and only allow what you specifically need to have.
The reason for not going straight to the latter concept is that its really good to learn what the rules are doing and thus once you understand the firewall rules, then move forward.

viewtopic.php?f=13&t=153581&p=860029&hi ... es#p855249
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN

Mon Jun 14, 2021 5:59 pm

On your config some changes required

Add DNS server on the DHCP network settings AND REMOVE WHAT YOU HAVE DONE FOR adding DNS servers under IP DNS.

/ip dhcp-server network
add address=10.2.2.0/24 gateway=10.2.2.1 dns-server=10.2.2.1 do this for all of them - should match the gateway!!
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.11.0/24 gateway=10.10.11.1
add address=10.10.12.0/24 gateway=10.10.12.1
add address=10.10.13.0/24 gateway=10.10.13.1
add address=10.10.14.0/24 gateway=10.10.14.1
add address=10.10.15.0/24 gateway=10.10.15.1
add address=10.10.16.0/24 gateway=10.10.16.1
add address=100.100.25.0/27 gateway=100.100.25.1
add address=100.100.25.0/24 gateway=100.100.25.1

For DNS servers just add a few good DNS servers that the router can use ...
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,1.1.1.1 etc.........


Sourcenat rules need fixing.
Remove the first one as it does nothing helpful.
The rest as well.
Alll you need is
add action=masquerade chain=srcnat out-interface-list=WAN
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Mon Jun 14, 2021 9:37 pm

Thank you so very much for the input. I will perform the changes requested and let you know how it goes. Again, thank you very much.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Mon Jun 14, 2021 11:00 pm

SUCESS!!!!

The firewall is back to normal and I have tested all VLANS on the router and switch for proper communications and blocking of inter-VLAN communication. I have a management network set and that works flawlessly on the switch.

My next task is to fully understand the firewall setup in order to use some advanced settings. Overall I am very happy now that I have a much better concept of VLAN configuration on the Router and Switch.

You have been a great resource for quality help with my understanding configuration methods and proper setup. Thank you so very, very much. I only hope I can repay the forum with some knowledge of my own in the future.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No internet connection on VLAN

Mon Jun 14, 2021 11:05 pm

Well I did have an ulterior motive..........
I wanted to hear .......... INDIANA WANTS ME ...... ;-)))))))
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: No internet connection on VLAN

Tue Jun 15, 2021 7:01 am

Well I did have an ulterior motive..........
I wanted to hear .......... INDIANA WANTS ME ...... ;-)))))))
You have been very helpful to me .I do appreciate your help.

Who is online

Users browsing this forum: BioMax, GoogleOther [Bot] and 36 guests