Community discussions

MikroTik App
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 4:56 pm

Hello everyone.

I have switch Extreme (xos) g24xc L2/L3 cappabilty.
I try use rb450gx for give all vlan internet.
With my config now have problem.
Mikrotik to xos : cant ping
Vlan to mikrotik : cant ping
Xos to vlan : success
Where i wrong ?

Config on xos
vlan 10 : HR 172.16.10.1/24
vlan 20 : IT 172.16.20.1/24
vlan 30 : FINANCE 172.16.30.1/24
vlan 40 : SALES 172.16.40.1/24
vlan 50 : P2P_MIKROTIK 172.30.5.1/30
Vlan P2P_MIKROTIK tagged port 17 (to eth2 mikrotik)
Enable ipforwarding to all vlan
configure iproute add default 172.30.5.2
dhcp ( vlan 10.20.30.40 ) already create on switch.

Config on mikrotik
eth1 : to internet
eth2 : to xos : ipaddress (172.30.5.2/30)
add static route
172.16.10.0/24 gateway 172.30.5.1
172.16.20.0/24 gateway 172.30.5.1
172.16.30.0/24 gateway 172.30.5.1
172.16.40.0/24 gateway 172.30.5.1

Edited add config on mikrotik:
# aug/23/2021 14:48:25 by RouterOS 6.44.4
# software id = X4WI-02U8
#
# model = RB450Gx4
# serial number = B8D00A0985B8
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Internet
set [ find default-name=ether2 ] name=ether2-CoreSwitch
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=xxx.xx.xx.x/30 interface=ether1-Internet network=\
    xxx.xx.xx.x
add address=172.30.5.2/30 interface=ether2-CoreSwitch network=172.30.5.0
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-Internet
/ip route
add distance=1 gateway=xxx.xx.xx.x
add distance=1 dst-address=172.16.10.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.20.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.30.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.40.0/24 gateway=172.30.5.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia
Last edited by driver46 on Mon Aug 23, 2021 11:32 am, edited 2 times in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 7:35 pm

Post full router configuration: execute /export hide-sensitive file=anynameyouwish from terminal window, fetch resulting file, open it with text editor and copy-paste here (inside [code] [/code] environment). You may want to obfuscate (don't delete!) any sensitive information present in configuration (such as publuc IP address).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 7:56 pm

No idea what switch extreme is?
What does your ISP provide.
modem?
modem router?
public IP?
private IP?
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 8:43 pm

No idea what switch extreme is?
What does your ISP provide.
modem?
modem router?
public IP?
private IP?
Switch management sir from extreme network.
ISP Provide router mikrotik rb450gx
Public ip.
The point is i want connect router to switch first.

Im try config above but not working .

Thanks
Last edited by driver46 on Sun Aug 22, 2021 8:44 pm, edited 1 time in total.
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 8:44 pm

Post full router configuration: execute /export hide-sensitive file=anynameyouwish from terminal window, fetch resulting file, open it with text editor and copy-paste here (inside [code] [/code] environment). You may want to obfuscate (don't delete!) any sensitive information present in configuration (such as publuc IP address).
Sorry. I will post later.
Thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 10:53 pm

Question: Is the RB450Gx4 under your control or the ISPs?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Installed RB450gx - Switch extreme (xos)

Sun Aug 22, 2021 11:42 pm

In the original post the only the interface labelled ether3-pc is running, the ones labelled ether1-internet and ether2-coreswitch are not connected / not running so it is not surprising the VLAN show as inactive and the routes unreachable.

A sketch of how it is connected as well as the configuration would help.
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 4:43 am

Question: Is the RB450Gx4 under your control or the ISPs?
Under my control.
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 4:47 am

In the original post the only the interface labelled ether3-pc is running, the ones labelled ether1-internet and ether2-coreswitch are not connected / not running so it is not surprising the VLAN show as inactive and the routes unreachable.

A sketch of how it is connected as well as the configuration would help.
When screenshot is taken the cable is not plugged in.

I will post new screenshot config later.

Thanks.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 7:50 am

I will post new screenshot config later.

Screenshots only tell 1% of story. Text configuration export (as I wrote before) tells 99% of story. So skip posting screenshots and post configuration.
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 10:57 am

I will post new screenshot config later.

Screenshots only tell 1% of story. Text configuration export (as I wrote before) tells 99% of story. So skip posting screenshots and post configuration.
Config added sir
Thanks
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 11:08 am

So your L2/L3 switch is doing all the routing. Mikrotik doesn't have any VLAN configuration, so switch port used to connect to Mikrotik should be configurad as access (untagged) port for corresponding VLAN. Or you can configure VLAN on mikrotik if you want to have connection between switch and mikrotik tagged.

Since firewall on Mikrotik is non-existing, I wonder what's its function in the network (apart from NAT)?
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 11:47 am

So your L2/L3 switch is doing all the routing. Mikrotik doesn't have any VLAN configuration, so switch port used to connect to Mikrotik should be configurad as access (untagged) port for corresponding VLAN. Or you can configure VLAN on mikrotik if you want to have connection between switch and mikrotik tagged.

Since firewall on Mikrotik is non-existing, I wonder what's its function in the network (apart from NAT)?
Just for nat sir, because this switch can't configure nat.

Ok create only vlan P2P_MIKROTIK or all vlan sir?

Im using google translator. sorry for my english.
# aug/23/2021 15:28:40 by RouterOS 6.44.4
# software id = X4WI-02U8
#
# model = RB450Gx4
# serial number = B8D00A0985B8
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Internet
set [ find default-name=ether2 ] name=ether2-CoreSwitch
/interface vlan
add interface=ether2-CoreSwitch name=P2P_MIKROTIK vlan-id=280
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=xx.xx.x.xx/30 interface=ether1-Internet network=\
    xx.xx.x.xx
add address=172.30.5.2/30 interface=P2P_MIKROTIK network=172.30.5.0
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-Internet
/ip route
add distance=1 gateway=xx.xx.x.xx
add distance=1 dst-address=172.16.10.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.20.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.30.0/24 gateway=172.30.5.1
add distance=1 dst-address=172.16.40.0/24 gateway=172.30.5.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 2:54 pm

You only need do define P2P_MIKROTIK ... just be sure you have same VLAN ID set on both sides (your initial post has "vlan 50 : P2P_MIKROTIK 172.30.5.1/30" setting on xos).

Even though you're using mikrotik only for NAT, it can still be hacked (both from internet and any of LANs) as it also lacks all firewall for chain=input (which guards router itself).
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 6:26 pm

You only need do define P2P_MIKROTIK ... just be sure you have same VLAN ID set on both sides (your initial post has "vlan 50 : P2P_MIKROTIK 172.30.5.1/30" setting on xos).
Ok i will try soon
Even though you're using mikrotik only for NAT, it can still be hacked (both from internet and any of LANs) as it also lacks all firewall for chain=input (which guards router itself).
what your suggestions for that problem sir?
Can it be solved by configuring the filter rule on mikrotik?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 23, 2021 9:25 pm

Since you're running pretty old version of ROS, upgrade it to latest long-term (6.47.10 at this time). I suggest you to upgrade routerboot as well (/system routerboard upgrade).
After that have a look at default config, which can be gotten by running command /system default-config print ... check firewall filter setting for chain=input. Either implement default rules (but be sure to populate appropriate interface lists) or implement similar rules but adjusting them to your router interfaces rayout.
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Mon Aug 30, 2021 1:20 pm

After that have a look at default config, which can be gotten by running command /system default-config print ... check firewall filter setting for chain=input. Either implement default rules (but be sure to populate appropriate interface lists) or implement similar rules but adjusting them to your router interfaces rayout.
can explain more with example config sir ?
thanks :)
 
driver46
just joined
Topic Author
Posts: 11
Joined: Thu Aug 19, 2021 11:46 am

Re: Installed RB450gx - Switch extreme (xos)

Wed Sep 01, 2021 12:09 pm

with my case , can i use dhcp mikrotik for my vlan ?

Who is online

Users browsing this forum: JBrinkZA and 41 guests