Community discussions

MikroTik App
 
meraedmond
just joined
Topic Author
Posts: 3
Joined: Mon Aug 30, 2021 2:13 pm

access in between the VLAN`s

Mon Aug 30, 2021 2:37 pm

Hi team , I am a new MikroTik user here and I need some help if is possible please. This is my first encounter with a MikroTik equipment , it is a CCR1036. I have an environment with multiple VLAN`s and my issue is the following. I need to access a server from VLAN 109 ( server ip is 10.109.0.15:8079) from a computer located on a different vlan , VLAN 110 ( ip of the computer 10.110.21.25). For the moment I can ping (ex: 10.110.21.25 can ping 10.109.0.5) but i cannot access the server ( 10.109.0.15:8079) I have attached some screenshots to have a better idea of the actual setup.Thank you in advance
Last edited by meraedmond on Mon Aug 30, 2021 4:29 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: access in between the VLAN`s

Mon Aug 30, 2021 3:43 pm

Check firewall on server that it allows incoming connections from "alien" subnets ... default firewall on windows doesn't. Another thing to check is firewall on router itself.
 
meraedmond
just joined
Topic Author
Posts: 3
Joined: Mon Aug 30, 2021 2:13 pm

Re: access in between the VLAN`s

Mon Aug 30, 2021 3:51 pm

Check firewall on server that it allows incoming connections from "alien" subnets ... default firewall on windows doesn't. Another thing to check is firewall on router itself.
I have tottaly disable the windows firewall on the server . What i have forgot to mention is that from a different VLAN , i can access it normally ( from VLAN 102) .so any ideeas what/where to check?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: access in between the VLAN`s

Mon Aug 30, 2021 3:53 pm

Your problem is not the VLANs...
VLANs work on Layer 2 of the OSI model... They are used to create seperate broadcast domains...

So... what i would do is check my Firewall...
When you try to access VLAN109 from VLAN110, what actually happens in simple words, is as soon as the traffic reaches the Router, the Router will check its Routing Table, it knows how to reach and route the traffic to VLAN109, so it will change/ Tag the traffic with VLAN109 and will finally reach your Server...

So if you can't reach it, the most probable cause is some limitation in your Firewall..
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: access in between the VLAN`s

Mon Aug 30, 2021 3:55 pm

Unless playing some very advanced tricks routing is identical for any IP protocol (either ICMP or TCP), so the problem is most likely not about routing.

Apart from firewall on router itself you should check MTU settings on various involved interfaces (both physical as well as VLAN) on router.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: access in between the VLAN`s

Mon Aug 30, 2021 3:58 pm

You re not using any NAT to reach your server right ?
Only Routing is needed...
 
meraedmond
just joined
Topic Author
Posts: 3
Joined: Mon Aug 30, 2021 2:13 pm

Re: access in between the VLAN`s

Mon Aug 30, 2021 4:04 pm

You re not using any NAT to reach your server right ?
Only Routing is needed...
attached all the NAT strings , but there is nothing related to my issue
Last edited by meraedmond on Mon Aug 30, 2021 4:20 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: access in between the VLAN`s

Mon Aug 30, 2021 4:13 pm

Looking at GUI screenshots is such a royal PITA ... post text export of configuration: run /export hide-sensitive file=anynameyouwish in a terminal window, fetch resulting file and open it in text editor. Copy-paste contents here (inside [code] [/code] environment). You may want to redact some further sensitive information (e.g. public IP address) if there's something like that in the export.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: access in between the VLAN`s

Mon Aug 30, 2021 4:25 pm

mkx, that should have been your first post request!! ;-PP

Who is online

Users browsing this forum: baragoon, Google [Bot], onnyloh, sokalsondha and 42 guests