Problem with VLAN and WebFig

Unpaired9257 · Sun Feb 04, 2024 11:09 pm

Hi, this is my first time using RouterOS, so excuse me if this is a very basic question, but I can't find a solution, I've tried following a lot of tutorials but I keep having this problem

I have set VLAN 50 on port ether11 and defined an address range (192.168.50.1/24) however I cannot access the router by navigating to address 192.168.50.1, what am I doing wrong (Of course, I have configured the vlan tag on my PC and all other traffic to the Internet works properly)? I have disabled all the firewall rules but nothing. If instead I go to define an address range directly on a port without using VLANs everything seems to work correctly

Is there anyone who can help me? Thank you

/interface ethernet
set [ find default-name=ether1 ] comment=WAN

/interface vlan
add interface=ether11 name=vlan-client vlan-id=50
add interface=sfp-sfpplus2 name=vlan-guest vlan-id=200
add interface=sfp-sfpplus2 name=vlan-iot vlan-id=107
add interface=sfp-sfpplus2 name=vlan-management vlan-id=2

/interface list
add name=WAN
add name=LAN

/ip dhcp-server
add interface=vlan-management lease-time=1d name=dhcp_server-management

/ip pool
add name=dhcp_pool-client ranges=192.168.50.2-192.168.50.200
add name=dhcp_pool-guest ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool-iot ranges=192.168.107.125-192.168.107.254
add name=dhcp_pool-management ranges=192.168.2.250-192.168.2.254

/ip dhcp-server
add address-pool=dhcp_pool-client interface=vlan-client lease-time=1d name=dhcp_server-client
add address-pool=dhcp_pool-guest interface=vlan-guest lease-time=1d name=dhcp_server-guest
add address-pool=dhcp_pool-iot interface=vlan-iot lease-time=1d name=dhcp_server-iot

/port
set 0 name=serial0
set 1 name=serial1
/interface detect-internet
set detect-interface-list=WAN

/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus1 list=LAN

/ip address
add address=192.168.2.1/24 interface=vlan-management network=192.168.2.0
add address=192.168.50.1/24 interface=vlan-client network=192.168.50.0
add address=192.168.107.1/24 interface=vlan-iot network=192.168.107.0
add address=192.168.200.1/24 interface=vlan-guest network=192.168.200.0
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0

/ip dhcp-client
add interface=ether1

/ip dhcp-server network
add address=192.168.2.0/24 dns-server=1.1.1.1 gateway=192.168.2.1
add address=192.168.50.0/24 dns-server=1.1.1.1 gateway=192.168.50.1
add address=192.168.107.0/24 dns-server=1.1.1.1 gateway=192.168.107.1
add address=192.168.200.0/24 dns-server=1.1.1.1 gateway=192.168.200.1

/ip firewall address-list
add address=10.0.0.0/8 list=PRIVATE
add address=172.16.0.0/12 list=PRIVATE
add address=192.168.0.0/16 list=PRIVATE

/ip firewall filter
add action=accept chain=forward comment=er connection-state=established,related disabled=yes out-interface=all-vlan
add action=accept chain=input comment=tbr disabled=yes dst-port=80 in-interface-list=all protocol=tcp
add action=drop chain=input disabled=yes in-interface-list=WAN
add action=drop chain=forward disabled=yes dst-address-list=PRIVATE in-interface=vlan-iot
add action=drop chain=forward disabled=yes dst-address-list=PRIVATE in-interface=vlan-guest
add action=accept chain=forward disabled=yes dst-port=80 out-interface=vlan-iot protocol=tcp
add action=accept chain=forward disabled=yes dst-port=443 out-interface=vlan-iot protocol=tcp
add action=accept chain=forward disabled=yes dst-address=192.168.107.3 dst-port=1883 out-interface=vlan-iot protocol=tcp
add action=drop chain=forward disabled=yes out-interface=all-vlan

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

/ip service
set telnet disabled=yes
set ftp disabled=yes

/system health settings
set fan-control-interval=15s fan-target-temp=62C

/system identity
set name=CCR

/system note
set show-at-login=no

/system routerboard settings
set enter-setup-on=delete-key

mkx · Mon Feb 05, 2024 2:24 pm

First of all, disable detect internet function, it serves no purpose in your case:

/interface detect-internet
set detect-interface-list=none

Is this complete config? Default config on SOHO devices contains lot more and many things are depending on LAN and WAN interface list membership current. The config you show doesn't explain why you can't access router at 192.168.50.1 while you can use internet (via same IP used as gateway).
But back to defaults: it controls access to router (allowed only via interfaces, listed in LAN interface list). In this case you'd have to add interface vlan-client to LAN interface list (haveing ether11 there doesn't help, ether11 is not used as interface, it's only "carrier" for vlan-client interface).

Unpaired9257 · Mon Feb 05, 2024 8:36 pm

Other networks were actually removed from the configuration to try and make it shorter, maybe I deleted something wrong...

I have however tried resetting everything and starting over and adding vlan-client to the LAN list, but the problem still persists

# 1970-01-02 00:09:57 by RouterOS 7.13.3
# model = CCR2004-16G-2S+

/interface vlan
add interface=ether11 name=vlan-client vlan-id=50

/interface list
add name=WAN
add name=LAN

/ip pool
add name=dhcp_pool-client ranges=192.168.50.2-192.168.50.200

/ip dhcp-server
add address-pool=dhcp_pool-client interface=vlan-client lease-time=1d name=dhcp_server-client

/port
set 0 name=serial0
set 1 name=serial1

/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=vlan-client list=LAN

/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.50.1/24 interface=vlan-client network=192.168.50.0

/ip dhcp-client
add interface=ether1

/ip dhcp-server network
add address=192.168.50.0/24 comment=dhcp_pool-client dns-server=1.1.1.1 gateway=192.168.50.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/system health settings
set fan-min-speed-percent=20%

/system note
set show-at-login=no

/system routerboard settings
set enter-setup-on=delete-key

Another strange thing I noticed is that using winbox it connects but I don't see any configuration, whereas if I connect in ssh everything works correctly

I also have the problem that if I try to connect on port 80 to the IP 192.168.1.1, which is the ISP's router, the connection fails

All other traffic to the Internet works without any problems

Unpaired9257 · Tue Feb 06, 2024 1:50 am

After further testing I found that the problem is macOS side, the device I was testing with, trying it with Ubuntu everything works as expected

So I would say that we can consider the issue resolved, unless anyone has any idea what might be causing this strange macOS-side behavior

Problem with VLAN and WebFig [SOLVED]

Problem with VLAN and WebFig

Re: Problem with VLAN and WebFig

Re: Problem with VLAN and WebFig

Re: Problem with VLAN and WebFig [SOLVED]

Who is online