Community discussions

MUM Europe 2020
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Sun Dec 14, 2014 4:23 pm

Need help: VLAN ingress port

Tue Feb 17, 2015 5:12 pm

I have trouble getting the following set up

1. ether1 (renamed G1-World): Upstream port to internet
2. G2 - should accept
a. unpacket packets and connect these directly to bridge-local
b. VLAN 3 tagged packets and link them directly to bridge-V20 (and VLAN-20)
3. G3 accept untagged to bridge-local
4. G4 accept untagged to bridge-local
5. ingress port for VLAN-30 to link to bridge-V30 and VLAN-30
6/7/8 - unused for now
9 ingress port for VLAN-66
10 ingress porty for VLAN-66

The 3 VLANs should each only allow direct access to the Internet and not be able to access
each other or bridge-local and systems behind the other ports.

I have configured the following:
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS
 0   S E9-TV                               ether            1500  1598       2028 4C:5E:0C:C4:66:E0
 1   S E10-TV                              ether            1500  1598       2028 4C:5E:0C:C4:66:E1
 2  R  G1-world                            ether            1500  1598       4074 58:6D:8F:90:22:00
 3  RS G2                                  ether            1500  1598       4074 4C:5E:0C:C4:66:D9
 4  RS G3                                  ether            1500  1598       4074 4C:5E:0C:C4:66:DA
 5   S G4                                  ether            1500  1598       4074 4C:5E:0C:C4:66:DB
 6  RS G5-Trev                             ether            1500  1598       4074 4C:5E:0C:C4:66:DC
 7   S ether6-master-local                 ether            1500  1598       2028 4C:5E:0C:C4:66:DD
 8     ether7-Hotspot                      ether            1500  1598       2028 4C:5E:0C:C4:66:DE
 9   S ether8-slave-local                  ether            1500  1598       2028 4C:5E:0C:C4:66:DF
10  RS ;;; VLAN for TV and Home Theatre
       VLAN-66-TV                          vlan             1500  1590            4C:5E:0C:C4:66:E1
11  RS ;;; VLAN for the KGuests Hotspot SSID
       VLAN-Kguests-3                      vlan             1500 65527            00:00:00:00:00:00
12  RS VLAN-Trev-30                        vlan             1500  1590            4C:5E:0C:C4:66:DC
13  R  bridge-Kguests                      bridge           1500 65531            00:00:00:00:00:00
14  R  bridge-TV                           bridge           1500  1594            4C:5E:0C:C4:66:E1
15  R  bridge-Trev                         bridge           1500  1594            4C:5E:0C:C4:66:DC
16  R  bridge-local                        bridge           1500  1598            4C:5E:0C:C4:66:D9
17  R  bridge-loopback                     bridge           1500 65535            00:00:00:00:00:00
18  X  l2tp-N                        l2tp-out
19  X  ovpnN                         ovpn-out                               02:1E:36:DC:97:8E
/interface vlan> print
Flags: X - disabled, R - running, S - slave
 #    NAME                                                                                     MTU ARP        VLAN-ID INTERFACE
 0 R  ;;; VLAN for TV and Home Theatre
      VLAN-66-TV                                                                              1500 enabled         66 bridge-TV
 1 R  ;;; VLAN for the KGuests Hotspot SSID
      VLAN-Kguests-3                                                                          1500 enabled          3 bridge-Kguests
 2 R  VLAN-Trev-30                                                                            1500 enabled         30 bridge-Trev
 
 /interface bridge> print
Flags: X - disabled, R - running
 0  R name="bridge-Kguests" mtu=auto actual-mtu=1500 l2mtu=65531 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

 1  R name="bridge-TV" mtu=auto actual-mtu=1500 l2mtu=1594 arp=enabled mac-address=4C:5E:0C:C4:66:E1 protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

 2  R name="bridge-Trev" mtu=auto actual-mtu=1500 l2mtu=1594 arp=enabled mac-address=4C:5E:0C:C4:66:DC protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

 3  R name="bridge-local" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled mac-address=4C:5E:0C:C4:66:D9 protocol-mode=rstp priority=0x8000 auto-mac=no admin-mac=4C:5E:0C:C4:66:D9 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m

 4  R name="bridge-loopback" mtu=auto actual-mtu=1500 l2mtu=65535 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
      forward-delay=15s transmit-hold-count=6 ageing-time=5m
/interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE                                                                               BRIDGE                                                                              PRIORITY  PATH-COST    HORIZON
 0    G3                                                                                      bridge-local                                                                            0x80         10       none
 1 I  G4                                                                                      bridge-local                                                                            0x80         10       none
 2 I  ether6-master-local                                                                     bridge-local                                                                            0x80         10       none
 3    G5-Trev                                                                                 bridge-Trev                                                                             0x80         10       none
 4 I  G1-world                                                                                *F                                                                                      0x80         10       none
 5    VLAN-Trev-30                                                                            bridge-Trev                                                                             0x80         10       none
 6    G2                                                                                      bridge-local                                                                            0x80         10       none
 7 I  VLAN-Kguests-3                                                                          bridge-Kguests                                                                          0x80         10       none
 8 I  E10-TV                                                                                  bridge-TV                                                                               0x80         10       none
 9 I  E9-TV                                                                                   bridge-TV                                                                               0x80         10       none
10    VLAN-66-TV                                                                              bridge-TV                                                                               0x80         10       none
 /interface bridge settings> print
            use-ip-firewall: yes
   use-ip-firewall-for-vlan: yes
  use-ip-firewall-for-pppoe: no
            allow-fast-path: yes
/interface ethernet switch port> print
Flags: I - invalid
 #   NAME                                                                             SWITCH                                                                            VLAN-MODE VLAN-HEADER    DEFAULT-VLAN-ID
 0   G1-world                                                                         switch1                                                                           disabled  leave-as-is               auto
 1   G2                                                                               switch1                                                                           disabled  leave-as-is               auto
 2   G3                                                                               switch1                                                                           disabled  leave-as-is               auto
 3   G4                                                                               switch1                                                                           disabled  leave-as-is               auto
 4   G5-Trev                                                                          switch1                                                                           disabled  always-strip                30
 5   ether6-master-local                                                              switch2                                                                           disabled  leave-as-is                  0
 6   ether7-Hotspot                                                                   switch2                                                                           disabled  leave-as-is                  0
 7   ether8-slave-local                                                               switch2                                                                           disabled  leave-as-is                  0
 8   E9-TV                                                                            switch2                                                                           secure    always-strip                66
 9   E10-TV                                                                           switch2                                                                           secure    always-strip                66
10   switch1-cpu                                                                      switch1                                                                           disabled  leave-as-is               auto
11   switch2-cpu                                                                      switch2                                                                           disabled  leave-as-is                  0
 /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid
 #   SWITCH                                                                                             VLAN-ID PORTS
 0   switch2                                                                                                 66 E10-TV
                                                                                                                E9-TV
                                                                                                                switch2-cpu
 1   switch1                                                                                                 30 G5-Trev
 2   switch1                                                                                                  3 G2
 
 /interface ethernet switch rule> print
Flags: X - disabled, I - invalid

I set up a DHCP server to assoign addresses to VLAN-66 (for example) but nothing works. WIth torch, I can see the DHCP query coming from the TV connected, but no assignment is done, nothing.

here is the DHCP server setup:
 /interface ethernet switch rule> /ip pool
[admin@koerberGW] /ip pool> print
 # NAME                                                                                                                                                                          RANGES
 6 Pool-TV                                                                                                                                                                       192.168.66.100-192.168.66.200
 /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   103.247.134.180/24 103.247.134.0   G1-world
 1   ;;; Loopback bridge
     127.0.0.2/32       127.0.0.2       bridge-loopback
 2   192.168.88.1/24    192.168.88.0    bridge-local
 3   ;;; hotspot network
     192.168.100.1/24   192.168.100.0   ether7-Hotspot
 4   192.168.30.1/24    192.168.30.0    bridge-Trev
 5 X 192.168.0.233/24   192.168.0.0     bridge-local
 6   192.168.3.1/24     192.168.3.0     VLAN-Kguests-3
 7   192.168.0.1/24     192.168.0.0     bridge-local
 8   192.168.66.1/24    192.168.66.0    bridge-TV
 /ip dhcp-server> print
Flags: X - disabled, I - invalid
 #   NAME                                                INTERFACE                                                RELAY           ADDRESS-POOL                                                LEASE-TIME ADD-ARP
 0 X default                                             bridge-local                                                             default-dhcp                                                10m
 1 X dhcp1                                               ether7-Hotspot                                                           hs-koerberHotSpot                                           1h
 2 X DHCP-Kguests                                        bridge-Kguests                                                           Pool-KGuests                                                10m
 3 X dhcp-Trev                                           bridge-Trev                                                              Pool-Trev-VLAN                                              1d
 4   DHCP-TV                                             bridge-TV                                                                Pool-TV                                                     1h
 /ip dhcp-server network> print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN
 2 ;;; TV DHCP
   192.168.66.0/24    192.168.66.1    8.8.8.8
 /ip dhcp-server config> print
  store-leases-disk: 5m
What am I doing wrong?

I have been searching the documentation etc for days and cannot find why I don't get the incoming packets from ports E9/E10 into VLAN66 and assign an IP address

Any help is appreciated

Who is online

Users browsing this forum: MSN [Bot] and 17 guests