Community discussions

MUM Europe 2020
 
Jenkins84
just joined
Topic Author
Posts: 7
Joined: Tue Dec 17, 2013 3:47 pm

Vlan not showing any traffic

Mon Oct 26, 2015 7:00 pm

Here is a copy of my export, I have a voice vlan and a data vlan. The dhcp appears to be working. I'm getting 192.168.2.x addresses on my Voip equipment with no trouble. Call quality seems fine. Yet, when I go to interfaces in winbox and look at the voice vlan I see no traffic other than what seems to be occasional broadcast traffic, even when I know there is a call in progress. I've also seen some trouble with certain websites loading on the data vlan. I'm new to this sort of setup (vlans) and I thought I had everything working, but the lack of visible traffic on the interface is bothersome. Can anyone help me see where my config is faulty? Thank you.


/interface bridge
add disabled=yes mtu=1500 name="Voice Vlan"
add admin-mac=4C:5E:0C:7C:81:47 auto-mac=no disabled=yes mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether4 ] master-port=ether3
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ether3 l2mtu=1594 mtu=1496 name=Data vlan-id=100
add interface=ether3 l2mtu=1594 mtu=1496 name=Voice vlan-id=200
add disabled=yes interface=ether3 name=vlan1 vlan-id=1
/interface ethernet
set [ find default-name=ether2 ] master-port=ether3
/interface wireless security-profiles
set [ find default=yes ] eap-methods=""
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 \
supplicant-identity="" wpa2-pre-shared-key=SunshineGardens2015
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=indoors l2mtu=2290 \
mode=ap-bridge security-profile=profile1 ssid=xxxxxxx
/ip pool
add name="Access Pool" ranges=10.10.11.1-10.10.11.2
add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool3 ranges=192.168.2.200-192.168.2.254
add name=dhcp_pool4 ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool="Access Pool" disabled=no interface=ether5 lease-time=3d name=Access
add address-pool=dhcp_pool1 disabled=no interface=wlan1 lease-time=3d name=dhcp1
add address-pool=dhcp_pool3 disabled=no interface=Voice lease-time=3d name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=Data lease-time=3d name=dhcp2
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption
/ip address
add address=10.10.11.1/30 interface=ether5 network=10.10.11.0
add address=192.168.1.1/24 interface=Data network=192.168.1.0
add address=192.168.2.1/24 interface=Voice network=192.168.2.0
add address=*********
interface=ether1-gateway network=********
add address=192.168.3.1/24 interface=wlan1 network=192.168.3.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.2.252 client-id=1:0:15:65:7b:a6:71 mac-address=00:15:65:7B:A6:71 server=dhcp3
add address=192.168.1.247 client-id=1:0:1b:fc:8b:e:ae mac-address=00:1B:FC:8B:0E:AE server=dhcp2
add address=192.168.1.248 client-id=1:50:e5:49:14:ca:20 mac-address=50:E5:49:14:CA:20 server=dhcp2
add address=192.168.2.251 client-id=1:0:15:65:79:d2:80 mac-address=00:15:65:79:D2:80 server=dhcp3
add address=192.168.2.249 client-id=1:0:15:65:7e:10:6f mac-address=00:15:65:7E:10:6F server=dhcp3
add address=192.168.1.107 client-id=1:4:a1:51:1a:c1:6a mac-address=04:A1:51:1A:C1:6A server=dhcp2
/ip dhcp-server network
add address=10.10.11.0/30 dns-server=10.10.11.1 gateway=10.10.11.1 netmask=30
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1 netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
/ip dns
set max-udp-packet-size=512 servers=8.8.8.8,4.4.4.4
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=forward dst-address=192.168.1.1-192.168.1.254 in-interface=ether5 src-address=10.10.11.2
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add chain=srcnat out-interface=ether1-gateway src-address=10.10.11.0/24
add chain=srcnat out-interface=ether1-gateway src-address=192.168.1.0/24
add chain=srcnat out-interface=ether1-gateway src-address=192.168.2.0/24
add chain=srcnat out-interface=ether1-gateway src-address=192.168.3.0/24
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add distance=1 gateway=*********
/system clock
set time-zone-autodetect=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=wlan1
add interface=bridge-local
/tool romon port
add disabled=no
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Apr 17, 2014 4:17 pm

Re: Vlan not showing any traffic

Mon Oct 26, 2015 9:09 pm

It looks like you need a bridge for each vlan and verify that vlans are in correct bridge.
Gabriel Pike
MTCNA
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1161
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Vlan not showing any traffic

Mon Oct 26, 2015 10:29 pm

Have you tried using the sniffer tool in RouterOS to perform a packet capture on the VLAN? You can get a very good idea of what the traffic actually looks like with more information that torch can provide.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
Jenkins84
just joined
Topic Author
Posts: 7
Joined: Tue Dec 17, 2013 3:47 pm

Re: Vlan not showing any traffic

Tue Oct 27, 2015 6:01 pm

What is the correct configuration for multiple bridges to multiple vlans? Bridges are something I'm not super familiar with. Do I create one bridge from voice vlan to ether3 and one bridge from data vlan to ether3?
 
Jenkins84
just joined
Topic Author
Posts: 7
Joined: Tue Dec 17, 2013 3:47 pm

Re: Vlan not showing any traffic

Tue Oct 27, 2015 6:04 pm

The issue of websites loading on data vlan has become more pressing. Could this be related to improper vlan/bridge setup? I keep coming across the idea that it is a dns issue. I don't seem to be experiencing the same issues when I am using WIFI from router.
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Apr 17, 2014 4:17 pm

Re: Vlan not showing any traffic

Tue Oct 27, 2015 7:46 pm

I usually create a bridge for each vlan then place all of the vlans in the appropriate bridge. Only place the physical port and vlan in the same bridge if the physical port is to be an access port for that vlan.
Gabriel Pike
MTCNA
 
Jenkins84
just joined
Topic Author
Posts: 7
Joined: Tue Dec 17, 2013 3:47 pm

Re: Vlan not showing any traffic

Tue Oct 27, 2015 8:06 pm

Okay, I am confused by this. I have this set this up as router on a stick, so both vlans are on ether3 as trunk ports. Would I take vlans off of ether3 and put them on bridges? If I don't assign bridges to ether3 how do I maintain Router on a stick? Would this config be the cause of my website loading problems?
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Apr 17, 2014 4:17 pm

Re: Vlan not showing any traffic

Tue Oct 27, 2015 8:51 pm

No. Keep the vlans tagged to the interface they are using. The vlan also have to be in a bridge either with the interface for an access port or with other vlans tagged to other ports.
Gabriel Pike
MTCNA

Who is online

Users browsing this forum: Majestic-12 [Bot] and 116 guests