I have trouble with my RB750GL used in a VLAN network configuration. There are 6 VLANs (ID 1, 100, 200, 300, 400, 500) which should be handled by this routerboard with its internal switch chip. So I want to do native switching without any (software)bridges. ether1 is configured as a tagged trunk port which receives all the VLANs from a HP 1820-24G switch. ether2 is another trunk port which forward all VLANs from ether1. ether3 is a untagged access port for VLAN 1, ether4 is an untagged access port for VLAN 400(not yet configured) and ether5 for VLAN 500. The RB750GL has a management IP address in VLAN 1 which is 192.168.0.190 which is pingable from other devices in the 192.168.0.0/24 network.
Here are the things I trouble with:
1) VLAN trunk on ether2 is not working as expected, I did connect a correctly configured CAP access point(mAP lite) and I cannot ping this device.
2) Do I have to configure the swich chip rules for each VLAN? Or does the frame forwarding work out of the box in my current configuration?
3) My RB750GL does not have any internet access, I can ping the gateway 192.168.0.254 but the ping to 8.8.8.8 gives me a timeout. I think the default route should be ok?
Thanks for your help!
Here is my config:
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] name=ether1_trunk
set [ find default-name=ether2 ] master-port=ether1_trunk name=\
ether2_trunk_out
set [ find default-name=ether3 ] master-port=ether1_trunk name=\
"ether3_e Heimnetz"
set [ find default-name=ether4 ] name=ether4_SmartHome
set [ find default-name=ether5 ] master-port=ether1_trunk name=ether5_IPv6
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=1 vlan-header=always-strip
set 4 default-vlan-id=500 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface ethernet switch rule
add new-dst-ports="ether3_e Heimnetz,switch1-cpu" ports=ether1_trunk \
switch=switch1 vlan-header=present vlan-id=1
/interface ethernet switch vlan
add independent-learning=yes ports=\
"ether1_trunk,ether2_trunk_out,ether3_e Heimnetz,switch1-cpu" \
switch=switch1 vlan-id=1
add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\
switch1 vlan-id=100
add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\
switch1 vlan-id=200
add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\
switch1 vlan-id=300
add independent-learning=yes ports=\
ether1_trunk,ether2_trunk_out,ether4_SmartHome switch=switch1 vlan-id=400
add independent-learning=yes ports=ether1_trunk,ether2_trunk_out,ether5_IPv6 \
switch=switch1 vlan-id=500
/ip address
add address=192.168.0.190 interface=ether1_trunk network=255.255.255.0
/ip dns
set servers=192.168.0.254
#error exporting /ip firewall calea
/ip route
add distance=1 gateway=ether1_trunk
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MkTkSwitch
/system ntp client
set enabled=yes primary-ntp=192.168.0.254