I have trouble with my RB750GL used in a VLAN network configuration. There are 6 VLANs (ID 1, 100, 200, 300, 400, 500) which should be handled by this routerboard with its internal switch chip. So I want to do native switching without any (software)bridges. ether1 is configured as a tagged trunk port which receives all the VLANs from a HP 1820-24G switch. ether2 is another trunk port which forward all VLANs from ether1. ether3 is a untagged access port for VLAN 1, ether4 is an untagged access port for VLAN 400(not yet configured) and ether5 for VLAN 500. The RB750GL has a management IP address in VLAN 1 which is 192.168.0.190 which is pingable from other devices in the 192.168.0.0/24 network.
Here are the things I trouble with:
1) VLAN trunk on ether2 is not working as expected, I did connect a correctly configured CAP access point(mAP lite) and I cannot ping this device.
2) Do I have to configure the swich chip rules for each VLAN? Or does the frame forwarding work out of the box in my current configuration?
3) My RB750GL does not have any internet access, I can ping the gateway 192.168.0.254 but the ping to 22.214.171.124 gives me a timeout. I think the default route should be ok?
Thanks for your help!
Here is my config:
/interface ethernet set [ find default-name=ether1 ] name=ether1_trunk set [ find default-name=ether2 ] master-port=ether1_trunk name=\ ether2_trunk_out set [ find default-name=ether3 ] master-port=ether1_trunk name=\ "ether3_e Heimnetz" set [ find default-name=ether4 ] name=ether4_SmartHome set [ find default-name=ether5 ] master-port=ether1_trunk name=ether5_IPv6 /interface ethernet switch port set 0 vlan-header=add-if-missing vlan-mode=secure set 1 vlan-header=add-if-missing vlan-mode=secure set 2 default-vlan-id=1 vlan-header=always-strip set 4 default-vlan-id=500 vlan-header=always-strip vlan-mode=secure set 5 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /interface ethernet switch rule add new-dst-ports="ether3_e Heimnetz,switch1-cpu" ports=ether1_trunk \ switch=switch1 vlan-header=present vlan-id=1 /interface ethernet switch vlan add independent-learning=yes ports=\ "ether1_trunk,ether2_trunk_out,ether3_e Heimnetz,switch1-cpu" \ switch=switch1 vlan-id=1 add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\ switch1 vlan-id=100 add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\ switch1 vlan-id=200 add independent-learning=yes ports=ether1_trunk,ether2_trunk_out switch=\ switch1 vlan-id=300 add independent-learning=yes ports=\ ether1_trunk,ether2_trunk_out,ether4_SmartHome switch=switch1 vlan-id=400 add independent-learning=yes ports=ether1_trunk,ether2_trunk_out,ether5_IPv6 \ switch=switch1 vlan-id=500 /ip address add address=192.168.0.190 interface=ether1_trunk network=255.255.255.0 /ip dns set servers=192.168.0.254 #error exporting /ip firewall calea /ip route add distance=1 gateway=ether1_trunk /system clock set time-zone-name=Europe/Berlin /system identity set name=MkTkSwitch /system ntp client set enabled=yes primary-ntp=192.168.0.254