Community discussions

MikroTik App
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Routing between VLANs

Mon Jan 02, 2017 12:54 pm

How to make routing between VLANs without making bridge.

I've got
VLAN3 10.3.10.0/24 gateway 10.3.10.1
VLAN4 10.4.10.0/24 gateway 10.4.10.1

ping from VLAN3 to VLAN4 OK PC from that network responds (mabe fake respond because of strange ping 2-3 ms which is quite big.
traceroute doesn't work

how to make trip route from vlan3 to vlan4 like PC1(VLAN3) -> 10.3.10.1 -> 10.4.10.1 -> PC2(VLAN4)
 
th0massin0
Member Candidate
Member Candidate
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Re: Routing between VLANs

Mon Jan 02, 2017 1:01 pm

Hello.
The answer is make switching by http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features (to get wirespeed in each vlan) and /ip firewall will do the rest.


Make vlan on master interface (default it's eter2). Set ether 3 - 5 master port to ether2 (default it should be already set)
/interface vlan 
add name= vlan3 vlan-id=3 interface=ether2-master
add name= vlan4 vlan-id=4 interface=ether2-master
(I belive that gateway is your Routerboard device):
/ip address
add interface=vlan3 network=10.3.10.0 address=10.3.10.1/24
add interface=vlan4 network=10.4.10.0 address=10.4.10.1/24
Let's pass traffic:
/ip firewall
add chain=forward comment="INTERVLAN: vlan3 to vlan4" in-interface=vlan3 out-interface=vlan4 action=accept
add chain=forward comment="INTERVLAN: vlan4 to vlan3" in-interface=vlan4 out-interface=vlan3 action=accept
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Re: Routing between VLANs

Mon Jan 02, 2017 6:28 pm

I've got different separate physical interfaces which is vlan3-lan1 vlan4-lan2...

1 vlan3 (10.3.10.1) 0.811 ms 0.369 ms 0.532 ms
2 pc (10.4.10.100) 3.132 ms !X 5.970 ms !X 5.938 ms !X

I don't see 10.4.10.1 gateway at road here ...

looks like its droped ...

but if ping I've got responds from 10.4.10.100 but it may be fake responds ...
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: Routing between VLANs

Mon Jan 02, 2017 6:53 pm

Your Router has both address 3.1 and 4.1 .. so in traceroute you get in vlan3 to 3.1 address and router knows where to go for vlan4..
There is not and additional hop between 3.1 and 4.1 because it is the same device..

post your config.. Or follow the advice from th0massin0 and follow the wiki. The recommended setup is the best/fastest option.
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Re: Routing between VLANs

Mon Jan 02, 2017 7:55 pm

It was already configured similar to posted above ...

LAN1 -> vlan3 set ip to that interface
LAN2 -> vlan4 set ip to that interface
Nothing at firewall because of no effect at all ... but if I want to block its works ...


will read wiki ...

And by the way its not hardware routeros device its CHR ...
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: Routing between VLANs

Mon Jan 02, 2017 8:27 pm

If it is aCHR then you dont have a Switch menu.
You configure your interfaces in your CHR HOST (ESXi, Hyper-Z etc).
I always configure network interface in the host (tagged) and then use appropriate ether interface in CHR.
So now it makes sense what you have wirten ether3-VLAN3 and ether4-vlan4.


Again plese post
/export compact
and also post how do you have configured your network interfaces in VM host (tagged VLANs or untagged?).

If the correct GW are set on clients then it will route automaticly. No Firewall rules needed. If you want to block access you have to use Firewall rules.
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Re: Routing between VLANs

Mon Jan 02, 2017 9:12 pm

I want to remaind that question is routing between vlan's but all other is working ... internet and so on is working .

Why is treaceroute report that rejected
2 pc (10.4.10.100) 3.132 ms !X 5.970 ms !X 5.938 ms !X
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Routing between VLANs

Mon Jan 02, 2017 9:50 pm

provide config or debug it yourself!
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Re: Routing between VLANs

Mon Jan 02, 2017 10:57 pm

config is quite big because of working system ...
You can check it by your self without my config make 2 interfaces each make separate vlan than need to make route role between them .. each vlan got his own dhcp nat ip (as gateway) filter is clear without rejection ...
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: Routing between VLANs

Mon Jan 02, 2017 11:31 pm

I know that ROS is working as it should. Because I use it on over 100 system (different setups, WiSP, MultiHome, Multiple VLANs, routing, switching etc).

I "decrypted" from your answer you are using NAT. I guess you mean Masquerade if yes disable it for your VLAN segments.
Since you cant/ wont post any aditional info on your end I don't think anyone can help you. If you really wanted help you would post relative exported config so comunity could help you.
 
Ripper
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Thu Aug 05, 2010 1:24 am

Re: Routing between VLANs

Tue Jan 03, 2017 1:04 am

I've single NAT masqurete to out interface wan1 so there is no at each vlan but its works from it ...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Routing between VLANs

Tue Jan 03, 2017 11:39 am

I agree with huntah: I use VLANs a lot, with routing, and it works OK.
You must have made a mistake. I know about that, I also have made mistakes that took me long to find.
Especially when something does not work and you start experimenting and making changes all over the place
it is easy to get into a situation where you are sure that it should work but it doesn't, you check things 20 times,
and in the end the reason still is that you made a wrong setting. It happend to me with BGP. Thread is
still somewhere on the forum.

Sharing the config often allows others to see the mistake quickly because they are not focussed on the
same things. But you are not prepared to do that, so I wish you good luck in finding it yourself.
(finally you will find it!)

Who is online

Users browsing this forum: Semrush [Bot], tinodj and 58 guests