Community discussions

MikroTik App
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Problems with Vlans.

Thu Mar 08, 2018 7:06 pm

Hi, I'm trying to create a network with vlans, but the final device (PC with XP) can't get IP from DHCP server.

I'm running x86 version of RouterOS (6.40.6) and a IOSvL2 Cisco switch.

Topology:

https://prnt.sc/iok75n

MK Config:
/interface ethernet
set [ find default-name=ether3 ] name=ether1-WAN
set [ find default-name=ether4 ] name=ether2
set [ find default-name=ether1 ] name=ether3
set [ find default-name=ether2 ] name=ether4
/interface vlan
add interface=ether2 name=vlan-10 vlan-id=10
/ip pool
add name=dhcp_pool0 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether4 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan-10 name=dhcp2
/ip address
add address=192.168.137.1/30 interface=ether1-WAN network=192.168.137.0
add address=192.168.40.1/24 interface=ether4 network=192.168.40.0
add address=192.168.10.1/24 interface=vlan-10 network=192.168.10.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.40.0/24 gateway=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN
/ip route
add distance=1 gateway=192.168.137.2
Cisco running config:
Current configuration : 3620 bytes
!
! Last configuration change at 16:00:09 UTC Thu Mar 8 2018
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!         
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
! 
!
!
!
!
!
!
!
!
!         
!
!
!
interface GigabitEthernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 media-type rj45
 negotiation auto
!         
interface GigabitEthernet1/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/3
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/3
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/3
 media-type rj45
 negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
 login    
!
!
end
Regards.
Last edited by krafg on Fri Mar 09, 2018 1:10 pm, edited 1 time in total.
 
skuykend
Member Candidate
Member Candidate
Posts: 274
Joined: Tue Oct 06, 2015 7:28 am

Re: Problems with Vlans.

Thu Mar 08, 2018 7:39 pm

Mikrotik config seems fine to me. Not too familiar with cisco, but don't you need to set up what vlans are allowed on what ports (specifically 0/0 AND 0/1), other than just the switchport access vlan?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 7:56 pm

Probably, but if I add:

interface GigabitEthernet0/0
switchport trunk allowed vlan 1,10

still not working.

In the g0/1 I can't find a command to specify allowed vlans when it's in Access mode.

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:27 pm

Probably, but if I add:

interface GigabitEthernet0/0
switchport trunk allowed vlan 1,10

still not working.

In the g0/1 I can't find a command to specify allowed vlans when it's in Access mode.

Regards.
This is supposed to be a Mikrotik forum, right?

On a Cisco port in access mode, there is only one VLAN, and you have stated that correctly:
switchport access vlan 10
switchport mode access
On the trunk port,
switchport trunk allowed vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
is also fine.

(you can have one of the VLANs on a trunk port tagless on the wire if you configure "switchport trunk native vlan X", but that's still not called an Access port - Cisco doesn't call it a special name at all and all others call it a Hybrid port).

I'm afraid there may be an issue that you have to create the vlan 10 as such. What does "show vlan" say, is it in the list? If not,
conf t
vlan 10
exit
exit
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:33 pm

Yes, the first that I did, was create the vlan 10.

Comands:
enable
configure terminal
vlan 10
name vlan-10
exit
Results:

https://prnt.sc/iolcx7

It's very very strange.

Regards
Last edited by krafg on Fri Mar 09, 2018 1:09 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:41 pm

Fine. What does "show mac address-table interface gigabitEthernet 0/0" and "show mac address-table interface gigabitEthernet 0/1" say?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:46 pm

 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:49 pm

that's the previous picture :-)

Can you instead copy the text, paste it here and mark it as code?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 8:54 pm

Sorry, there is the code:
Switch#show mac address-table int g0/0 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0800.2774.26a3    DYNAMIC     Gi0/0
  10    0800.2774.26a3    DYNAMIC     Gi0/0
Total Mac Addresses for this criterion: 2
Switch#show mac address-table int g0/1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  10    0800.27dd.d24f    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 1
Switch#
Regards.
Last edited by krafg on Fri Mar 09, 2018 1:11 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 9:11 pm

In your RB setup, you're renaming the ports in a way which can cause confusion. According to the config, the trunk port to connect to cisco seems to be physical port ether4 (probably the right-most) while all the naming in the config suggests port ether2 (probably the second from left). I'd verify that and possibly remove renaming or do renaming to less confusing port names.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 9:19 pm

Unglaublich. I would expect to see the MAC address of the Mikrotik at gi 0/0, instead there is one from "PCS Systemtechnik GmbH", another one from the same manufacturer is at gi 0/1.

Have you changed the MAC address on the Mikrotik to that 08:00:27:something? I don't get how it could be learned in both VLAN 1 and VLAN 10 if the connected device would not have both VLANs activated (some VLAN tagless and the other VLAN 10 tagged).

Also, I'm a bit lost in your renaming of Ethernet ports and the picture. Your Mikrotik configuration says:
/interface ethernet
set [ find default-name=ether3 ] name=ether1-WAN
set [ find default-name=ether4 ] name=ether2
set [ find default-name=ether1 ] name=ether3
set [ find default-name=ether2 ] name=ether4

/interface vlan
add interface=ether2 name=vlan-10 vlan-id=10
whereas the picture shows that Gi0/0 of Cisco is connected to e0/1 of 'Tik. Are you sure you have not messed up the connection or configuration? Not that it would explain why the device actually connected to Gi0/0 has VLAN 10 tagged on it.

It should not be necessary in 6.40.6, but try to insert a bridge between vlan10 and ether2:
/interface bridge add name=X
/interface vlan set interface=X [find vlan-id=10]
/interface bridge port add bridge=X interface=ether2
There were issues with vlan interfaces being directly attached to physical interfaces in some 6.41 rcs, maybe 6.40.6 is affected.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:05 pm

Ok, I reconfigured again without renaming interfaces. I changed device. Post config and topology again:

Topology:

Image

RouterOS Config:
/interface vlan
add interface=ether2 name=vlan-10 vlan-id=10
/ip pool
add name=dhcp_pool1 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface=ether4 name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no interface=vlan-10 name=dhcp2
/ip address
add address=192.168.137.1/30 interface=ether1 network=192.168.137.0
add address=192.168.40.1/24 interface=ether4 network=192.168.40.0
add address=192.168.10.1/24 interface=vlan-10 network=192.168.10.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.40.0/24 gateway=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=192.168.137.2
Cisco Show Run:
Current configuration : 3656 bytes
!
! Last configuration change at 19:37:38 UTC Thu Mar 8 2018
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!         
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
! 
!
!
!
!
!
!
!
!
!         
!
!
!
interface GigabitEthernet0/0
 switchport trunk allowed vlan 1,10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/3
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet2/3
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet3/3
 media-type rj45
 negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
Cisco Show Vlan:
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/2, Gi0/3, Gi1/0, Gi1/1
                                                Gi1/2, Gi1/3, Gi2/0, Gi2/1
                                                Gi2/2, Gi2/3, Gi3/0, Gi3/1
                                                Gi3/2, Gi3/3
10   vlan-10                          active    Gi0/1
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup
Cisco Show Mac-Address G0/0 and G0/1:
Switch#show mac address-table int g0/0
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0800.27bb.94c7    DYNAMIC     Gi0/0
  10    0800.27bb.94c7    DYNAMIC     Gi0/0
Total Mac Addresses for this criterion: 2
Switch#show mac address-table int g0/1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  10    0800.27dd.d24f    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 1
Windows 7 Machine:

Image

Windows XP Machine:

Image

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:20 pm

OK. I've missed that you're running an x86 version of RouterOS, that explains the unusual MAC addresses.

Now can you configure the IP address and mask manually on the WinXP machine to 192.168.10.2 and 255.255.255.0 and then try to ping the 192.168.10.1 from there? Maybe the VLAN part is fine but there is some issue with the DHCP server.

Also, can you create a Vlan10 interface in the Cisco, assign it 192.168.10.3/24 and try to ping it from both sides?

Is everything virtual or are there some physical components in your setup?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:26 pm

Its everything virtual.

I'm going to try it.

Regards.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:38 pm

Windows XP Machine configured:

Image

Cisco configured:
interface GigabitEthernet3/3
 media-type rj45
 negotiation auto
!
interface Vlan10
 ip address 192.168.10.3 255.255.255.0
!
Ping results on Cisco:
Switch#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
Ping results on Windows XP Machine:
C:\Documents and Settings\User>ping 192.168.10.1

Haciendo ping a 192.168.10.1 con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estadísticas de ping para 192.168.10.1:
    Paquetes: enviados = 4, recibidos = 0, perdidos = 4
    (100% perdidos),

C:\Documents and Settings\User>ping 192.168.10.2

Haciendo ping a 192.168.10.2 con 32 bytes de datos:

Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128

Estadísticas de ping para 192.168.10.2:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 0ms, Máximo = 0ms, Media = 0ms

C:\Documents and Settings\User>ping 192.168.10.3

Haciendo ping a 192.168.10.3 con 32 bytes de datos:

Respuesta desde 192.168.10.3: bytes=32 tiempo=6ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=6ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=41ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=8ms TTL=255

Estadísticas de ping para 192.168.10.3:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 6ms, Máximo = 41ms, Media = 15ms
Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:55 pm

OK, so the XP can ping the cisco but not vice versa, assuming it is because the XP's firewall drops the incoming icmp echo requests. But there is no firewall on the Mikrotik.

I would continue by spawning another Cisco with similar configuration (VLAN 10 on a trunk port and an IP address on it) and connecting it to the existing CIsco instead of the Mikrotik, and another Mikrotik with VLAN 10 and an IP address on it connected to the existing Mikrotik, and pinging between each pair, to see whether it is the virtual environment or one of the virtual switches/routers what has a problem with tagged packets.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 10:58 pm

I tried with ROS 6.36 and ROS 6.40, and no changes.

With a Cisco 3745 still not working.

Regards.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 11:10 pm

Ok, you say something like this?

Image

Regards.
Last edited by krafg on Thu Mar 08, 2018 11:59 pm, edited 1 time in total.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Thu Mar 08, 2018 11:49 pm

Config first switch:
interface GigabitEthernet0/0
 switchport trunk allowed vlan 1,10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport trunk allowed vlan 1,10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface Vlan10
 ip address 192.168.10.3 255.255.255.0
Note: G0/2 go to second switch.

Config second switch:
interface GigabitEthernet0/0
 switchport trunk allowed vlan 1,10
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
 !
 interface Vlan10
 ip address 192.168.10.4 255.255.255.0
Note: G0/0 go to first switch.

Ping first switch:
Switch#ping 192.168.10.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/33/48 ms
Switch#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/14/34 ms
Switch#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Ping Second Switch:
Switch#ping 192.168.10.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/33 ms
Switch#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/83 ms
Switch#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Ping Windows XP Machine:
C:\Documents and Settings\User>ping 192.168.10.4

Haciendo ping a 192.168.10.4 con 32 bytes de datos:

Respuesta desde 192.168.10.4: bytes=32 tiempo=79ms TTL=255
Respuesta desde 192.168.10.4: bytes=32 tiempo=36ms TTL=255
Respuesta desde 192.168.10.4: bytes=32 tiempo=22ms TTL=255
Respuesta desde 192.168.10.4: bytes=32 tiempo=19ms TTL=255

Estadísticas de ping para 192.168.10.4:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 19ms, Máximo = 79ms, Media = 39ms

C:\Documents and Settings\User>ping 192.168.10.3

Haciendo ping a 192.168.10.3 con 32 bytes de datos:

Respuesta desde 192.168.10.3: bytes=32 tiempo=71ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=9ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=13ms TTL=255
Respuesta desde 192.168.10.3: bytes=32 tiempo=9ms TTL=255

Estadísticas de ping para 192.168.10.3:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 9ms, Máximo = 71ms, Media = 25ms

C:\Documents and Settings\User>ping 192.168.10.2

Haciendo ping a 192.168.10.2 con 32 bytes de datos:

Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.10.2: bytes=32 tiempo<1m TTL=128

Estadísticas de ping para 192.168.10.2:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 0ms, Máximo = 0ms, Media = 0ms

C:\Documents and Settings\User>ping 192.168.10.1

Haciendo ping a 192.168.10.1 con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estadísticas de ping para 192.168.10.1:
    Paquetes: enviados = 4, recibidos = 0, perdidos = 4
    (100% perdidos),
Regards.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 12:17 am

First Mikrotik:

Image

Second Mikrotik:

Image

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 10:49 am

In the original Mikrotik, you should disable the vlan-10-old interface and IP address associated to it before testing as it may cause some confusion.

It is clear that the virtualization environment can pass the tagged packets between virtual machines as the two Ciscos can see each other.

Other than that, I can only repeat the suggestion to insert a bridge between the "interface vlan" and the "physical" interface etherX.
 
SamanthaCooper
just joined
Posts: 1
Joined: Fri Mar 09, 2018 12:38 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 12:44 pm

Mikrotik config seems fine to me.

http://www.aicedu.lk/study-in-australia/
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 3:30 pm

It works!

First MK:

Image

Second MK:

Image

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 3:50 pm

It works!
So if I understand the pictures properly, you have only disabled the conflicting old vlan10 and the 'Tiks started talking to each other, right? No need to insert the bridge.

So Cisco can talk to Cisco and Mikrotik can talk to Mikrotik but they do not like each other. Can you now keep the zoo as it is (2 Ciscos, 2 'Tiks) and just connect one of the Ciscos with one of the 'Tiks to re-confirm that there is still an issue? If it is, can you run packet sniffer into a pcap file on the Cisco-facing interface of the Mikrotik and try to ping from both ends of the "wire", and then post the capture? I really wonder what happens there.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 4:04 pm

No, without bridge in both Mikrotiks don't works.

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 4:32 pm

No, without bridge in both Mikrotiks don't works.
Understood, and if you connect a Mikrotik with bridge to Cisco, is it OK too?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 4:36 pm

If I connect the Mikrotik bridged to Cisco, Mikrotik forces me to change IP from vlan10 interface to bridge interface because vlan10 is a slave of the bridge.

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 4:55 pm

If I connect the Mikrotik bridged to Cisco, Mikrotik forces me to change IP from vlan10 interface to bridge interface because vlan10 is a slave of the bridge.
Regards.
In that case I don't understand how did you make it. What I had in mind was:
/interface bridge add name=my-bridge protocol=none
/interface bridge port add bridge=my-bridge interface=ether2
/interface vlan add name=vlan-10 vlan-id=10 interface=my-bridge
/ip address add address=192.168.10.3/24 interface=vlan-10

So the result would be
ether2
   \
   my-bridge
        \
	tagged---vlan-10---tagless
                                 \
				 IP address
Plus, regardless how it was done before, I don't get why reconnection of the "ethernet" port from one remote equipment to another should force you to change any configuration inside Mikrotik.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 6:24 pm

In any case, in the second Mikrotik (without dhcp) I no have problems creating the bridge and connecting with Cisco.

Results MK:

Image

Results Cisco:
Switch#ping 192.168.10.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Fri Mar 09, 2018 6:43 pm

It is still not the configuration I've suggested. You have connected the tagged side of the "interface vlan" directly to ether1, and you've made its tagless side a member of a bridge to which the IP confguration is attached.

What I suggest is this:
ether1
   \
   my-bridge
        \
	tagged---vlan-10---tagless
                                 \
				 IP address, DHCP server
What you've done is this:
ether1
   \
   tagged---vlan-10---tagless
                            \
                            my-bridge
                                   \
                                  IP address, DHCP server
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Sat Mar 10, 2018 2:42 am

Ok, I'm going rely on your commands:
[quote]/interface bridge add name=my-bridge protocol=none
/interface bridge port add bridge=my-bridge interface=ether2
/interface vlan add name=vlan-10 vlan-id=10 interface=my-bridge
/ip address add address=192.168.10.3/24 interface=vlan-10[/quote]
For this case, the physical port is ether1 on "Mikrotik 2".

Final configuration:
/interface bridge
add name=my-bridge protocol-mode=none
/interface ethernet
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
/interface vlan
add interface=my-bridge name=vlan-10-testing vlan-id=10
/interface bridge port
add bridge=my-bridge interface=ether1
/ip address
add address=192.168.10.5/24 interface=vlan-10-testing network=192.168.10.0
Graphic Config:

Image

Results:

Mikrotik can't ping Cisco.
Cisco can't ping Mikrotik.

Regards.
Last edited by krafg on Sat Mar 10, 2018 3:11 am, edited 1 time in total.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Sat Mar 10, 2018 2:59 am

Now, I'm going to work on first MK relying on your commands:
[quote]/interface bridge add name=my-bridge protocol=none
/interface bridge port add bridge=my-bridge interface=ether2
/interface vlan add name=vlan-10 vlan-id=10 interface=my-bridge
/ip address add address=192.168.10.3/24 interface=vlan-10[/quote]
Notes:
IP: 192.168.10.3 Is the IP of Cisco. For this, i'm going to set it to 192.168.10.1/24.

Graphic Config:

Image

Terminal Config:
[b]/interface bridge
add name=my-bridge protocol-mode=none[/b]
/interface ethernet
set [ find default-name=ether3 ] disabled=yes
[b]/interface vlan
add interface=my-bridge name=vlan-10 vlan-id=10[/b]
add disabled=yes interface=ether3 name=vlan-10-testing vlan-id=10
/ip pool
add name=dhcp_pool1 ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface=ether4 name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no interface=vlan-10 name=dhcp2
[b]/interface bridge port
add bridge=my-bridge interface=ether2[/b]
[b]/ip address[/b]
add address=192.168.137.1/30 interface=ether1 network=192.168.137.0
add address=192.168.40.1/24 interface=ether4 network=192.168.40.0
[b]add address=192.168.10.1/24 interface=vlan-10 network=192.168.10.0[/b]
add address=192.168.10.6/24 disabled=yes interface=vlan-10-testing network=192.168.10.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.40.0/24 gateway=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=192.168.137.2
Results:
-Can't get IP over DHCP.
-Mikrotik can't ping Cisco.
-Cisco can't ping Mikrotik.

Regards.
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.

Sat Mar 10, 2018 3:06 am

Finally, this is the actual topology:

Image

Regards.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Problems with Vlans.

Sat Mar 10, 2018 8:49 am

Hm. Can you please re-establish the configuration where the two Mikrotiks could ping each other and export their configuration as text?
 
User avatar
krafg
Forum Guru
Forum Guru
Topic Author
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Problems with Vlans.  [SOLVED]

Tue Jan 15, 2019 2:31 am

Problem solved using CHR though QEMU. Probably vlan support between QEMU and VMware isn't supported yet.

Regards.

Who is online

Users browsing this forum: syslog and 84 guests