Community discussions

 
TheRockGer
just joined
Topic Author
Posts: 3
Joined: Sat Jun 15, 2019 10:49 pm

Connectivity Issue with CRS328 and SFP-Port

Mon Jun 17, 2019 10:01 pm

<t>Hi, <br/>
i have a simple physical setup like this:<br/>
Internet <-> Modem <-> TUXFirewall <-> MT CRS328 <-> MT RB4011 <br/>
|-> HyperVHost<br/>
In the setup there are some more devices, but these does not play any important role. <br/>
Theoretically, the TUX-Firewall should act as outer Firewall of the DMZ and the MT-RB4011 as inner Firewall towards inside. As the setup is grwoing and only the MT Boxes are new, currently everything that has to do with clients happens in the DMZ. The DMZ should be passed to the RB4011 via an Access Port on the CRS328 with VLAN 10. The RB4011 is connected to the CRS328 with a trunk line, which transports 3 more VLANs which ar desinged to carry specific traffic (VLAN 15: Guest, VLAN 20: new inside, VLAN 25: Thinclients without access to any other than terminal server and management). The RB4011 has a foot in every network, but the TUXFirewall has the routes for alle availible networks.
The HyperV-Host, that is connected to an SFP-Trunk-Port via an direct attached cable on the CRS328 containes several VMs which are currently all in the DMZ (VLAN10).
</t>

Code: Select all

The RB4011 has this configuration:
# jun/17/2019 20:48:19 by RouterOS 6.44.3
# model = RB4011iGS+
/interface bridge
add name=global_bridge priority=0x900 vlan-filtering=yes
/interface vlan
add interface=global_bridge name=DMZ vlan-id=10
add interface=global_bridge name=Guest vlan-id=15
add interface=global_bridge name=ThinClients vlan-id=25
add interface=global_bridge name=inside vlan-id=20
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/ip pool
add name=Guet ranges=10.0.15.1-10.0.15.250
add name=ThinClients ranges=10.0.25.1-10.0.25.250
add name=inside ranges=10.0.20.1-10.0.20.250
/ip dhcp-server
add add-arp=yes address-pool=Guet disabled=no interface=Guest name=Guest src-address=10.0.15.254
add add-arp=yes address-pool=inside disabled=no interface=inside name=inside src-address=10.0.20.254
add add-arp=yes address-pool=ThinClients disabled=no interface=ThinClients name=ThinClients src-address=10.0.25.254
/interface bridge port
add bridge=global_bridge interface=sfp-sfpplus1
/interface bridge vlan
add bridge=global_bridge tagged=global_bridge,sfp-sfpplus1 vlan-ids=10
add bridge=global_bridge tagged=global_bridge,sfp-sfpplus1 vlan-ids=15
add bridge=global_bridge tagged=global_bridge,sfp-sfpplus1 vlan-ids=20
add bridge=global_bridge tagged=global_bridge,sfp-sfpplus1 vlan-ids=25
/ip address
add address=192.168.100.253/24 interface=DMZ network=192.168.100.0
add address=10.0.15.254/24 interface=Guest network=10.0.15.0
add address=10.0.25.254/24 interface=ThinClients network=10.0.25.0
add address=10.0.20.254/24 interface=inside network=10.0.20.0
/ip dhcp-server network
add address=10.0.15.0/24 dns-server=1.1.1.1 gateway=10.0.15.254
add address=10.0.20.0/24 dns-server=192.168.100.2 gateway=10.0.20.254
add address=10.0.25.0/24 dns-server=192.168.100.2 gateway=10.0.25.254
/ip dns
set allow-remote-requests=yes servers=192.168.100.2
/ip route
add distance=1 gateway=192.168.100.10
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=H42WLC1
The configuration of the CRS328:

Code: Select all

# feb/12/1970 09:41:01 by RouterOS 6.44.3
#
# model = CRS328-24P-4S+
/interface bridge
add ingress-filtering=yes name=bridge priority=0x1000 vlan-filtering=yes
/interface vlan
add interface=bridge name=mgmt vlan-id=25
/interface bridge port
add bridge=bridge interface=sfp-sfpplus2 pvid=25
add bridge=bridge interface=sfp-sfpplus4 pvid=25
add bridge=bridge interface=ether1 pvid=10
add bridge=bridge interface=ether2 pvid=15
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether4 pvid=25
/interface bridge vlan
add bridge=bridge tagged=sfp-sfpplus2,sfp-sfpplus4 untagged=ether1,ether14,ether13,ether15,ether16 vlan-ids=10
add bridge=bridge tagged=sfp-sfpplus2,sfp-sfpplus4 vlan-ids=15
add bridge=bridge tagged=sfp-sfpplus2,sfp-sfpplus4 untagged=ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16 vlan-ids=20
add bridge=bridge tagged=sfp-sfpplus2,sfp-sfpplus4,bridge vlan-ids=25
/ip address
add address=10.0.25.253/24 interface=mgmt network=10.0.25.0
/ip dns
set servers=192.168.100.1
/ip route
add distance=1 gateway=10.0.25.254
/system identity
set name=H42SW2
/system routerboard settings
set boot-os=router-os
The issue i have is, when pinging the HyperV-Host (192.168.100.250) form e.g. the switch, i receive every paket double:

Code: Select all

[admin@H42SW2] > ping 192.168.100.250
SEQ HOST SIZE TTL TIME STATUS
0 192.168.100.250 timeout
1 192.168.100.250 56 127 0ms
1 192.168.100.250 56 127 0ms
2 192.168.100.250 56 127 0ms
2 192.168.100.250 56 127 0ms
3 192.168.100.250 56 127 0ms
3 192.168.100.250 56 127 0ms
4 192.168.100.250 56 127 0ms
4 192.168.100.250 56 127 0ms
5 192.168.100.250 56 127 0ms
5 192.168.100.250 56 127 0ms
6 192.168.100.250 56 127 0ms
6 192.168.100.250 56 127 0ms
7 192.168.100.250 56 127 0ms
7 192.168.100.250 56 127 0ms
8 192.168.100.250 56 127 0ms
8 192.168.100.250 56 127 0ms
9 192.168.100.250 56 127 0ms
9 192.168.100.250 56 127 0ms
10 192.168.100.250 56 127 0ms
sent=11 received=19 packet-loss=-72% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
SEQ HOST SIZE TTL TIME STATUS
10 192.168.100.250 56 127 0ms
sent=11 received=20 packet-loss=-81% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
But when pinging the TUXFirewall everything seems to be alright:

Code: Select all

[admin@H42SW2] > ping 192.168.100.10
SEQ HOST SIZE TTL TIME STATUS
0 192.168.100.10 56 63 0ms
1 192.168.100.10 56 63 0ms
2 192.168.100.10 56 63 0ms
3 192.168.100.10 56 63 0ms
4 192.168.100.10 56 63 0ms
5 192.168.100.10 56 63 0ms
6 192.168.100.10 56 63 0ms
7 192.168.100.10 56 63 0ms
8 192.168.100.10 56 63 0ms
9 192.168.100.10 56 63 0ms
10 192.168.100.10 56 63 0ms
11 192.168.100.10 56 63 0ms
12 192.168.100.10 56 63 0ms
13 192.168.100.10 56 63 0ms
14 192.168.100.10 56 63 0ms
15 192.168.100.10 56 63 0ms
16 192.168.100.10 56 63 0ms
17 192.168.100.10 56 63 0ms
18 192.168.100.10 56 63 0ms
19 192.168.100.10 56 63 0ms
sent=20 received=20 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
I wand to make sure before blaming the Server-Guy, that the MT configuration is alright.
I appreachiate every help! If any information are missing, please let me know!
Thanks,
Jan

Who is online

Users browsing this forum: No registered users and 8 guests