Community discussions

 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Internal Vlans issue

Wed Oct 30, 2019 12:21 pm

I have 3 vlans are from 1 mikrotik to local all POP switches and clients i.e
Vlan 1 is for my switches management IP Pool 192.168.10.1/24( static Pool)
Vlan 2 is for my switches management IP Pool 10.0.2.1/24(static Pool)
Vlan 100 if for my clients in branch office. 172.17.112.1/22( DHCP Pool)

I have ping, telnet my both vlan switches ip's from the Vlan100, Coming vlan1 it was not working and when i did tracert it was going to my upstream provider, Vlan2 all switches are able ping and telnet from the vlan100 clients end.

I have not done any nating or routing for any vlan's.

Please help me on this.
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Wed Oct 30, 2019 1:08 pm

Below attached sample network diagram.
vlans.png
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Wed Oct 30, 2019 1:18 pm

Somewhere you have to do routing between different subnets (VLANs ... that's 10.0.2.0/24, 192.168.10.0/24 and 172.17.112.0/22 ... the most sensible point would be your main router. To make sure only allowed/required connections between the 3 subnets, you should create appropriate firewall rules.
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Wed Oct 30, 2019 3:35 pm

I need to know which firewall rules have to be add?
Somewhere you have to do routing between different subnets (VLANs ... that's 10.0.2.0/24, 192.168.10.0/24 and 172.17.112.0/22 ... the most sensible point would be your main router. To make sure only allowed/required connections between the 3 subnets, you should create appropriate firewall rules.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Wed Oct 30, 2019 3:52 pm

I need to know which firewall rules have to be add?

Not to guess too much ... post your current config of your main router (execute /export hide-sensitive and post output in [code][/code] environment ... redact public IP address if there is any).
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Thu Oct 31, 2019 8:43 am

login as: admin
admin@***'s password:








MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 6.45.7 (c) 1999-2019 http://www.mikrotik.com/

[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options

/ Move up to base level
.. Move up one level
/command Use command at the base level

[admin@E4:8D:8C:2B:96:B7] > export hide-sensitive
# oct/31/2019 11:59:43 by RouterOS 6.45.7
# software id = V2CY-99AW
#
# model = CCR1036-12G-4S
# serial number = 574F0575E839
/interface ethernet
set [ find default-name=ether1 ] comment=PPPOE-LAN
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] comment=Bras-Gig-1 speed=100Mbps
set [ find default-name=ether5 ] disabled=yes speed=100Mbps
set [ find default-name=ether6 ] comment=IPv6-BGP-Gig2/18 speed=100Mbps
set [ find default-name=ether7 ] disabled=yes speed=100Mbps
set [ find default-name=ether8 ] comment=BGP-Gig-2/1 speed=100Mbps
set [ find default-name=ether9 ] comment=BGP-Gig-2/6 mac-address=\
E4:8D:8C:2B:96:B7 speed=100Mbps
set [ find default-name=ether10 ] comment=BGP-Gig-2/4 disabled=yes \
mac-address=E4:8D:8C:2B:96:B7 speed=100Mbps
set [ find default-name=ether11 ] comment=BGP-Gig-2/5 disabled=yes \
mac-address=E4:8D:8C:2B:96:B7 speed=100Mbps
set [ find default-name=ether12 ] comment=BGP-Gig-2/19 disabled=yes \
mac-address=E4:8D:8C:2B:96:B7 speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-full,100M-full,1000M-full \
comment=ASR-Gi0/0
set [ find default-name=sfp2 ] advertise=10M-full,100M-full,1000M-full \
comment=ASR-Gi0/1 disabled=yes mac-address=E4:8D:8C:2B:96:AC
set [ find default-name=sfp3 ] advertise=10M-full,100M-full,1000M-full \
comment=ASR-Gi0/2 disabled=yes mac-address=E4:8D:8C:2B:96:AC
set [ find default-name=sfp4 ] advertise=10M-full,100M-full,1000M-full \
comment=ASR-Gi0/3 disabled=yes mac-address=E4:8D:8C:2B:96:AC
/interface vlan
add interface=ether1 name=vlan1 vlan-id=1
add interface=ether1 name=vlan2 vlan-id=2
add comment=ipv6 interface=ether1 name=vlan100 vlan-id=100
add interface=ether1 name=vlan102 vlan-id=102
add comment="Space Vision" interface=ether1 name=vlan103 vlan-id=103
add interface=ether1 name=vlan105 vlan-id=105
add comment="Sumantha Networks" interface=ether1 name=vlan108 vlan-id=108
add interface=ether1 name=vlan114 vlan-id=114
add comment=Hotspot disabled=yes interface=ether1 name=vlan136 vlan-id=136
add interface=ether1 name=vlan137 vlan-id=137
add comment=VIP-Pool interface=ether1 name=vlan139 vlan-id=139
add interface=ether1 name=vlan140 vlan-id=140
add comment=MYP-DP interface=ether1 name=vlan146 vlan-id=146
add interface=ether1 name=vlan147 vlan-id=147
add interface=ether1 name=vlan148 vlan-id=148
add interface=ether1 name=vlan154 vlan-id=154
add interface=ether1 name=vlan157 vlan-id=157
add interface=ether1 name=vlan166 vlan-id=166
add interface=ether1 name=vlan176 vlan-id=176
add comment=ipv6 interface=ether1 name=vlan178 vlan-id=178
add interface=ether1 name=vlan182 vlan-id=182
add comment=MDP-DP-2 interface=ether1 name=vlan188 vlan-id=188
add comment="010188-Saketh Comm" interface=ether1 name=vlan197 vlan-id=197
add interface=ether1 name=vlan198 vlan-id=198
add comment=022742 interface=ether1 name=vlan203 vlan-id=203
add interface=ether1 name=vlan207 vlan-id=207
add comment=MDP-DP interface=ether1 name=vlan218 vlan-id=218
add comment=010601-Jithu interface=ether1 name=vlan227 vlan-id=227
add comment=010310-Jithu interface=ether1 name=vlan228 vlan-id=228
add interface=ether1 name=vlan244 vlan-id=244
add comment=020920 interface=ether1 name=vlan247 vlan-id=247
add interface=ether1 name=vlan263 vlan-id=263
add comment="021102_J.S.S Communication" disabled=yes interface=ether1 name=\
vlan266 vlan-id=266
/interface bonding
add mode=802.3ad name=ASR-Bonding slaves=sfp1,sfp2,sfp3,sfp4 \
transmit-hash-policy=layer-2-and-3
add mode=802.3ad name="Bonding WAN" slaves=\
ether12,ether11,ether10,ether9,ether8 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=speedtest regexp="^.+(speedtest).*\\\$"
/ip hotspot profile
set [ find default=yes ] html-directory=vlan136 login-by="" name=Hotspot
/ip hotspot user profile
set [ find default=yes ] shared-users=10
/ip pool
add name=PPPOE ranges=172.21.2.2-172.21.5.254
add name=non-payment ranges=192.168.254.2-192.168.255.254
add name=Publi-IP next-pool=PPPOE ranges=***
add name=dhcp_pool3 ranges=10.10.10.20-10.10.10.254
add name=Public-IP2-1 next-pool=PPPOE ranges=***
add name=dhcp_pool6 ranges=172.18.36.20-172.18.37.254
add name=dhcp_pool7 ranges=172.17.113.1-172.17.115.254
/ip dhcp-server
add address-pool=dhcp_pool3 interface=vlan136 lease-time=14h10m name=dhcp1
add address-pool=dhcp_pool6 disabled=no interface=vlan178 lease-time=1d name=\
dhcp2
add address-pool=dhcp_pool7 disabled=no interface=vlan100 lease-time=1d name=\
dhcp3
/ip pool
add name=Public-IP2 next-pool=Public-IP2-1 ranges=\
***
/ipv6 dhcp-server
add address-pool=IPv6-Pool interface=vlan100 name=vlan100
add address-pool=IPv6-Pool interface=vlan178 name=vlan178
add address-pool=IPv6-Pool interface=vlan102 name=vlan102
/ipv6 pool
add name=IPv6-Pool prefix=1:1:1:0::/56 prefix-length=64
/ppp profile
add dns-server=8.8.8.8 idle-timeout=10m local-address=192.168.254.1 name=\
non-payment remote-address=non-payment
/queue type
add kind=pcq name=peer100 pcq-classifier=src-address,dst-address pcq-limit=\
500KiB pcq-rate=100M pcq-total-limit=20000KiB
add kind=pcq name=peer20 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=20M pcq-src-address6-mask=64
add kind=pcq name=peer30 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=30M pcq-src-address6-mask=64
add kind=pcq name=peer40 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=40M pcq-src-address6-mask=64
add kind=pcq name=peer10 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=10M pcq-src-address6-mask=64
add kind=pcq name=peer50 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=50M pcq-src-address6-mask=64
add kind=pcq name=peer15 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=15M pcq-src-address6-mask=64
add kind=pcq name=peer200 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=200M pcq-src-address6-mask=64
add kind=pcq name=peer4 pcq-classifier=src-address,dst-address \
pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
/ppp profile
set *0 dhcpv6-pd-pool=IPv6-Pool dns-server=8.8.8.8 \
local-address=172.21.2.1 queue-type=default remote-address=Public-IP2 \
remote-ipv6-prefix-pool=IPv6-Pool
/queue simple
add name=peer4 packet-marks=peer4,speed4 queue=peer4/peer4 target=""
add name=peer10 packet-marks=peer10,speed10 queue=peer10/peer10 target=""
add name=peer15 packet-marks=peer15,speed15 queue=peer15/peer15 target=""
add name=peer20 packet-marks=peer20,speed20 queue=peer20/peer20 target=""
add name=peer30 packet-marks=peer30,speed30 queue=peer30/peer30 target=""
add name=peer40 packet-marks=peer40,speed40 queue=peer40/peer40 target=""
add name=peer50 packet-marks=peer50,speed50 queue=peer50/peer50 target=""
add name=peer100 packet-marks=peer100,speed100 queue=peer100/peer100 target=\
""
add name=peer200 packet-marks=peer200,speed200 queue=peer200/peer200 target=\
""
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=rvr-public
add addresses=10.10.10.101/32 name=jaze
/system logging action
add name=jaze remote=10.10.10.105 target=remote
/interface bridge port
add interface=ether1
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6
add interface=ether7
add interface=ether8
add interface=ether9
add interface=ether10
add interface=ether11
add interface=ether12
add interface=sfp2
add interface=sfp3
add interface=sfp4
/ipv6 settings
set accept-router-advertisements=yes
/interface pppoe-server server
add authentication=pap disabled=no interface=vlan140 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan140
add authentication=pap disabled=no interface=vlan108 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan108
add authentication=pap disabled=no interface=vlan137 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan137
add authentication=pap disabled=no interface=vlan154 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan154
add authentication=pap disabled=no interface=vlan157 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan157
add authentication=pap disabled=no interface=vlan166 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan166
add authentication=pap disabled=no interface=vlan176 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan176
add authentication=pap disabled=no interface=vlan197 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan197
add authentication=pap disabled=no interface=vlan203 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan203
add authentication=pap disabled=no interface=vlan218 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan218
add authentication=pap disabled=no interface=vlan263 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan263
add authentication=pap disabled=no interface=vlan105 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan105
add authentication=pap disabled=no interface=vlan188 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan188
add authentication=pap disabled=no interface=vlan147 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan147
add authentication=pap disabled=no interface=vlan146 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan146
add authentication=pap disabled=no interface=vlan103 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan103
add authentication=pap disabled=no interface=vlan114 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan114
add authentication=pap disabled=no interface=vlan198 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan198
add authentication=pap disabled=no interface=vlan139 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan139
add authentication=pap disabled=no interface=vlan266 one-session-per-host=yes \
service-name=vlan266
add authentication=pap disabled=no interface=vlan227 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan227
add authentication=pap disabled=no interface=vlan228 keepalive-timeout=20 \
one-session-per-host=yes service-name=vlan228
add authentication=pap disabled=no interface=vlan247 one-session-per-host=yes \
service-name=vlan247
add authentication=pap disabled=no interface=vlan244 one-session-per-host=yes \
service-name=vlan244
add authentication=pap disabled=no interface=vlan182 one-session-per-host=yes \
service-name=vlan182
/ip address
add address=10.10.10.2/30 interface="Bonding WAN" network=10.10.10.0
add address=10.10.10.13/30 interface=ether4 network=10.10.2.136
add address=10.10.10.133/30 interface=ASR-Bonding network=10.10.10.132
add address=172.18.36.4/22 interface=vlan178 network=172.18.36.0
add address=172.17.112.4/22 interface=vlan100 network=172.17.112.0
add address=10.0.2.1/24 interface=vlan2 network=10.0.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=sfp1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.4.4 \
gateway=10.10.10.0
add address=172.17.112.0/22 dns-server=8.8.8.8 gateway=\
172.17.112.4
add address=172.18.36.0/22 dns-server=8.8.8.8 gateway=\
172.18.36.4
/ip dns
set servers="8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:48\
60:4860::8844"
/ip firewall address-list
add address=80.249.208.0/23 comment=AKAMAI list=Peering
add address=206.41.106.0/23 comment=AKAMAI list=Peering
add address=200.0.20.0/23 comment=AKAMAI list=Peering
add address=103.242.152.0/22 comment=rvr list=Peering
add address=203.217.144.0/22 comment=rvr list=Peering
add address=43.243.21.15 comment=akamai list=Peering
add address=43.243.21.53 comment=akamai list=Peering
add address=80.249.208.168 comment=akamai list=Peering
add address=206.41.106.16 comment=akamai list=Peering
add address=200.0.20.25 comment=akamai list=Peering
add address=206.108.115.14 comment=akamai list=Peering
add address=103.247.139.17 comment=akamai list=Peering
add address=192.203.154.177 comment=akamai list=Peering
add address=91.218.7.11 comment=akamai list=Peering
add address=218.100.9.30 comment=akamai list=Peering
add address=218.100.6.67 comment=akamai list=Peering
add address=193.178.185.22 comment=akamai list=Peering
add address=193.169.198.88 comment=akamai list=Peering
add address=203.159.68.40 comment=akamai list=Peering
add address=194.53.172.121 comment=akamai list=Peering
add address=206.108.236.2 comment=akamai list=Peering
add address=193.242.98.157 comment=akamai list=Peering
add address=27.254.16.4 comment=akamai list=Peering
add address=206.41.110.24 comment=akamai list=Peering
add address=206.72.210.82 comment=akamai list=Peering
add address=206.53.202.27 comment=akamai list=Peering
add address=80.81.192.28 comment=akamai list=Peering
add address=80.81.192.168 comment=akamai list=Peering
add address=80.81.195.168 comment=akamai list=Peering
add address=185.1.48.28 comment=akamai list=Peering
add address=185.1.68.64 comment=akamai list=Peering
add address=206.82.104.100 comment=akamai list=Peering
add address=209.124.52.14 comment=akamai list=Peering
add address=192.38.7.24 comment=akamai list=Peering
add address=206.197.210.32 comment=akamai list=Peering
add address=193.25.180.245 comment=akamai list=Peering
add address=198.32.132.73 comment=akamai list=Peering
add address=194.146.118.84 comment=akamai list=Peering
add address=194.146.118.147 comment=akamai list=Peering
add address=62.69.146.12 comment=akamai list=Peering
add address=193.42.155.50 comment=akamai list=Peering
add address=194.59.190.59 comment=akamai list=Peering
add address=178.216.40.224 comment=akamai list=Peering
add address=89.46.145.224 comment=akamai list=Peering
add address=193.149.1.72 comment=akamai list=Peering
add address=206.126.236.102 comment=akamai list=Peering
add address=206.126.236.103 comment=akamai list=Peering
add address=208.115.136.73 comment=akamai list=Peering
add address=206.223.118.102 comment=akamai list=Peering
add address=36.255.56.102 comment=akamai list=Peering
add address=36.255.56.84 comment=akamai list=Peering
add address=183.177.61.3 comment=akamai list=Peering
add address=198.32.124.114 comment=akamai list=Peering
add address=198.32.118.222 comment=akamai list=Peering
add address=203.190.227.20 comment=akamai list=Peering
add address=198.32.176.127 comment=akamai list=Peering
add address=27.111.228.102 comment=akamai list=Peering
add address=27.111.228.250 comment=akamai list=Peering
add address=45.127.172.102 comment=akamai list=Peering
add address=198.32.122.18 comment=akamai list=Peering
add address=203.190.230.22 comment=akamai list=Peering
add address=195.182.218.115 comment=akamai list=Peering
add address=45.120.251.140 comment=akamai list=Peering
add address=45.120.248.11 comment=akamai list=Peering
add address=45.120.248.19 comment=akamai list=Peering
add address=103.77.108.140 comment=akamai list=Peering
add address=103.77.108.134 comment=akamai list=Peering
add address=206.41.108.17 comment=akamai list=Peering
add address=37.49.232.26 comment=akamai list=Peering
add address=37.49.236.168 comment=akamai list=Peering
add address=196.201.2.160 comment=akamai list=Peering
add address=193.136.250.70 comment=akamai list=Peering
add address=206.130.15.8 comment=akamai list=Peering
add address=200.0.18.2 comment=akamai list=Peering
add address=123.255.91.169 comment=akamai list=Peering
add address=123.255.90.169 comment=akamai list=Peering
add address=123.255.91.95 comment=akamai list=Peering
add address=123.255.91.230 comment=akamai list=Peering
add address=123.255.90.184 comment=akamai list=Peering
add address=103.74.224.28 comment=akamai list=Peering
add address=103.28.74.121 comment=akamai list=Peering
add address=185.1.69.16 comment=akamai list=Peering
add address=185.6.36.55 comment=akamai list=Peering
add address=218.100.52.8 comment=akamai list=Peering
add address=218.100.76.16 comment=akamai list=Peering
add address=218.100.54.22 comment=akamai list=Peering
add address=218.100.78.36 comment=akamai list=Peering
add address=198.32.212.44 comment=akamai list=Peering
add address=91.217.231.24 comment=akamai list=Peering
add address=200.192.110.10 comment=akamai list=Peering
add address=200.219.140.132 comment=akamai list=Peering
add address=200.219.146.79 comment=akamai list=Peering
add address=200.219.143.159 comment=akamai list=Peering
add address=45.6.52.192 comment=akamai list=Peering
add address=187.16.220.8 comment=akamai list=Peering
add address=201.131.204.11 comment=akamai list=Peering
add address=86.104.125.80 comment=akamai list=Peering
add address=103.119.232.70 comment=akamai list=Peering
add address=103.246.232.201 comment=akamai list=Peering
add address=210.171.224.201 comment=akamai list=Peering
add address=210.171.224.189 comment=akamai list=Peering
add address=210.173.178.80 comment=akamai list=Peering
add address=210.173.178.92 comment=akamai list=Peering
add address=210.173.176.121 comment=akamai list=Peering
add address=210.173.176.140 comment=akamai list=Peering
add address=206.123.7.18 comment=akamai list=Peering
add address=185.1.110.90 comment=akamai list=Peering
add address=192.145.251.65 comment=akamai list=Peering
add address=195.66.224.168 comment=akamai list=Peering
add address=195.66.226.81 comment=akamai list=Peering
add address=195.66.244.53 comment=akamai list=Peering
add address=206.55.196.30 comment=akamai list=Peering
add address=195.66.246.28 comment=akamai list=Peering
add address=5.57.80.72 comment=akamai list=Peering
add address=5.57.80.73 comment=akamai list=Peering
add address=188.93.170.95 comment=akamai list=Peering
add address=77.95.71.49 comment=akamai list=Peering
add address=206.53.143.2 comment=akamai list=Peering
add address=206.72.208.7 comment=akamai list=Peering
add address=206.71.142.13 comment=akamai list=Peering
add address=206.53.200.11 comment=akamai list=Peering
add address=206.108.255.84 comment=akamai list=Peering
add address=185.1.114.41 comment=akamai list=Peering
add address=217.29.66.166 comment=akamai list=Peering
add address=195.208.209.38 comment=akamai list=Peering
add address=195.208.209.33 comment=akamai list=Peering
add address=194.226.100.131 comment=akamai list=Peering
add address=206.53.170.8 comment=akamai list=Peering
add address=43.243.22.43 comment=akamai list=Peering
add address=103.26.70.39 comment=akamai list=Peering
add address=206.53.174.6 comment=akamai list=Peering
add address=206.53.172.8 comment=akamai list=Peering
add address=103.26.71.63 comment=akamai list=Peering
add address=202.12.243.7 comment=akamai list=Peering
add address=206.53.171.6 comment=akamai list=Peering
add address=103.41.12.18 comment=akamai list=Peering
add address=103.26.68.147 comment=akamai list=Peering
add address=206.53.139.22 comment=akamai list=Peering
add address=103.27.170.104 comment=akamai list=Peering
add address=103.27.170.100 comment=akamai list=Peering
add address=103.27.170.154 comment=akamai list=Peering
add address=218.100.44.170 comment=akamai list=Peering
add address=218.100.44.210 comment=akamai list=Peering
add address=196.10.140.212 comment=akamai list=Peering
add address=196.60.8.212 comment=akamai list=Peering
add address=91.210.16.221 comment=akamai list=Peering
add address=194.30.187.221 comment=akamai list=Peering
add address=193.239.116.226 comment=akamai list=Peering
add address=193.239.117.166 comment=akamai list=Peering
add address=193.239.117.10 comment=akamai list=Peering
add address=198.32.160.47 comment=akamai list=Peering
add address=198.32.146.79 comment=akamai list=Peering
add address=193.201.28.38 comment=akamai list=Peering
add address=193.218.0.91 comment=akamai list=Peering
add address=212.237.192.170 comment=akamai list=Peering
add address=212.237.193.170 comment=akamai list=Peering
add address=194.68.128.170 comment=akamai list=Peering
add address=194.68.123.170 comment=akamai list=Peering
add address=200.0.22.8 comment=akamai list=Peering
add address=206.126.235.4 comment=akamai list=Peering
add address=218.100.36.86 comment=akamai list=Peering
add address=218.100.0.86 comment=akamai list=Peering
add address=218.100.13.78 comment=akamai list=Peering
add address=218.100.2.64 comment=akamai list=Peering
add address=91.213.211.121 comment=akamai list=Peering
add address=198.32.172.64 comment=akamai list=Peering
add address=206.41.105.35 comment=akamai list=Peering
add address=206.53.137.21 comment=akamai list=Peering
add address=103.16.102.77 comment=akamai list=Peering
add address=185.1.15.17 comment=akamai list=Peering
add address=206.81.80.113 comment=akamai list=Peering
add address=206.123.24.105 comment=akamai list=Peering
add address=192.121.80.57 comment=akamai list=Peering
add address=91.206.52.56 comment=akamai list=Peering
add address=196.223.5.54 comment=akamai list=Peering
add address=206.108.114.6 comment=akamai list=Peering
add address=203.163.222.48 comment=akamai list=Peering
add address=201.221.94.2 comment=akamai list=Peering
add address=181.188.0.242 comment=akamai list=Peering
add address=206.41.109.16 comment=akamai list=Peering
add address=212.91.0.251 comment=akamai list=Peering
add address=206.108.34.24 comment=akamai list=Peering
add address=195.35.65.201 comment=akamai list=Peering
add address=185.1.8.16 comment=akamai list=Peering
add address=196.223.25.56 comment=akamai list=Peering
add address=193.203.0.167 comment=akamai list=Peering
add address=193.203.0.168 comment=akamai list=Peering
add address=206.126.225.79 comment=akamai list=Peering
add address=103.204.21.29 comment=col list=Peering
add address=103.204.21.30 comment=col list=Peering
add address=198.32.167.160 comment=Facebook list=Peering
add address=154.73.42.13 comment=Facebook list=Peering
add address=198.32.157.125 comment=Facebook list=Peering
add address=209.124.52.37 comment=Facebook list=Peering
add address=178.216.41.11 comment=Facebook list=Peering
add address=45.120.248.17 comment=Facebook list=Peering
add address=196.223.39.8 comment=Facebook list=Peering
add address=103.104.19.9 comment=Facebook list=Peering
add address=195.66.246.31 comment=Facebook list=Peering
add address=206.53.200.65 comment=Facebook list=Peering
add address=103.116.194.9 comment=Facebook list=Peering
add address=196.10.140.142 comment=Facebook list=Peering
add address=103.104.146.38 comment=Facebook list=Peering
add address=103.82.247.244 comment=Facebook list=Peering
add address=206.41.105.55 comment=Facebook list=Peering
add address=206.108.114.21 comment=Facebook list=Peering
add address=80.249.209.115 comment=Facebook list=Peering
add address=80.249.209.164 comment=Facebook list=Peering
add address=80.249.212.174 comment=Facebook list=Peering
add address=80.249.212.175 comment=Facebook list=Peering
add address=223.31.200.11 comment=Facebook list=Peering
add address=223.31.200.12 comment=Facebook list=Peering
add address=185.1.30.78 comment=Facebook list=Peering
add address=185.1.30.79 comment=Facebook list=Peering
add address=185.1.30.81 comment=Facebook list=Peering
add address=185.1.30.82 comment=Facebook list=Peering
add address=103.203.158.112 comment=Facebook list=Peering
add address=103.203.158.113 comment=Facebook list=Peering
add address=103.203.158.137 comment=Facebook list=Peering
add address=103.203.158.138 comment=Facebook list=Peering
add address=103.231.152.114 comment=Facebook list=Peering
add address=103.231.152.115 comment=Facebook list=Peering
add address=218.100.6.49 comment=Facebook list=Peering
add address=218.100.6.102 comment=Facebook list=Peering
add address=193.178.185.117 comment=Facebook list=Peering
add address=193.178.185.118 comment=Facebook list=Peering
add address=193.169.198.91 comment=Facebook list=Peering
add address=193.169.198.93 comment=Facebook list=Peering
add address=194.53.172.35 comment=Facebook list=Peering
add address=194.53.172.45 comment=Facebook list=Peering
add address=80.97.248.77 comment=Facebook list=Peering
add address=80.97.248.78 comment=Facebook list=Peering
add address=103.105.218.10 comment=Facebook list=Peering
add address=103.105.218.11 comment=Facebook list=Peering
add address=200.0.17.111 comment=Facebook list=Peering
add address=200.0.17.139 comment=Facebook list=Peering
add address=206.72.210.161 comment=Facebook list=Peering
add address=206.72.211.15 comment=Facebook list=Peering
add address=206.51.46.106 comment=Facebook list=Peering
add address=206.51.46.105 comment=Facebook list=Peering
add address=178.18.225.11 comment=Facebook list=Peering
add address=178.18.230.116 comment=Facebook list=Peering
add address=178.18.225.98 comment=Facebook list=Peering
add address=206.53.202.17 comment=Facebook list=Peering
add address=206.53.202.18 comment=Facebook list=Peering
add address=185.1.58.72 comment=Facebook list=Peering
add address=185.1.58.74 comment=Facebook list=Peering
add address=80.81.194.40 comment=Facebook list=Peering
add address=80.81.195.40 comment=Facebook list=Peering
add address=80.81.195.176 comment=Facebook list=Peering
add address=80.81.195.141 comment=Facebook list=Peering
add address=185.1.68.30 comment=Facebook list=Peering
add address=185.1.68.31 comment=Facebook list=Peering
add address=185.1.47.9 comment=Facebook list=Peering
add address=185.1.47.26 comment=Facebook list=Peering
add address=206.82.104.136 comment=Facebook list=Peering
add address=206.82.104.164 comment=Facebook list=Peering
add address=185.1.46.12 comment=Facebook list=Peering
add address=185.1.32.25 comment=Facebook list=Peering
add address=185.1.32.29 comment=Facebook list=Peering
add address=198.32.132.188 comment=Facebook list=Peering
add address=198.32.132.104 comment=Facebook list=Peering
add address=206.126.115.45 comment=Facebook list=Peering
add address=206.126.115.64 comment=Facebook list=Peering
add address=194.9.117.100 comment=Facebook list=Peering
add address=194.9.117.99 comment=Facebook list=Peering
add address=194.146.118.177 comment=Facebook list=Peering
add address=194.146.118.178 comment=Facebook list=Peering
add address=62.69.146.125 comment=Facebook list=Peering
add address=62.69.146.130 comment=Facebook list=Peering
add address=89.46.145.60 comment=Facebook list=Peering
add address=193.149.1.116 comment=Facebook list=Peering
add address=193.149.1.58 comment=Facebook list=Peering
add address=185.79.175.225 comment=Facebook list=Peering
add address=185.79.175.158 comment=Facebook list=Peering
add address=185.1.112.22 comment=Facebook list=Peering
add address=185.1.112.23 comment=Facebook list=Peering
add address=206.126.236.183 comment=Facebook list=Peering
add address=206.126.236.191 comment=Facebook list=Peering
add address=208.115.128.12 comment=Facebook list=Peering
add address=208.115.128.11 comment=Facebook list=Peering
add address=208.115.136.115 comment=Facebook list=Peering
add address=208.115.136.230 comment=Facebook list=Peering
add address=206.223.118.115 comment=Facebook list=Peering
add address=206.223.118.176 comment=Facebook list=Peering
add address=185.1.109.23 comment=Facebook list=Peering
add address=185.1.109.24 comment=Facebook list=Peering
add address=185.1.102.25 comment=Facebook list=Peering
add address=185.1.102.26 comment=Facebook list=Peering
add address=185.1.86.28 comment=Facebook list=Peering
add address=185.1.86.29 comment=Facebook list=Peering
add address=36.255.56.13 comment=Facebook list=Peering
add address=36.255.56.95 comment=Facebook list=Peering
add address=185.1.104.28 comment=Facebook list=Peering
add address=185.1.104.29 comment=Facebook list=Peering
add address=198.32.124.200 comment=Facebook list=Peering
add address=198.32.125.125 comment=Facebook list=Peering
add address=185.1.106.22 comment=Facebook list=Peering
add address=185.1.106.21 comment=Facebook list=Peering
add address=198.32.118.27 comment=Facebook list=Peering
add address=198.32.118.236 comment=Facebook list=Peering
add address=195.42.144.181 comment=Facebook list=Peering
add address=195.42.144.182 comment=Facebook list=Peering
add address=206.223.116.153 comment=Facebook list=Peering
add address=206.223.116.166 comment=Facebook list=Peering
add address=27.111.228.94 comment=Facebook list=Peering
add address=27.111.228.65 comment=Facebook list=Peering
add address=185.1.107.24 comment=Facebook list=Peering
add address=185.1.107.25 comment=Facebook list=Peering
add address=45.127.172.197 comment=Facebook list=Peering
add address=45.127.172.39 comment=Facebook list=Peering
add address=64.191.232.10 comment=Facebook list=Peering
add address=64.191.232.11 comment=Facebook list=Peering
add address=64.191.232.12 comment=Facebook list=Peering
add address=64.191.232.13 comment=Facebook list=Peering
add address=203.190.230.73 comment=Facebook list=Peering
add address=203.190.230.112 comment=Facebook list=Peering
add address=195.182.218.88 comment=Facebook list=Peering
add address=195.182.218.216 comment=Facebook list=Peering
add address=45.120.251.138 comment=Facebook list=Peering
add address=45.120.251.139 comment=Facebook list=Peering
add address=103.77.108.135 comment=Facebook list=Peering
add address=103.77.108.136 comment=Facebook list=Peering
add address=206.41.108.94 comment=Facebook list=Peering
add address=206.41.108.93 comment=Facebook list=Peering
add address=37.49.232.28 comment=Facebook list=Peering
add address=37.49.232.31 comment=Facebook list=Peering
add address=37.49.236.174 comment=Facebook list=Peering
add address=37.49.236.175 comment=Facebook list=Peering
add address=109.239.137.30 comment=Facebook list=Peering
add address=123.255.91.110 comment=Facebook list=Peering
add address=123.255.90.79 comment=Facebook list=Peering
add address=185.6.36.130 comment=Facebook list=Peering
add address=194.88.240.10 comment=Facebook list=Peering
add address=218.100.52.99 comment=Facebook list=Peering
add address=218.100.52.169 comment=Facebook list=Peering
add address=45.6.53.82 comment=Facebook list=Peering
add address=45.6.53.83 comment=Facebook list=Peering
add address=45.6.53.207 comment=Facebook list=Peering
add address=45.6.53.208 comment=Facebook list=Peering
add address=187.16.220.240 comment=Facebook list=Peering
add address=187.16.222.60 comment=Facebook list=Peering
add address=187.16.222.61 comment=Facebook list=Peering
add address=187.16.218.82 comment=Facebook list=Peering
add address=196.216.148.65 comment=Facebook list=Peering
add address=196.216.148.66 comment=Facebook list=Peering
add address=86.104.125.161 comment=Facebook list=Peering
add address=86.104.125.162 comment=Facebook list=Peering
add address=103.119.232.71 comment=Facebook list=Peering
add address=103.119.232.72 comment=Facebook list=Peering
add address=210.171.224.250 comment=Facebook list=Peering
add address=210.171.224.251 comment=Facebook list=Peering
add address=210.173.176.171 comment=Facebook list=Peering
add address=196.60.68.20 comment=Facebook list=Peering
add address=196.60.68.21 comment=Facebook list=Peering
add address=195.66.225.69 comment=Facebook list=Peering
add address=195.66.225.121 comment=Facebook list=Peering
add address=195.66.227.19 comment=Facebook list=Peering
add address=195.66.226.140 comment=Facebook list=Peering
add address=195.66.237.69 comment=Facebook list=Peering
add address=195.66.237.121 comment=Facebook list=Peering
add address=195.66.239.19 comment=Facebook list=Peering
add address=195.66.238.140 comment=Facebook list=Peering
add address=206.55.196.47 comment=Facebook list=Peering
add address=206.55.196.48 comment=Facebook list=Peering
add address=185.1.113.6 comment=Facebook list=Peering
add address=185.1.113.7 comment=Facebook list=Peering
add address=206.108.255.116 comment=Facebook list=Peering
add address=206.108.255.117 comment=Facebook list=Peering
add address=185.1.114.32 comment=Facebook list=Peering
add address=185.1.114.33 comment=Facebook list=Peering
add address=217.29.66.131 comment=Facebook list=Peering
add address=217.29.66.156 comment=Facebook list=Peering
add address=91.212.235.101 comment=Facebook list=Peering
add address=91.212.235.102 comment=Facebook list=Peering
add address=103.26.68.168 comment=Facebook list=Peering
add address=103.26.68.255 comment=Facebook list=Peering
add address=103.27.170.157 comment=Facebook list=Peering
add address=103.27.170.158 comment=Facebook list=Peering
add address=218.100.44.146 comment=Facebook list=Peering
add address=218.100.44.207 comment=Facebook list=Peering
add address=196.60.9.15 comment=Facebook list=Peering
add address=196.60.9.16 comment=Facebook list=Peering
add address=91.210.16.19 comment=Facebook list=Peering
add address=91.210.16.52 comment=Facebook list=Peering
add address=194.30.187.19 comment=Facebook list=Peering
add address=194.30.187.52 comment=Facebook list=Peering
add address=193.239.117.75 comment=Facebook list=Peering
add address=193.239.117.82 comment=Facebook list=Peering
add address=193.239.117.243 comment=Facebook list=Peering
add address=193.239.117.244 comment=Facebook list=Peering
add address=198.32.160.184 comment=Facebook list=Peering
add address=198.32.146.55 comment=Facebook list=Peering
add address=198.32.146.155 comment=Facebook list=Peering
add address=193.201.28.87 comment=Facebook list=Peering
add address=193.201.28.97 comment=Facebook list=Peering
add address=193.218.0.115 comment=Facebook list=Peering
add address=193.218.0.117 comment=Facebook list=Peering
add address=193.218.0.118 comment=Facebook list=Peering
add address=193.218.0.119 comment=Facebook list=Peering
add address=194.68.123.127 comment=Facebook list=Peering
add address=194.68.128.127 comment=Facebook list=Peering
add address=200.23.206.205 comment=Facebook list=Peering
add address=200.23.206.209 comment=Facebook list=Peering
add address=185.1.4.110 comment=Facebook list=Peering
add address=185.1.4.210 comment=Facebook list=Peering
add address=91.213.211.238 comment=Facebook list=Peering
add address=91.213.211.239 comment=Facebook list=Peering
add address=91.213.211.244 comment=Facebook list=Peering
add address=91.213.211.245 comment=Facebook list=Peering
add address=217.156.113.80 comment=Facebook list=Peering
add address=217.156.113.81 comment=Facebook list=Peering
add address=170.246.67.40 comment=Facebook list=Peering
add address=103.16.102.107 comment=Facebook list=Peering
add address=103.16.102.110 comment=Facebook list=Peering
add address=206.81.80.181 comment=Facebook list=Peering
add address=206.81.80.211 comment=Facebook list=Peering
add address=185.1.27.68 comment=Facebook list=Peering
add address=185.1.27.67 comment=Facebook list=Peering
add address=192.121.80.76 comment=Facebook list=Peering
add address=192.121.80.77 comment=Facebook list=Peering
add address=185.1.40.42 comment=Facebook list=Peering
add address=185.1.40.43 comment=Facebook list=Peering
add address=194.116.96.92 comment=Facebook list=Peering
add address=194.116.96.93 comment=Facebook list=Peering
add address=203.163.222.13 comment=Facebook list=Peering
add address=203.163.222.31 comment=Facebook list=Peering
add address=212.91.0.247 comment=Facebook list=Peering
add address=212.91.0.246 comment=Facebook list=Peering
add address=206.108.35.2 comment=Facebook list=Peering
add address=206.108.35.3 comment=Facebook list=Peering
add address=193.203.0.194 comment=Facebook list=Peering
add address=193.203.0.205 comment=Facebook list=Peering
add address=187.16.198.17 comment=AMAZONET list=Peering
add address=187.16.218.145 comment=AMAZONET list=Peering
add address=80.249.210.100 comment=AMAZON list=Peering
add address=80.249.210.217 comment=AMAZON list=Peering
add address=206.108.115.36 comment=AMAZON list=Peering
add address=103.247.139.10 comment=AMAZON list=Peering
add address=223.31.200.0 comment=AMAZON list=Peering
add address=218.100.9.24 comment=AMAZON list=Peering
add address=218.100.6.52 comment=AMAZON list=Peering
add address=218.100.6.207 comment=AMAZON list=Peering
add address=193.178.185.95 comment=AMAZON list=Peering
add address=103.105.218.0 comment=AMAZON list=Peering
add address=206.108.236.70 comment=AMAZON list=Peering
add address=206.108.236.80 comment=AMAZON list=Peering
add address=206.41.110.44 comment=AMAZON list=Peering
add address=206.72.210.146 comment=AMAZON list=Peering
add address=206.72.211.146 comment=AMAZON list=Peering
add address=206.51.46.87 comment=AMAZON list=Peering
add address=206.53.202.25 comment=AMAZON list=Peering
add address=80.81.194.152 comment=AMAZON list=Peering
add address=185.1.68.95 comment=AMAZON list=Peering
add address=185.1.47.48 comment=AMAZON list=Peering
add address=206.82.104.99 comment=AMAZON list=Peering
add address=185.1.46.9 comment=AMAZON list=Peering
add address=209.124.52.35 comment=AMAZON list=Peering
add address=198.32.132.95 comment=AMAZON list=Peering
add address=198.32.132.251 comment=AMAZON list=Peering
add address=206.126.115.37 comment=AMAZON list=Peering
add address=206.126.236.35 comment=AMAZON list=Peering
add address=206.126.236.68 comment=AMAZON list=Peering
add address=208.115.136.98 comment=AMAZON list=Peering
add address=208.115.136.210 comment=AMAZON list=Peering
add address=206.223.118.110 comment=AMAZON list=Peering
add address=206.223.118.150 comment=AMAZON list=Peering
add address=36.255.56.37 comment=AMAZON list=Peering
add address=36.255.56.197 comment=AMAZON list=Peering
add address=206.223.123.35 comment=AMAZON list=Peering
add address=183.177.61.35 comment=AMAZON list=Peering
add address=198.32.124.193 comment=AMAZON list=Peering
add address=198.32.118.102 comment=AMAZON list=Peering
add address=198.32.118.208 comment=AMAZON list=Peering
add address=203.190.227.4 comment=AMAZON list=Peering
add address=198.32.176.36 comment=AMAZON list=Peering
add address=198.32.176.217 comment=AMAZON list=Peering
add address=195.42.144.162 comment=AMAZON list=Peering
add address=206.223.116.177 comment=AMAZON list=Peering
add address=206.223.116.236 comment=AMAZON list=Peering
add address=198.32.134.41 comment=AMAZON list=Peering
add address=27.111.228.87 comment=AMAZON list=Peering
add address=27.111.228.215 comment=AMAZON list=Peering
add address=45.127.172.131 comment=AMAZON list=Peering
add address=45.127.172.231 comment=AMAZON list=Peering
add address=198.32.122.83 comment=AMAZON list=Peering
add address=203.190.230.53 comment=AMAZON list=Peering
add address=195.182.218.5 comment=AMAZON list=Peering
add address=45.120.251.136 comment=AMAZON list=Peering
add address=45.120.248.15 comment=AMAZON list=Peering
add address=45.120.248.14 comment=AMAZON list=Peering
add address=103.77.110.8 comment=AMAZON list=Peering
add address=103.77.110.9 comment=AMAZON list=Peering
add address=103.77.108.137 comment=AMAZON list=Peering
add address=206.41.108.16 comment=AMAZON list=Peering
add address=37.49.232.11 comment=AMAZON list=Peering
add address=37.49.236.118 comment=AMAZON list=Peering
add address=37.49.237.166 comment=AMAZON list=Peering
add address=123.255.91.219 comment=AMAZON list=Peering
add address=123.255.91.218 comment=AMAZON list=Peering
add address=185.6.36.50 comment=AMAZON list=Peering
add address=218.100.52.9 comment=AMAZON list=Peering
add address=218.100.78.50 comment=AMAZON list=Peering
add address=198.32.212.114 comment=AMAZON list=Peering
add address=45.6.52.34 comment=AMAZON list=Peering
add address=187.16.217.20 comment=AMAZON list=Peering
add address=187.16.218.79 comment=AMAZON list=Peering
add address=187.16.221.223 comment=AMAZON list=Peering
add address=187.16.221.224 comment=AMAZON list=Peering
add address=103.119.232.66 comment=AMAZON list=Peering
add address=103.246.232.127 comment=AMAZON list=Peering
add address=210.171.224.127 comment=AMAZON list=Peering
add address=210.171.224.236 comment=AMAZON list=Peering
add address=210.171.224.211 comment=AMAZON list=Peering
add address=210.171.224.212 comment=AMAZON list=Peering
add address=210.173.178.59 comment=AMAZON list=Peering
add address=210.173.178.61 comment=AMAZON list=Peering
add address=210.173.176.188 comment=AMAZON list=Peering
add address=210.173.176.198 comment=AMAZON list=Peering
add address=192.145.251.160 comment=AMAZON list=Peering
add address=192.145.251.159 comment=AMAZON list=Peering
add address=195.66.225.175 comment=AMAZON list=Peering
add address=195.66.237.175 comment=AMAZON list=Peering
add address=195.66.244.42 comment=AMAZON list=Peering
add address=206.55.196.43 comment=AMAZON list=Peering
add address=206.53.143.52 comment=AMAZON list=Peering
add address=206.53.143.53 comment=AMAZON list=Peering
add address=206.108.255.111 comment=AMAZON list=Peering
add address=217.29.67.16 comment=AMAZON list=Peering
add address=194.226.100.44 comment=AMAZON list=Peering
add address=194.226.102.44 comment=AMAZON list=Peering
add address=103.26.71.47 comment=AMAZON list=Peering
add address=202.12.243.22 comment=AMAZON list=Peering
add address=103.41.12.36 comment=AMAZON list=Peering
add address=103.26.68.65 comment=AMAZON list=Peering
add address=103.27.170.190 comment=AMAZON list=Peering
add address=103.27.170.170 comment=AMAZON list=Peering
add address=218.100.44.155 comment=AMAZON list=Peering
add address=218.100.44.219 comment=AMAZON list=Peering
add address=196.10.140.105 comment=AMAZON list=Peering
add address=196.10.140.110 comment=AMAZON list=Peering
add address=196.60.9.105 comment=AMAZON list=Peering
add address=196.60.9.110 comment=AMAZON list=Peering
add address=91.210.16.120 comment=AMAZON list=Peering
add address=185.1.55.60 comment=AMAZON list=Peering
add address=198.32.195.101 comment=AMAZON list=Peering
add address=198.32.195.102 comment=AMAZON list=Peering
add address=198.32.160.64 comment=AMAZON list=Peering
add address=198.32.160.244 comment=AMAZON list=Peering
add address=212.237.192.47 comment=AMAZON list=Peering
add address=212.237.193.47 comment=AMAZON list=Peering
add address=194.68.123.47 comment=AMAZON list=Peering
add address=195.245.240.47 comment=AMAZON list=Peering
add address=195.69.119.47 comment=AMAZON list=Peering
add address=194.68.128.47 comment=AMAZON list=Peering
add address=218.100.13.82 comment=AMAZON list=Peering
add address=218.100.2.152 comment=AMAZON list=Peering
add address=207.231.242.12 comment=AMAZON list=Peering
add address=207.231.243.12 comment=AMAZON list=Peering
add address=207.231.248.12 comment=AMAZON list=Peering
add address=206.80.234.7 comment=AMAZON list=Peering
add address=206.80.234.8 comment=AMAZON list=Peering
add address=206.41.105.70 comment=AMAZON list=Peering
add address=198.179.18.74 comment=AMAZON list=Peering
add address=198.179.18.60 comment=AMAZON list=Peering
add address=206.197.187.65 comment=AMAZON list=Peering
add address=103.16.102.36 comment=AMAZON list=Peering
add address=206.81.80.147 comment=AMAZON list=Peering
add address=206.81.80.248 comment=AMAZON list=Peering
add address=198.32.141.150 comment=AMAZON list=Peering
add address=91.206.52.107 comment=AMAZON list=Peering
add address=203.163.222.10 comment=AMAZON list=Peering
add address=203.163.222.75 comment=AMAZON list=Peering
add address=206.108.35.36 comment=AMAZON list=Peering
add address=206.108.35.37 comment=AMAZON list=Peering
add address=185.1.8.70 comment=AMAZON list=Peering
add address=193.203.0.215 comment=AMAZON list=Peering
add address=206.82.104.71 comment=Limelight list=Peering
add address=185.1.46.1 comment=Limelight list=Peering
add address=198.32.132.50 comment=Limelight list=Peering
add address=206.126.115.27 comment=Limelight list=Peering
add address=194.146.118.93 comment=Limelight list=Peering
add address=62.69.146.76 comment=Limelight list=Peering
add address=193.149.1.91 comment=Limelight list=Peering
add address=185.79.175.217 comment=Limelight list=Peering
add address=206.126.236.123 comment=Limelight list=Peering
add address=198.32.182.55 comment=Limelight list=Peering
add address=208.115.136.123 comment=Limelight list=Peering
add address=206.223.118.123 comment=Limelight list=Peering
add address=119.27.63.1 comment=Limelight list=Peering
add address=206.223.123.123 comment=Limelight list=Peering
add address=198.32.124.145 comment=Limelight list=Peering
add address=198.32.118.26 comment=Limelight list=Peering
add address=198.32.176.9 comment=Limelight list=Peering
add address=195.42.144.26 comment=Limelight list=Peering
add address=206.223.116.123 comment=Limelight list=Peering
add address=27.111.228.143 comment=Limelight list=Peering
add address=27.111.228.23 comment=Limelight list=Peering
add address=45.127.172.57 comment=Limelight list=Peering
add address=203.190.230.1 comment=Limelight list=Peering
add address=203.190.230.39 comment=Limelight list=Peering
add address=195.182.218.35 comment=Limelight list=Peering
add address=45.120.248.12 comment=Limelight list=Peering
add address=45.120.248.34 comment=Limelight list=Peering
add address=103.77.108.108 comment=Limelight list=Peering
add address=103.77.108.131 comment=Limelight list=Peering
add address=206.41.108.29 comment=Limelight list=Peering
add address=37.49.232.34 comment=Limelight list=Peering
add address=37.49.236.38 comment=Limelight list=Peering
add address=123.255.91.92 comment=Limelight list=Peering
add address=185.6.36.75 comment=Limelight list=Peering
add address=218.100.52.109 comment=Limelight list=Peering
add address=86.104.125.163 comment=Limelight list=Peering
add address=103.246.232.123 comment=Limelight list=Peering
add address=210.171.224.123 comment=Limelight list=Peering
add address=210.173.176.80 comment=Limelight list=Peering
add address=192.145.251.181 comment=Limelight list=Peering
add address=195.66.224.122 comment=Limelight list=Peering
add address=195.66.224.133 comment=Limelight list=Peering
add address=195.66.236.133 comment=Limelight list=Peering
add address=195.66.236.122 comment=Limelight list=Peering
add address=195.66.244.110 comment=Limelight list=Peering
add address=206.55.196.14 comment=Limelight list=Peering
add address=206.108.255.43 comment=Limelight list=Peering
add address=217.29.66.61 comment=Limelight list=Peering
add address=217.29.66.143 comment=Limelight list=Peering
add address=206.53.171.10 comment=Limelight list=Peering
add address=103.41.12.16 comment=Limelight list=Peering
add address=103.26.68.105 comment=Limelight list=Peering
add address=103.27.170.135 comment=Limelight list=Peering
add address=103.27.170.146 comment=Limelight list=Peering
add address=218.100.44.142 comment=Limelight list=Peering
add address=196.60.8.85 comment=Limelight list=Peering
add address=196.60.9.85 comment=Limelight list=Peering
add address=91.210.16.150 comment=Limelight list=Peering
add address=198.32.160.134 comment=Limelight list=Peering
add address=198.32.146.64 comment=Limelight list=Peering
add address=194.68.123.167 comment=Limelight list=Peering
add address=194.68.128.167 comment=Limelight list=Peering
add address=218.100.2.7 comment=Limelight list=Peering
add address=206.223.127.22 comment=Limelight list=Peering
add address=91.213.211.21 comment=Limelight list=Peering
add address=206.41.105.57 comment=Limelight list=Peering
add address=206.197.187.49 comment=Limelight list=Peering
add address=185.1.15.12 comment=Limelight list=Peering
add address=206.81.80.99 comment=Limelight list=Peering
add address=206.81.81.83 comment=Limelight list=Peering
add address=185.1.27.71 comment=Limelight list=Peering
add address=91.206.52.217 comment=Limelight list=Peering
add address=194.116.96.66 comment=Limelight list=Peering
add address=206.108.34.94 comment=Limelight list=Peering
add address=193.203.0.179 comment=Limelight list=Peering
add address=184.51.41.72 comment=RVR-Akamai list=Peering
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=forward comment=\
"Block Access For ''Non Payment Users''" dst-port=!80 protocol=tcp \
src-address-list=non-payment
add action=accept chain=forward dst-port=53 protocol=udp src-address-list=\
non-payment
add action=accept chain=forward dst-address-list=non-payment protocol=udp \
src-port=53
add action=drop chain=forward src-address-list=non-payment
/ip firewall mangle
add action=change-mss chain=forward in-interface=all-ppp new-mss=1390 \
passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1391-65535
add action=change-mss chain=forward new-mss=1452 out-interface=all-ppp \
passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=google content=google.com dst-port=\
443 protocol=tcp
add action=add-src-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=google content=google.com dst-port=\
80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=youtube content=youtube.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=youtube content=youtube.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=netflix content=netflix.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=netflix content=netflix.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=googlevideo content=googlevideo.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=googlevideo content=googlevideo.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=amazonprime content=primevideo.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=amazonprime content=primevideo.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=amazon content=amazon.in dst-port=\
443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=amazon content=amazon.in dst-port=\
80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=microsoft content=microsoft.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=microsoft content=microsoft.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=facebook content=facebook.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=facebook content=facebook.com \
dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=hotstar content=hotstar.com \
dst-port=443 protocol=tcp
add action=add-dst-to-address-list address-list=Peering address-list-timeout=\
none-dynamic chain=prerouting comment=hotstar content=hotstar.com \
dst-port=80 protocol=tcp
add action=mark-packet chain=prerouting comment=peer4 dst-address-list=\
Peering new-packet-mark=peer4 passthrough=yes src-address-list=peer4
add action=mark-packet chain=postrouting comment=peer4 dst-address-list=peer4 \
new-packet-mark=peer4 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed4 connection-mark=\
speedtest_conn new-packet-mark=speed4 passthrough=no src-address-list=\
peer4
add action=mark-packet chain=postrouting comment=speed4 connection-mark=\
speedtest_conn dst-address-list=peer4 new-packet-mark=speed4 passthrough=\
no
add action=mark-packet chain=prerouting comment=peer10 dst-address-list=\
Peering new-packet-mark=peer10 passthrough=yes src-address-list=peer10
add action=mark-packet chain=postrouting comment=peer10 dst-address-list=\
peer10 new-packet-mark=peer10 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed10 connection-mark=\
speedtest_conn new-packet-mark=speed10 passthrough=no src-address-list=\
peer10
add action=mark-packet chain=postrouting comment=speed10 connection-mark=\
speedtest_conn dst-address-list=peer10 new-packet-mark=speed10 \
passthrough=no
add action=mark-packet chain=prerouting comment=peer15 dst-address-list=\
Peering new-packet-mark=peer15 passthrough=yes src-address-list=peer15
add action=mark-packet chain=postrouting comment=peer15 dst-address-list=\
peer15 new-packet-mark=peer15 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed15 connection-mark=\
speedtest_conn new-packet-mark=speed15 passthrough=no src-address-list=\
peer15
add action=mark-packet chain=postrouting comment=speed15 connection-mark=\
speedtest_conn dst-address-list=peer15 new-packet-mark=speed15 \
passthrough=no
add action=mark-packet chain=prerouting comment=peer20 dst-address-list=\
Peering new-packet-mark=peer20 passthrough=yes src-address-list=peer20
add action=mark-packet chain=postrouting comment=peer20 dst-address-list=\
peer20 new-packet-mark=peer20 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed20 connection-mark=\
speedtest_conn new-packet-mark=speed20 passthrough=no src-address-list=\
peer20
add action=mark-packet chain=postrouting comment=speed20 connection-mark=\
speedtest_conn dst-address-list=peer20 new-packet-mark=speed20 \
passthrough=no
add action=mark-packet chain=prerouting comment=peer30 dst-address-list=\
Peering new-packet-mark=peer30 passthrough=yes src-address-list=peer30
add action=mark-packet chain=postrouting comment=peer30 dst-address-list=\
peer30 new-packet-mark=peer30 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed30 connection-mark=\
speedtest_conn new-packet-mark=peer30 passthrough=no src-address-list=\
peer30
add action=mark-packet chain=postrouting comment=speed30 connection-mark=\
speedtest_conn dst-address-list=peer30 new-packet-mark=peer30 \
passthrough=no
add action=mark-packet chain=postrouting comment=peer40 dst-address-list=\
peer40 new-packet-mark=peer40 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=peer40 dst-address-list=\
Peering new-packet-mark=peer40 passthrough=yes src-address-list=peer40
add action=mark-packet chain=prerouting comment=speed40 connection-mark=\
speedtest_conn new-packet-mark=peer40 passthrough=no src-address-list=\
peer40
add action=mark-packet chain=postrouting comment=speed40 connection-mark=\
speedtest_conn dst-address-list=peer40 new-packet-mark=peer40 \
passthrough=no
add action=mark-packet chain=prerouting comment=peer50 dst-address-list=\
Peering new-packet-mark=peer50 passthrough=yes src-address-list=peer50
add action=mark-packet chain=postrouting comment=peer50 dst-address-list=\
peer50 new-packet-mark=peer50 passthrough=yes src-address-list=Peering
add action=mark-packet chain=postrouting comment=speed50 connection-mark=\
speedtest_conn dst-address-list=peer50 new-packet-mark=speed50 \
passthrough=no
add action=mark-packet chain=prerouting comment=speed50 connection-mark=\
speedtest_conn new-packet-mark=speed50 passthrough=no src-address-list=\
peer50
add action=mark-packet chain=prerouting comment=peer100 dst-address-list=\
Peering new-packet-mark=peer100 passthrough=yes src-address-list=peer100
add action=mark-packet chain=postrouting comment=peer100 dst-address-list=\
peer100 new-packet-mark=peer100 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=speed100 connection-mark=\
speedtest_conn new-packet-mark=speed100 passthrough=no src-address-list=\
peer100
add action=mark-packet chain=postrouting comment=speed100 connection-mark=\
speedtest_conn dst-address-list=peer100 new-packet-mark=speed100 \
passthrough=no
add action=mark-packet chain=postrouting comment=peer200 dst-address-list=\
peer200 new-packet-mark=peer200 passthrough=yes src-address-list=Peering
add action=mark-packet chain=prerouting comment=peer200 dst-address-list=\
Peering new-packet-mark=peer200 passthrough=yes src-address-list=peer200
add action=mark-packet chain=prerouting comment=speed200 connection-mark=\
speedtest_conn new-packet-mark=speed200 passthrough=no src-address-list=\
peer200
add action=mark-packet chain=postrouting comment=speed200 connection-mark=\
speedtest_conn dst-address-list=peer200 new-packet-mark=speed200 \
passthrough=no
add action=mark-connection chain=forward comment=SPEEDTEST layer7-protocol=\
speedtest new-connection-mark=speedtest_conn passthrough=yes
add action=mark-connection chain=prerouting new-connection-mark=\
speedtest_conn passthrough=yes protocol=tcp src-port=8080
add action=mark-connection chain=postrouting dst-port=8080 \
new-connection-mark=speedtest_conn passthrough=yes protocol=tcp
add action=log chain=forward connection-state=invalid,related,new,untracked \
dst-address=!8.8.8.8
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=8.8.8.8
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=8.8.8.8
add action=log chain=srcnat disabled=yes dst-address=!8.8.8.8
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address-list=\
non-payment to-ports=8080
add action=masquerade chain=srcnat disabled=yes
add action=src-nat chain=srcnat src-address=10.10.10.0/23 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.21.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.23.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.22.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.16.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.17.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.18.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat src-address=172.19.0.0/16 to-addresses=\
10.10.10.100
add action=src-nat chain=srcnat comment="for expired users" dst-address=\
10.10.10.101 src-address=192.168.254.0/23 to-addresses=10.10.10.131
/ip proxy
set enabled=yes max-cache-size=none parent-proxy=0.0.0.0 src-address=0.0.0.0
/ip proxy access
add action=deny dst-host=!customer.rvrnet.com redirect-to=\
customer.rvrnet.com/login/no_internet
add dst-address=117.232.65.196
add action=deny redirect-to=customer.rvrnet.com/login/no_internet
/ip route
add distance=1 gateway=10.10.10.100
add distance=1 dst-address=10.10.1.0/24 gateway=10.10.10.100
add distance=1 dst-address=10.10.10.2/30 gateway=10.10.10.100
add distance=1 dst-address=172.16.0.0/16 gateway=10.10.10.100
add distance=1 dst-address=172.16.2.0/23 gateway=10.10.10.100

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8066
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 address
add address=2:ff0:2:1::2 interface=ether6
add from-pool=IPv6-Pool interface=vlan100
add address=::1 from-pool=IPv6-Pool interface=vlan178
add from-pool=IPv6-Pool interface=vlan102
/ipv6 dhcp-client
add add-default-route=yes disabled=yes interface=ether6 pool-name=IPv6-Pool \
request=prefix use-peer-dns=no
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
add advertise-dns=yes hop-limit=64 interface=vlan100
/ipv6 route
add distance=1 gateway=2:ff0:2:1::1
/ppp aaa
set interim-update=5m use-radius=yes
/radius
add address=10.10.10.100 service=ppp,hotspot timeout=3s
/radius incoming
set accept=yes
/snmp
set contact=nt@mail.com enabled=yes location=Hyderabad
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name=E4:8D:8C:2B:96:B7
/system logging
set 0 topics=info,!firewall
add action=jaze prefix=nat-E4:8D:8C:2B:96:B7 topics=firewall
add disabled=yes topics=dhcp
add disabled=yes topics=pppoe
/system scheduler
add interval=10m name=flushdns on-event=flushdns policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1m name=peering on-event=peering policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add dont-require-permissions=no name=flushdns owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"ip dns cache flush"
add dont-require-permissions=no name=peering owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
queue simple move [find name=\"peer4\"] [:pick [find] 0]\
\n/queue simple move [find name=\"peer10\"] [:pick [find] 1]\
\n/queue simple move [find name=\"peer15\"] [:pick [find] 2]\
\n/queue simple move [find name=\"peer20\"] [:pick [find] 3]\
\n/queue simple move [find name=\"peer30\"] [:pick [find] 4]\
\n/queue simple move [find name=\"peer40\"] [:pick [find] 5]\
\n/queue simple move [find name=\"peer50\"] [:pick [find] 6]\
\n/queue simple move [find name=\"peer100\"] [:pick [find] 7]\
\n/queue simple move [find name=\"peer200\"] [:pick [find] 8]"
/tool graphing interface
add
/tool graphing queue
add
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Thu Oct 31, 2019 11:45 am

I need to know which firewall rules have to be add?
Somewhere you have to do routing between different subnets (VLANs ... that's 10.0.2.0/24, 192.168.10.0/24 and 172.17.112.0/22 ... the most sensible point would be your main router. To make sure only allowed/required connections between the 3 subnets, you should create appropriate firewall rules.

If I got the config right, then your router is missing IP address on interface vlan1. Which explains why packets targetting that subbet end up sent towards ISP - router doesn't have any direct route towards this subnet so it uses default route.
I couldn't spot anything in firewall settings that would block access that subnet (or vlan2 subnet) from anywhere so you may want to create some firewall rule which drops access to switch management subnet(s) except from some select source IP addresses/subnet.

BTW, you don't seem to have bridge on your CCR ... which is fine. However, there's /interface bridge port section which doesn't make any srnse in this case. So if you really don't have any bridge, you may want to remove those bridge port configuration simply not to interfere when reading config.
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Fri Nov 01, 2019 9:18 am

Thanks for your replay, I have removed vlan 1 that time so it was not there in the config file.

Coming to bridge im not using it. Is this required to me now ?

I need to know which firewall rules have to be add?
Somewhere you have to do routing between different subnets (VLANs ... that's 10.0.2.0/24, 192.168.10.0/24 and 172.17.112.0/22 ... the most sensible point would be your main router. To make sure only allowed/required connections between the 3 subnets, you should create appropriate firewall rules.

If I got the config right, then your router is missing IP address on interface vlan1. Which explains why packets targetting that subbet end up sent towards ISP - router doesn't have any direct route towards this subnet so it uses default route.
I couldn't spot anything in firewall settings that would block access that subnet (or vlan2 subnet) from anywhere so you may want to create some firewall rule which drops access to switch management subnet(s) except from some select source IP addresses/subnet.

BTW, you don't seem to have bridge on your CCR ... which is fine. However, there's /interface bridge port section which doesn't make any srnse in this case. So if you really don't have any bridge, you may want to remove those bridge port configuration simply not to interfere when reading config.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Fri Nov 01, 2019 7:10 pm

No, I don't think you need bridge ... hence my suggestion to remove the remaining config under /interface bridge port.

If you add IP config to vlan1 interface, can you access devices in 192.168.10.0/24 network?
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Sat Nov 02, 2019 6:50 am

I have removed all settings under bridge.

Still i have facing the issue with vlan 1 IP's ping.
No, I don't think you need bridge ... hence my suggestion to remove the remaining config under /interface bridge port.

If you add IP config to vlan1 interface, can you access devices in 192.168.10.0/24 network?
trace.PNG
ping.PNG
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Sat Nov 02, 2019 1:30 pm

The 10.0.2.20 box, does it have vlan1 properly configured? If it's a Mikrotik: beware that ROS uses VLAN ID=1 as an implicit default in many places and can, thus, behave unexpectedly. Personally I therefore avoid using tagged VLAN with ID=1 ....
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Sun Nov 03, 2019 1:15 pm

I can't avoid Vlan1 bcz some of my Switches will work on Vlan 1 only, SO i need it compulsory, Please give me solution.
The 10.0.2.20 box, does it have vlan1 properly configured? If it's a Mikrotik: beware that ROS uses VLAN ID=1 as an implicit default in many places and can, thus, behave unexpectedly. Personally I therefore avoid using tagged VLAN with ID=1 ....
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Sun Nov 03, 2019 1:39 pm

Did you configure IP address on vkan1 interface? An address from 192.168.10.0/24 subnet? Those switches, do they have default gateway configured? Is it the same main router?
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Sun Nov 03, 2019 4:23 pm

I have added vlan in interface and added IP address of it.
vlanlist.PNG
vlan1.PNG
Did you configure IP address on vkan1 interface? An address from 192.168.10.0/24 subnet? Those switches, do they have default gateway configured? Is it the same main router?
You do not have the required permissions to view the files attached to this post.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Sun Nov 03, 2019 5:59 pm

So now can you ping switches from router itself?

If yes, how are switches configured (any default gateway)?

It's really hard to help debugging the problem if you only answer to part of questions ...
BR,
Metod
 
User avatar
danunjaya123
newbie
Topic Author
Posts: 49
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: Internal Vlans issue

Mon Nov 04, 2019 8:56 am

I have moved same 3 vlans to the Firewall of Cyberoam it was working fine.

Gateway is 192.168.10.1,10.0.2.1,172.17.112.4 these are my vlan's gateway's.
For the vlan1 switch IP traceroot is going to Public network i don't know why it was going to public.
So now can you ping switches from router itself?

If yes, how are switches configured (any default gateway)?

It's really hard to help debugging the problem if you only answer to part of questions ...
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Internal Vlans issue

Wed Nov 06, 2019 4:18 pm

caveat - I use bridge vlan cpu setup, not switch chip setup.
Many devices use vlan1 as a default, that is not an issue when NOT using vlan 1 implicitly on MT (dont use it to either carry traffic over an identified vlan1 and dont use it implicitly - in other words dont use a regular deafult LAN setup (which MT then assigns in the background vlan1 too).
What I do is not change the default bridge setting of vlan1 BUT never use the bridge for DHCP or LAN traffic ONLY VLANS (and not vlan1).

In the connected smart switches and CAPACs, default vlan1 is kept on all trunk ports connecting them as well as any working vlans.
This seems to do the trick in terms of using (mt router, dlink 24 port switch, netear 10 port switch and two cap acs........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 3905
Joined: Mon Dec 04, 2017 9:19 pm

Re: Internal Vlans issue

Fri Nov 08, 2019 12:11 am

The "mystery of vlan ID 1" is the following:

Most people (me included until a few months ago) believe that when a tagless frame arrives to a switch or bridge via some port of that switch, it always gets tagged with the PVID (also called default or native VLAN ID on some switches) of that port, and when leaving through another port, it gets untagged if its tag matches the PVID of that egress port.

But in fact, most (if not all) switches only tag the frame on ingress if it needs to stay tagged on the egress port, i.e. if the PVIDs of the ingress and egress ports differ. If they are the same, the frame is not tagged on ingress and untagged on egress but it is forwarded from ingress port to egress port without change. And if the frame comes in tagged with ingress port's PVID and it also matches the egress port's PVID, it gets untagged already on ingress.

Now Mikrotik, like many other switches, uses PVID 1 as the default one. And, also like many other switches, it doesn't show default settings in configuration export unless specially asked to do so.

Hence a tagless frame coming in via a port which seems to have no PVID value specified (which actually means its PVID is 1) is not tagged with VID 1 if egress port's own PVID is also "not specified" (actually, also set to 1); but if that same frame was going to be sent out via a port whose PVID is set (to anything else but 1), it would get tagged with VID 1, and you could see it tagged at the egress port. But the "egress port" may be the internal interface of the Mikrotik; as there is always exactly one internal interface connected to each bridge, the configuration of the bridge and the configuration of this interface are aggregated into the same item. So the pvid parameter of the /interface bridge is actually the PVID of this internal interface, and the IP configuration attached to the bridge is actually attached to this internal interface.

The above means that when "no PVID is set" on both the bridge (actually, the internal interface connected to the bridge) and the ingress port, whatever comes through that port for Mikrotik's own MAC address already tagged with VID 1 will get untagged already on ingress, and whatever comes in tagless through that port for Mikrotik's own MAC address will stay tagless. Hence you must not attach the IP configuration for VLAN ID 1 to /interface vlan vlan-id=1 but to the /interface bridge itself, because no frame will ever make it to the bridge, and hence to the internal interface connected to the bridge, tagged with VID 1.

Alternatively, you may set the PVID of both the bridge and the ingress port to some unused VLAN ID; once you do that, VID 1 - tagged frames start making it to the bridge, and /interface vlan vlan-id=1 will handle them on its tagged end. So in this case, the IP configuration for VID 1 may stay attached to /interface vlan vlan-id=1.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Internal Vlans issue

Fri Nov 08, 2019 8:31 am

@sindy: based on OP's post #6 in this thread, where he posted configuration export, does your nice explanation apply to this case at all? He's using CCR1036-12G-4S which doesn't have switch chip and his configuration doesn't use bridge. All vlan interfaces are anchored directly to ether1 interface (which doesn't have any PVID set ... is it possible to set pvid on interface which is not member of bridge and not handled by switch chip?).

As I understand things, the whole VID/PVID stuff, when bridge is involved, only applies when bridge has set vlan-filtering=yes. If it doesn't, then bridge doesn't do anything about VLAN tags, so it's either hardware (switch chip, not ether ports directly), SW interface drivers (wireless in particular) or vlan interfaces which manipulate VLAN tags. In OP's case that leaves only vlan interfaces and with those using vlan-id=1 should be fine and without gotchas?
BR,
Metod
 
sindy
Forum Guru
Forum Guru
Posts: 3905
Joined: Mon Dec 04, 2017 9:19 pm

Re: Internal Vlans issue

Fri Nov 08, 2019 9:17 am

... In OP's case that leaves only vlan interfaces and with those using vlan-id=1 should be fine and without gotchas?
All correct, but two points:
  • I am just tired by people avoiding use of VLAN 1 and warning others against using it instead of taking the effort to understand (any maybe explain) how things really work,
  • the root cause of the OP's issue may not be at Mikrotik itself, where really an /interface vlan pvid=1 hooked to /ether1 only handles frames tagged with VID 1, but there's also the other end of the cable, where the same case may apply. Take a Catalyst and just configure a port as a VLAN trunk (interface xxx switchport mode trunk); unless you display also the default values using /show running-config all, you may not notice that the native vlan for a switchport in trunk mode is 1 because, like with RouterOS, 1 is the default value which is not shown. So whereas the Tik in OP's configuration (with /interface vlan hooked to /etherX) expects frames of VLAN 1 to come tagged, the Catalyst will untag them on egress unless the native VLAN on the Mikrotik-facing port is set to something else than 1. So if this is the case, one option is to change the native VLAN at the adjacent box, another option is to attach the IP configuration to ether1 at Tik rather than to /interface vlan vlan-id=1 hooked to it.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 118 guests