Community discussions

MUM Europe 2020
 
takyn
just joined
Topic Author
Posts: 5
Joined: Wed Feb 27, 2019 12:31 am

UDP broadcast does not work in vlan

Sun Feb 09, 2020 1:34 am

Hello,
I have few vlans. When Iam trying to send broadcast from one of them (SMART_VLAN) I cant to receive it in another device in SMART_VLAN. But I can to receive it in diferent BASE_VLAN? And I want to receive it also in SMART_VLAN.
Is it problem with frewall? Or where? Any idea helps me.

My firewall rules are:

Under VLAN are all vlans.
;;; Allow Estab & Related
      chain=input action=accept connection-state=established,related 
      chain=forward protocol=udp 
 ;;; Allow VLAN
      chain=input action=accept in-interface-list=VLAN 

 3    ;;; Allow Base_Vlan Full Access
      chain=input action=accept in-interface=BASE_VLAN 

 4    ;;; Drop
      chain=input action=drop 

 5    ;;; Allow Estab & Related
      chain=forward action=accept connection-state=established,related 

 6   
      chain=forward action=drop in-interface=SMART_VLAN out-interface-list=WAN 
      log=no log-prefix="" 

 8    chain=forward action=accept connection-state=new 
      in-interface=INTERNAL_VLAN out-interface=SMART_VLAN 

 9    chain=forward action=accept connection-state=new in-interface=INTERNAL_VLA>
      out-interface=SECURITY_VLAN 

 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1578
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: UDP broadcast does not work in vlan

Sun Feb 09, 2020 3:34 am

If you are sending broadcasts, you should not see it in any other vlan. If you do, you config is wrong and the limited information about config supplied is not sufficient to help
MTCNA, MTCTCE, MTCRE & MTCINE
 
takyn
just joined
Topic Author
Posts: 5
Joined: Wed Feb 27, 2019 12:31 am

Re: UDP broadcast does not work in vlan

Sun Feb 09, 2020 11:40 am

Thanks, it doesnt make sence to me either. I checked configuration many times and iam blind for that. Can you check it? Here it is. Broadcasts from vlans (SMART and LOCAL) are all going to BASE, not inside where I expect it.

# feb/09/2020 10:29:52 by RouterOS 6.46.2
#
# model = 2011UiAS
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge1 name=BASE_VLAN vlan-id=99
add interface=bridge1 name=HOST_VLAN vlan-id=40
add interface=bridge1 name=INTERNAL_VLAN vlan-id=10
add interface=bridge1 name=SECURITY_VLAN vlan-id=30
add interface=bridge1 name=SMART_VLAN vlan-id=20
/interface list
add name=WAN
add name=VLAN
add name=BASE
/ip pool
add name=INTERNAL_POOL ranges=10.0.10.2-10.0.10.254
add name=SMART_POOL ranges=10.0.20.2-10.0.20.254
add name=SECURITY_POOL ranges=10.0.30.2-10.0.30.254
add name=HOST_POOL ranges=10.0.40.2-10.0.40.254
add name=BASE_POOL ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=INTERNAL_POOL disabled=no interface=INTERNAL_VLAN name=\
    INTERNAL_DHCP
add address-pool=SMART_POOL disabled=no interface=SMART_VLAN name=SMART_DHCP
add address-pool=SECURITY_POOL disabled=no interface=SECURITY_VLAN name=\
    SECURITY_DHCP
add address-pool=HOST_POOL disabled=no interface=HOST_VLAN name=HOST_DHCP
add address-pool=BASE_POOL disabled=no interface=BASE_VLAN name=BASE_DHCP
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether3
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether4
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether5
add bridge=bridge1 ingress-filtering=yes interface=ether6 pvid=99
add bridge=bridge1 ingress-filtering=yes interface=ether7 pvid=99
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether8
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether9
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=bridge1 tagged=\
    bridge1,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10 \
    vlan-ids=10
add bridge=bridge1 tagged=\
    bridge1,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10 \
    vlan-ids=20
add bridge=bridge1 tagged=\
    bridge1,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10 \
    vlan-ids=30
add bridge=bridge1 tagged=\
    bridge1,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10 \
    vlan-ids=40
add bridge=bridge1 tagged=bridge1,ether3,ether4,ether5,ether8,ether9,ether10 \
    untagged=ether6,ether7 vlan-ids=99
/interface list member
add interface=ether1 list=WAN
add interface=BASE_VLAN list=VLAN
add interface=INTERNAL_VLAN list=VLAN
add interface=SMART_VLAN list=VLAN
add interface=SECURITY_VLAN list=VLAN
add interface=HOST_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
/ip address
add address=192.168.0.1/24 interface=BASE_VLAN network=192.168.0.0
add address=10.0.10.1/24 interface=INTERNAL_VLAN network=10.0.10.0
add address=10.0.20.1/24 interface=SMART_VLAN network=10.0.20.0
add address=10.0.30.1/24 interface=SECURITY_VLAN network=10.0.30.0
add address=10.0.40.1/24 interface=HOST_VLAN network=10.0.40.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.0.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=192.168.0.1 gateway=10.0.20.1
add address=10.0.30.0/24 dns-server=192.168.0.1 gateway=10.0.30.1
add address=10.0.40.0/24 dns-server=192.168.0.1 gateway=10.0.40.1
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add chain=forward protocol=udp
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" \
    in-interface=BASE_VLAN
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=drop chain=forward comment=\
    "Zakaze SMART_VLAN pristup do internetu" in-interface=SMART_VLAN \
    out-interface-list=WAN
add action=drop chain=forward comment=\
    "Zakaze SECURITY_VLAN pristup do internetu" in-interface=SECURITY_VLAN \
    out-interface-list=WAN
add action=accept chain=forward comment=\
    "Povoli pristup z INTERNAL do ostatnich SMART a SECURITY" \
    connection-state=new in-interface=INTERNAL_VLAN out-interface=SMART_VLAN
add action=accept chain=forward connection-state=new in-interface=\
    INTERNAL_VLAN out-interface=SECURITY_VLAN
add action=accept chain=forward comment=\
    "Povoli pristup z BASE do ostatnich VLAN" connection-state=new \
    in-interface=BASE_VLAN out-interface-list=VLAN
add action=accept chain=forward comment="VLAN Internet Access only" \
    connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=MainRouter
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1578
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: UDP broadcast does not work in vlan

Thu Feb 13, 2020 12:08 pm

first need to understand your problem properly, broadcasts should not be able to cross vlans, so when you are saying you sending a broadcast and want to get this on another vlan, what exactly do you mean / doing?
MTCNA, MTCTCE, MTCRE & MTCINE

Who is online

Users browsing this forum: deathandtaxes, fusa, Larsa, r00t and 146 guests