Community discussions

MikroTik App
 
leepipp
just joined
Topic Author
Posts: 1
Joined: Wed Apr 14, 2021 9:56 pm

Trunking and access ports confusion

Wed Apr 14, 2021 10:26 pm

I have a hex poe running 6.48.1. Read about switch chips and new ways to trunk and deal with vlans. Getting confused. To make things simple, for now, I would like to setup this hex poe like this:

Ports:
1 - uplink to internet
2 - trunk port to another hex poe, native vlan 10, allowing 10,20,30
3 - access port in vlan 10
4 - access port in vlan 20
5 - access port in vlan 30

I have dhcp scopes setup for each of the three vlans. When I plug into ports 2-5 with a laptop I do not get an ip address. I havent tried setting up the second hex poe to trunk across to yet.


# apr/14/2021 14:24:12 by RouterOS 6.48.1
# software id = Y3VL-IVD5
#
# model = 960PGS
# serial number = AD8B0B7CB825
/interface bridge
add admin-mac=C4:AD:34:46:CD:FD auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan20 vlan-id=20
add interface=bridge name=vlan30 vlan-id=30
/interface ethernet switch port
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=10.10.10.30-10.10.10.230
add name=dhcp_pool2 ranges=10.10.20.30-10.10.20.230
add name=dhcp_pool3 ranges=10.10.30.30-10.10.30.230
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=vlan10 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan20 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=vlan30 name=dhcp3
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface ethernet switch vlan
add independent-learning=no ports=ether3 switch=switch1 vlan-id=10
add independent-learning=no ports=ether4 switch=switch1 vlan-id=20
add independent-learning=no ports=ether5 switch=switch1 vlan-id=30
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.10.10.1/24 interface=vlan10 network=10.10.10.0
add address=10.10.20.1/24 interface=vlan20 network=10.10.20.0
add address=10.10.30.1/24 interface=vlan30 network=10.10.30.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.30.0/24 gateway=10.10.30.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new disabled=yes \
in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Trunking and access ports confusion

Fri Apr 16, 2021 2:11 am

When you want to use the vlan filtering method and not switch chip let me know.
Read this first
viewtopic.php?f=23&t=143620
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Trunking and access ports confusion

Fri Apr 16, 2021 2:16 am

If vlan10 is the native vlan what is 192.168.88.1 network??
In other words did you mean vlan10 is the management vlan OR
did you mean vlan10 is your homevlan and your management vlan ???

Personally if 192.168.88 is the home vlan, this works also as a management vlan for simplification although not stopping you from having a separate management vlan in which case use something like vlan99 which has nothing to do with the data flow for vlan10.

That the confusing part of the config for me, the rest is dirt simple.
So what is it???

Who is online

Users browsing this forum: Google [Bot], InfraErik, normis and 83 guests