I have a configuration with an untagged LAN and several vlans all into bridge1.
My configuration is this:
Code: Select all
/interface bridge
add arp=proxy-arp comment="LAN untagged + VLAN" name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether9 ] comment=ISP2
set [ find default-name=ether10 ] comment=ISP1
/interface vlan
add comment="vlan Gra." interface=bridge1 name=vlan100 vlan-id=100
add comment="vlan service" interface=bridge1 name=vlan200 vlan-id=200
add arp=proxy-arp comment="vlan Simone" interface=bridge1 name=vlan300 vlan-id=300
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.3.101-192.168.3.149
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.200
add name=dhcp_pool2 ranges=192.168.2.100-192.168.2.200
add name=dhcp_pool3 ranges=192.168.5.100-192.168.5.200
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp-master
add address-pool=dhcp_pool1 disabled=no interface=vlan100 name=dhcp-graziano
add address-pool=dhcp_pool2 disabled=no interface=vlan200 name=dhcp-service
add address-pool=dhcp_pool3 disabled=no interface=vlan300 name=dhcp-simone
/ppp profile
add bridge=bridge1 bridge-learning=yes local-address=192.168.3.75 name="ovpn profile"
add change-tcp-mss=yes name="ISP1 profile"
/interface pppoe-client
add add-default-route=yes comment="PppoE ISP1" default-route-distance=10 disabled=no interface=ether10 name=pppoe-out1 password=*********** profile="ISP1 profile" user=*************
/ip settings
set allow-fast-path=no
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5 vlan-ids=300
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5 vlan-ids=100,200
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes port=1190
/ip address
add address=192.168.3.75/24 interface=bridge1 network=192.168.3.0
add address=192.168.1.1/24 interface=vlan100 network=192.168.1.0
add address=192.168.2.1/24 interface=vlan200 network=192.168.2.0
add address=192.168.5.1/24 interface=vlan300 network=192.168.5.0
add address=192.168.4.1/24 interface=bridge1 network=192.168.4.0
/ip dhcp-client
add default-route-distance=20 disabled=no interface=ether9
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.75
add address=192.168.5.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.5.1
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade ISP1" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="Masquerade ISP2" out-interface=ether9
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=!192.168.3.75 src-address=192.168.3.0/24
But when I try to access from one vlan to a device in another vlan the request times out. I honestly can't understand why.
Can anyone kindly help me to solve this problem of mine?
Thank you very much
Simone