Device A = ether21 access port with VID=311, 192.168.3.17/29, works fine, can ping and see web interface from laptop on different VLAN & subnet.
Device B = ether3 access port with VID=312, 192.168.3.25/29, does not respond to pings at all.
The configuration of the VLANs on the EdgeRouter look correct: both set as VIDs on the trunk port, both assigned to same firewall rules, both have correct IP ranges and router IPs. The configuration for the two VLANs and two access ports on the Mikrotik CRS328 are simple and look identical.
I'm trying to debug why nothing can ping Device B, not even the switch itself. If I unplug the problematic Device B and hook it up to my PC directly (changing my PC's static IP and subnet, e.g. to 192.168.3.26/29), I can ping it fine, so the device itself is working and its IP is correct. Using tcpdump on the EdgeRouter-X shows ping packets being sent to the correct IP, so I think the problem is with the switch. I've tried using packet sniffer to show me all ICMP packets across ALL interfaces and it doesn't show any packets when I ping device A or B! I don't understand this since device A is actually responding to pings - perhaps my understanding of the packet sniffer is wrong or my configuration is messed up somehow? Exported switch config is below:
Code: Select all
# jun/12/2021 11:25:01 by RouterOS 6.47.10
# software id = J06U-P53W
#
# model = CRS328-24P-4S+
# serial number =
/interface ethernet set [ find default-name=ether1 ] comment="Switch management"
/interface ethernet set [ find default-name=ether6 ] disabled=yes
/interface ethernet set [ find default-name=ether7 ] disabled=yes
/interface ethernet set [ find default-name=ether8 ] disabled=yes
/interface ethernet set [ find default-name=ether9 ] disabled=yes
/interface ethernet set [ find default-name=ether10 ] disabled=yes
/interface ethernet set [ find default-name=ether12 ] disabled=yes
/interface ethernet set [ find default-name=ether14 ] disabled=yes
/interface ethernet set [ find default-name=ether16 ] disabled=yes
/interface ethernet set [ find default-name=ether17 ] disabled=yes
/interface ethernet set [ find default-name=sfp-sfpplus4 ] disabled=yes
/interface bridge add admin-mac=xx:xx:xx:xx:xx:01 auto-mac=no name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan add interface=ether1 name=MGMT_LOCAL vlan-id=399
/interface vlan add interface=bridge1 name=MGMT_VLAN vlan-id=399
/interface list add name=MGMT
/interface bridge port add bridge=bridge1 comment=Fractal frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=100
/interface bridge port add bridge=bridge1 comment="Backup NAS" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus2 pvid=100
/interface bridge port add bridge=bridge1 comment="Dragonzord 10G" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus3 pvid=100
/interface bridge port add bridge=bridge1 comment="TV Switch" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether13 pvid=100
/interface bridge port add bridge=bridge1 comment="Dragonzord 1G" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether18 pvid=100
/interface bridge port add bridge=bridge1 comment=S5 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether19 pvid=100
/interface bridge port add bridge=bridge1 comment="Backup NAS" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether22 pvid=100
/interface bridge port add bridge=bridge1 comment="E's desktop" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether23 pvid=100
/interface bridge port add bridge=bridge1 comment="Xbox 360" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether11 pvid=213
/interface bridge port add bridge=bridge1 comment="Lounge TV" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether15 pvid=211
/interface bridge port add bridge=bridge1 comment="E's work laptop" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether20 pvid=212
/interface bridge port add bridge=bridge1 comment="Modem management" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=312
/interface bridge port add bridge=bridge1 comment=Printer frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether21 pvid=311
/interface bridge port add bridge=bridge1 comment="Router trunk - LAN" frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
/interface bridge port add bridge=bridge1 comment="Router trunk - IoT/NoT" frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether4
/interface bridge port add bridge=bridge1 comment="Switch management ON BRIDGE TEMP" frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether5
/interface bridge port add bridge=bridge1 comment="WiFi AP 1 trunk" ingress-filtering=yes interface=ether24 pvid=100
/ip neighbor discovery-settings set discover-interface-list=MGMT
/interface bridge vlan add bridge=bridge1 comment=LAN tagged=ether2 vlan-ids=100
/interface bridge vlan add bridge=bridge1 comment="IoT/NoT WiFi" tagged=ether4,ether24 vlan-ids=200,300
/interface bridge vlan add bridge=bridge1 comment="Switch management" tagged=bridge1,ether5,ether4 vlan-ids=399
/interface bridge vlan add bridge=bridge1 comment="IoT - TVs" tagged=ether4 vlan-ids=211
/interface bridge vlan add bridge=bridge1 comment="NoT - Printers" tagged=ether4 vlan-ids=311
/interface bridge vlan add bridge=bridge1 comment="NoT - Modem" tagged=ether4 vlan-ids=312
/interface list member add interface=MGMT_VLAN list=MGMT
/interface list member add interface=MGMT_LOCAL list=MGMT
/ip address add address=192.168.3.1/28 interface=MGMT_VLAN network=192.168.3.0
/ip address add address=192.168.39.1/28 interface=MGMT_LOCAL network=192.168.39.0
/ip cloud set update-time=no
/ip route add distance=1 gateway=192.168.3.14
/ip ssh set strong-crypto=yes
/system clock set time-zone-name=Europe/London
/system identity set name=switch
/system ntp client set enabled=yes primary-ntp=192.168.1.89
/system routerboard settings set boot-os=router-os
/tool bandwidth-server set enabled=no
/tool mac-server set allowed-interface-list=MGMT
/tool mac-server mac-winbox set allowed-interface-list=MGMT
/tool sniffer set file-name=flash/new.cap filter-interface=all filter-ip-protocol=icmp memory-limit=1000KiB