Community discussions

MikroTik App
 
mnalamsputra
just joined
Topic Author
Posts: 3
Joined: Tue Jun 15, 2021 12:12 pm

Intervlan RB4011

Tue Jun 15, 2021 12:44 pm

Hi All,

Sorry my English so bad.

I have plan in new building our office use RB4011 for Gateway (Router with VLAN) and Access Switch HP1820-48G.
I'm set VLAN and IP for Gateway in Mikrotik :
VLAN 1101 = 10.10.101.1/25
VLAN 1102 = 10.10.102.1/25
VLAN 1103 = 10.10.103.1/25

Now condition :
- Trunking VLAN betwen Mikrotik to Access Switch = OK
- Connection form Client (connect to access switch) to outside network via Mikrotik = OK

But i have a problems, intervlan on mikrotik cannot communicate.
For the exsample client in VLAN 1101 cant connect to client in VLAN 1102, and client from VLAN 1102 cannot connect to client in VLAN 1101

what can i do so that Intervlan can communicate?

Thank You
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Intervlan RB4011

Tue Jun 15, 2021 1:09 pm

By default it should work. You would have to check your firewall for rules blocking intervlan communication.
Perhaps you can share your configuration: /export hide-sensitive file=anynameyoulike

Please have a look at this great VLAN tutorial (as well): viewtopic.php?t=143620
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Intervlan RB4011

Tue Jun 15, 2021 4:45 pm

IF you need your vlans to communicate (everybody to everybody) then you dont need separate vlans LOL.

Typically a vlan will share a printer with other vlans for example. SO there are good cases for targetted sharing.
 
mnalamsputra
just joined
Topic Author
Posts: 3
Joined: Tue Jun 15, 2021 12:12 pm

Re: Intervlan RB4011

Wed Jun 16, 2021 8:12 am

By default it should work. You would have to check your firewall for rules blocking intervlan communication.
Perhaps you can share your configuration: /export hide-sensitive file=anynameyoulike

Please have a look at this great VLAN tutorial (as well): viewtopic.php?t=143620
Hi Erlinden,
This is my config
software id = J16B-3S3M
#
# model = RB4011iGS+
# serial number =
/interface bridge
add admin-mac=2C:C8:1B:21:B0:0E auto-mac=no comment=defconf name=bridge
add name=bridge-cpp_ho
add name=bridge-cpp_svr
add name=bridge-npl_mgm
add name=bridge-npl_p2p
add name=bridge-npl_subho_wa
add name=bridge-wa_isp1
add name=bridge-wa_isp2
/interface vlan
add interface=bridge-npl_subho_wa name=vlan_101_mgm vlan-id=101
add interface=bridge-npl_subho_wa name=vlan_1101_ga vlan-id=1101
add interface=bridge-npl_subho_wa name=vlan_1102_mis vlan-id=1102
add interface=bridge-npl_subho_wa name=vlan_1103_ic vlan-id=1103
add interface=bridge-npl_subho_wa name=vlan_1104_fa vlan-id=1104
add interface=bridge-npl_subho_wa name=vlan_1105_ma vlan-id=1105
add interface=bridge-npl_subho_wa name=vlan_1106_export vlan-id=1106
add interface=bridge-npl_subho_wa name=vlan_1107_busdev vlan-id=1107
add interface=bridge-npl_subho_wa name=vlan_1120_internet vlan-id=1120
add interface=bridge-npl_subho_wa name=vlan_2039_taxcelor vlan-id=2039
add interface=bridge-npl_subho_wa name=vlan_2040_tcpp vlan-id=2040
add interface=bridge-npl_subho_wa name=vlan_4001_cppsvr vlan-id=4001
add interface=bridge-npl_subho_wa name=vlan_4002_cppmis vlan-id=4002
add interface=bridge-npl_subho_wa name=vlan_4003_cppho vlan-id=4003
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge interface=ether1
add bridge=bridge-npl_p2p broadcast-flood=no interface=ether2
add bridge=bridge-npl_p2p interface=ether3
add bridge=bridge-wa_isp1 interface=ether4
add bridge=bridge-wa_isp2 interface=ether5
add bridge=bridge-npl_subho_wa interface=ether7
add bridge=bridge-npl_subho_wa interface=ether6
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.10.101.1/25 comment=gw_subho_wa_mis interface=vlan_1101_ga \
network=10.10.101.0
add address=192.20.1.3/29 comment=ip_p2p_ho interface=bridge-npl_p2p network=\
192.20.1.0
add address=10.10.103.1/25 comment=gw_subho_wa_ic interface=vlan_1103_ic \
network=10.10.103.0
add address=192.168.77.1/24 comment=gw_subho_mgm interface=vlan_101_mgm \
network=192.168.77.0
add address=10.10.104.1/25 comment=gw_subho_wa_fa interface=vlan_1104_fa \
network=10.10.104.0
add address=10.10.105.1/25 comment=gw_subho_wa_exp interface=vlan_1105_ma \
network=10.10.105.0
add address=10.10.106.1/25 comment=gw_subho_wa_busdev interface=\
vlan_1106_export network=10.10.106.0
add address=10.40.1.1/24 comment=gw_cppsvr interface=vlan_4001_cppsvr \
network=10.40.1.0
add address=10.40.2.1/24 comment=gw_cppho interface=vlan_4002_cppmis network=\
10.40.2.0
add address=10.10.102.1/25 comment=gw_subho_wa_ga interface=vlan_1102_mis \
network=10.10.102.0
add address=10.10.120.1/25 comment=gw_subho_wa_inet interface=\
vlan_1120_internet network=10.10.120.0
add address=10.20.39.1/24 comment=gw_subho_wa_taxcelor interface=\
vlan_2039_taxcelor network=10.20.39.0
add address=10.20.40.1/24 comment=gw_subho_wa_tcpp interface=vlan_2040_tcpp \
network=10.20.40.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=10.10.101.0/25 list=vlan_101
add address=10.10.102.0/25 list=vlan_102
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add comment="Route to HO" distance=1 gateway=192.20.1.1
/ip route rule
add dst-address=10.10.102.0/25 src-address=10.10.101.0/25 table=main
add dst-address=10.10.101.0/25 src-address=10.10.102.0/25 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Thanks for your respond..
Last edited by mnalamsputra on Wed Jun 16, 2021 9:41 am, edited 1 time in total.
 
mnalamsputra
just joined
Topic Author
Posts: 3
Joined: Tue Jun 15, 2021 12:12 pm

Re: Intervlan RB4011

Wed Jun 16, 2021 8:27 am

IF you need your vlans to communicate (everybody to everybody) then you dont need separate vlans LOL.

Typically a vlan will share a printer with other vlans for example. SO there are good cases for targetted sharing.
Oh, sure I have the reason. Vlans I need for the policy for outgoing connection like Internet Proxy.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Intervlan RB4011

Thu Jun 17, 2021 2:07 pm

Have you read the article, I think not.
You have a mess that the article will help clear up.
Hint, one bridge
Hint, every vlan needs four things, ip address, pool, dhcp server, dhcp server network.

Who is online

Users browsing this forum: ameliask, kvitek79, mikronoob89, normis, Vojta and 91 guests