Community discussions

MikroTik App
 
zaro
just joined
Topic Author
Posts: 1
Joined: Sun Jun 20, 2021 9:03 pm

Disable INTERVLANS

Sun Jun 20, 2021 9:34 pm

Hello, im newbie to this forum and im desperately looking for help.
my issue is that i cannot disable intervlan routing.
my goal is to use vlans for guest wifi, cctv, iptv, voice and i dont want to those vlans communicate each other. im using default vlan 1 for management LAN which is 100.10.0.0/24 on mikrotik bridge.
my setup: mikrotik router >> edge core switch >> more edge core switches
on mikrotik i have 4 vlans on bridge VLAN 10,20,30,50 Main LAN on bridge is 100.10.0.0/24 vlan ip addresses VLAN10: 10.10.10.0/24 VLAN:20 10.10.20.0/24 VLAN30: 10.10.30.0/24 VLAN50: 10.10.50.0/24. all vlans are on Local bridge all vlan ip addresses and dhcp server for each vlan is setup correctly.
then one cable is going to edge-core ECS-*something*10T smart switch (layer2) from mikrotik ethernet9 physical port (member of Local bridge) to Edge-core sw in 8 port.
ports: 1,2,3,4,5 on this switch are trunks for other switches
all vlans working when i assing them on any switch they give me correct IP but they communicate (im checking with pings via windows cmd)
i tried make filter rules on mikrotik:
chain forward in. interface VLAN10 out.interface VLAN20 action drop. tried it with src.address dst.address. but it doesnt work.
edge-core setup is looking like this
cpu-protect cpu bandwidth 500
cpu-protect sub-interface manage pps 500
cpu-protect sub-interface route pps 200
cpu-protect sub-interface protocol pps 500
username web admin password Ab123456
web-login-time 1800
web-language en
web http port 80
!
!
ip dhcpserver gate-way 192.168.2.254
ip dhcpserver pool 192.168.2.11-192.168.2.200
ip dhcpserver mask 255.255.255.0
ip dhcpserver dns 8.8.8.8
ip dhcpserver leasetime 1200
ip address 100.10.0.89 mask 255.255.255.0
ip default-gateway 100.10.0.1
no ipv6 autoconfig
ipv6 address fe80::ba9b:c9ff:fefa:2885 prefix 64
username "XXXX" password "XXXXX"
enable password "XXXXXX"
vlan 10
description "GUEST"
vlan 20
description "CCTV"
vlan 30
description "IPTV"
vlan 50
description "VOICE"
voice-vlan oui-table 00:E0:BB:00:00:00 mask FF:FF:FF:00:00:00 "3COM"
voice-vlan oui-table 00:03:6B:00:00:00 mask FF:FF:FF:00:00:00 "Cisco"
voice-vlan oui-table 00:E0:75:00:00:00 mask FF:FF:FF:00:00:00 "Veritel"
voice-vlan oui-table 00:D0:1E:00:00:00 mask FF:FF:FF:00:00:00 "Pingtel"
voice-vlan oui-table 00:01:E3:00:00:00 mask FF:FF:FF:00:00:00 "Siemens"
voice-vlan oui-table 00:60:B9:00:00:00 mask FF:FF:FF:00:00:00 "NEC/Philips"
voice-vlan oui-table 00:0F:E2:00:00:00 mask FF:FF:FF:00:00:00 "Huawei-3COM"
voice-vlan oui-table 00:09:6E:00:00:00 mask FF:FF:FF:00:00:00 "Avaya"
!

!
loopback-detection resume-interval 300
!
!
!
no snmp enable traps
snmp community "private" rw
snmp community "public" ro
!
!!
!
ip telnet
no ip ssh
no ip ssh v1
no ip ssh v2
!
!
dhcp-snooping vlan 1-4094
arp-inspection vlan 1-4094
!
!
!
!
interface gi0/1
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/2
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/3
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/4
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/5
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/6
!
interface gi0/7
switch access vlan 20
!
interface gi0/8
switch mode trunk
switch trunk native vlan 1
switch trunk allowed vlan 10,20,30,50
!
interface gi0/9
!
interface gi0/10
!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Disable INTERVLANS

Mon Jun 21, 2021 12:57 pm

I will take a look at the MT config
1. /export hide-sensitive file=anynameyouwish
2. Draw a network diagram far better than trying to explain it, less confusing

Who is online

Users browsing this forum: Bing [Bot], voytecky and 81 guests