Eventually yesterday night I did try to move everything into their corresponding vlan and now things aren't working anylonger. Good thing is, I still have access via Webfig and ssh and thus I am hoping, you guys can help me to make things finally right1
Soo, what I want is:
- 4 vlans: admin (10), personal (20), guest (30) and smart/IoT (50)
- 3 corresponding wifis for 20, 30 and 50
- a couple of ethernet-bound devices in 10, 20 and 50
- hEX, CRS and home server should be in vlan 10
- no restrictions at first (I felt quite comfortable setting those up in the pre-vlan-subnetting-only-world)
Current config looks like this:
Code: Select all
[MikroTik-hEX] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R eth1: fritzbox ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
1 RS eth2: switch ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
2 XS ether3 ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
3 RS ether4 ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
4 XS ether5 ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
5 X sfp1 ether 1500 1596 2026 08:55:WW:XX:YY:ZZ
6 R ;;; defconf
bridge bridge 1500 1596 08:55:WW:XX:YY:ZZ
7 R v1-default vlan 1500 1592 08:55:WW:XX:YY:ZZ
8 R v10-admin vlan 1500 1592 08:55:WW:XX:YY:ZZ
9 R v20-personal vlan 1500 1592 08:55:WW:XX:YY:ZZ
12 R v30-guest vlan 1500 1592 08:55:WW:XX:YY:ZZ
15 R v50-smart-offline vlan 1500 1592 08:55:WW:XX:YY:ZZ
Code: Select all
[MikroTik-hEX] > /interface vlan print
Flags: X - disabled, R - running
# NAME MTU ARP VLAN-ID INTERFACE
0 R v1-default 1500 enabled 1 bridge
1 R v10-admin 1500 enabled 10 bridge
2 R v20-personal 1500 enabled 20 bridge
5 R v30-guest 1500 enabled 30 bridge
8 R v50-smart-offline 1500 enabled 50 bridge
...
Code: Select all
[MikroTik-hEX] > /interface bridge print
Flags: X - disabled, R - running
0 R ;;; defconf
name="bridge" mtu=auto actual-mtu=1500 l2mtu=1596 arp=enabled arp-timeout=auto mac-address=08:55:WW:XX:YY:ZZ protocol-mode=rstp fast-forward=yes igmp-snooping=no
auto-mac=no admin-mac=08:55:WW:XX:YY:ZZ ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
Code: Select all
[MikroTik-hEX] > /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 ;;; defconf
eth2: switch bridge yes 1 0x80 10 10 none
1 I ;;; defconf
ether3 bridge yes 1 0x80 10 10 none
2 ;;; defconf
ether4 bridge yes 1 0x80 10 10 none
3 I ;;; defconf
ether5 bridge yes 1 0x80 10 10 none
4 XI ;;; defconf
sfp1 bridge 1 0x80 10 10 none
5 v30-guest bridge 30 0x80 10 10 none
6 v10-admin bridge 10 0x80 10 10 none
7 v20-personal bridge 20 0x80 10 10 none
8 v1-default bridge 1 0x80 10 10 none
9 v50-smart-offline bridge 50 0x80 10 10 none
Code: Select all
[MikroTik-hEX] > /interface bridge vlan print
Flags: X - disabled, D - dynamic
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge 1
10
20
30
50
Code: Select all
[MikroTik-hEX] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.1.1/24 192.168.1.0 bridge
1 192.168.192.10/24 192.168.192.0 eth1: fritzbox
2 192.168.30.1/24 192.168.30.0 v30-guest
3 192.168.20.1/24 192.168.20.0 v20-personal
8 192.168.50.1/24 192.168.50.0 v50-smart-offline
10 10.0.10.1/24 10.0.10.0 v10-admin
Code: Select all
[MikroTik-hEX] > /ip dhcp-server print
Flags: D - dynamic, X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 defconf bridge dhcp 10m
1 guest v30-guest dhcp-pool-guest 10m
2 smart-offline v50-smart-offline dhcp-pool-smart-offline 10m
4 personal v20-personal dhcp-pool-personal 10m
5 admin v10-admin dhcp-pool-admin 10m
Code: Select all
[MikroTik-hEX] > /ip dhcp-server network print
Flags: D - dynamic
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 ;;; Administration und Infrastructure
10.0.10.0/24 10.0.10.1 192.168.1.10 admin
1 ;;; defconf
192.168.1.0/24 192.168.1.1 192.168.1.10 local
2 ;;; Personal
192.168.20.0/24 192.168.20.1 192.168.1.10 personal
3 ;;; Guests
192.168.30.0/24 192.168.30.1 192.168.1.10 guest
4 ;;; Smart Home (offline)
192.168.50.0/24 192.168.50.1 192.168.1.10 offline.smart
Code: Select all
[MikroTik-hEX] > /ip pool print
# NAME RANGES
0 dhcp 192.168.1.201-192.168.1.254
1 dhcp-pool-guest 192.168.30.100-192.168.30.254
2 dhcp-pool-personal 192.168.20.100-192.168.20.254
7 dhcp-pool-smart-offline 192.168.50.220-192.168.50.254
9 dhcp-pool-admin 10.0.10.100-10.0.10.254
Code: Select all
[MikroTik-hEX] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.192.1 1
1 ADC 10.0.10.0/24 10.0.10.1 v10-admin 0
4 ADC 192.168.1.0/24 192.168.1.1 bridge 0
5 ADC 192.168.20.0/24 192.168.20.1 v20-personal 0
8 ADC 192.168.30.0/24 192.168.30.1 v30-guest 0
11 ADC 192.168.50.0/24 192.168.50.1 v50-smart-offline 0
13 ADC 192.168.192.0/24 192.168.192.10 eth1: fritzbox 0
