Community discussions

MUM Europe 2020
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Help configure VLAN settings, please (Followup)

Wed Jan 06, 2010 11:22 am

Dear Community,

I have tried on more than one occasion to setup VLANs on my RB450G V4.2 but could not make it to work. It's obvious that I do not have the correct setups. Despite various trials of VLAN settings, I ended up restoring pre-VALN config everytime.

Can someone be kind enough to give me some help with my VLAN setup.

Here is a diagram of my network for information.

Thank you in anticipation.
You do not have the required permissions to view the files attached to this post.
Last edited by MTikSeekeroe on Wed Jan 13, 2010 9:51 pm, edited 1 time in total.
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Help configure VLAN settings, please.

Wed Jan 06, 2010 3:48 pm

Assuming that you know how to properly setup your switch, here is the config for the mikrotik...
/interface vlan
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name=vlan-101 use-service-tag=no vlan-id=101
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name=vlan-102 use-service-tag=no vlan-id=102
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name=vlan-103 use-service-tag=no vlan-id=103
add arp=enabled comment="" disabled=no interface=ether2 mtu=1500 name=vlan-104 use-service-tag=no vlan-id=104

/ip address
add address=192.168.105.1/27 broadcast=192.168.105.31 comment="" disabled=no interface=ether3 network=192.168.105.0
add address=192.168.101.1/27 broadcast=192.168.101.31 comment="" disabled=no interface=vlan-101 network=192.168.101.0
add address=192.168.102.1/27 broadcast=192.168.102.31 comment="" disabled=no interface=vlan-102 network=192.168.102.0
add address=192.168.103.1/27 broadcast=192.168.103.31 comment="" disabled=no interface=vlan-103 network=192.168.103.0
add address=192.168.104.1/27 broadcast=192.168.104.31 comment="" disabled=no interface=vlan-104 network=192.168.104.0

/ip firewall filter
add action=drop chain=forward comment="" disabled=no in-interface=vlan-104 out-interface=!ether1
add action=drop chain=forward comment="" disabled=no in-interface=!ether1 out-interface=vlan-104
You can add additional firewall filters as you see fit.
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Re: Help configure VLAN settings, please.

Thu Jan 07, 2010 2:21 am

Dear netrat,

Thank you. Did not expect that quick response.

I attempted to run with your solution this morning but wasn't able to complete it before i had to leave for work (Australia time). Will try later today and report back.

Thanks again for your help.
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Re: Help configure VLAN settings, please.

Sat Jan 09, 2010 2:04 am

Hi,

I have tried the suggested VLAN but I was not able to get to the Net. Various graphs in Winbox however indicate traffic flowing in both Tx and Rx directions but the web page indicates that the router default getaway (i.e. 192.168.101.1) was not reachable. This is confirmed by the fact that I can't ping the gateway.

Here is an extract of the script.

#jan/09/2010 10:08:56 by RouterOS 4.2
# software id = H61Q-GPR1
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1524 max-message-age=20s \
mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6

/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:43 \
master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:44 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:45 \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:46 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:53:FB:47 \
master-port=none mtu=1500 name=ether5 speed=100Mbps

/interface vlan
add arp=enabled comment="" disabled=no interface=ether2 l2mtu=1520 mtu=1500 \
name=VL101 use-service-tag=no vlan-id=101
add arp=enabled comment="" disabled=no interface=ether2 l2mtu=1520 mtu=1500 \
name=VL103 use-service-tag=no vlan-id=103
add arp=enabled comment="" disabled=yes interface=ether2 l2mtu=1520 mtu=1500 \
name=VL105 use-service-tag=no vlan-id=105
add arp=enabled comment="" disabled=no interface=ether2 l2mtu=1520 mtu=1500 \
name=VL104 use-service-tag=no vlan-id=104

/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
switch-all-ports=yes

/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether5 path-cost=10 point-to-point=auto priority=0x80

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no

/interface ethernet switch port
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback
set (unknown) vlan-mode=fallback

/ip address
add address=192.168.101.1/27 broadcast=192.168.101.31 comment="" disabled=no \
interface=VL101 network=192.168.101.0
add address=192.168.105.1/27 broadcast=192.168.105.31 comment="" disabled=no \
interface=ether3 network=192.168.105.0
add address=192.168.103.1/27 broadcast=192.168.103.31 comment="" disabled=no \
interface=VL103 network=192.168.103.0
add address=192.168.104.1/27 broadcast=192.168.104.31 comment="" disabled=no \
interface=VL104 network=192.168.104.0

/ip arp
add address=124.190.x.x comment="" disabled=no interface=bridge1 \
mac-address=0x:1x:Dx:4x:8x:0x

/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
interface=ether1 use-peer-dns=yes use-peer-ntp=yes

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=61.9.134.49 secondary-dns=61.9.133.193

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether1
add action=masquerade chain=srcnat comment="" disabled=no src-address=192.168.0.0/16

/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
set VL101 discover=no
set VL103 discover=no
set VL105 discover=no
set VL104 discover=no

/ip route
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.101.1 scope=30 target-scope=10

/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set bridge1 queue=default
set VL101 queue=default
set VL103 queue=default
set VL105 queue=default
set VL104 queue=default


Am I missing something? Pls.

Thank you.
 
User avatar
astounding
Member Candidate
Member Candidate
Posts: 121
Joined: Tue Dec 16, 2008 12:17 am

Re: Help configure VLAN settings, please.

Sat Jan 09, 2010 8:17 am

You've got VLANs set up on ether2 AND you've got a bridge attached to that port too. That's never worked for me. Anytime a bridge is attached to an ethernet port, the bridge sees the traffic but the VLAN doesn't. (At least in 3.x... I'm not 100% sure about 4.x)

Also, you've got the 450's hardware switching enabled to do switching. Pick which way you want to handle things.

The suggested set-up was to NOT bridge and NOT switch, but IP route, with tagged VLANs on ether2.

I assume that your HP switch has to be properly configured to send out 802.1q tagged VLAN-ified packets to your 450's ether2 port (i.e. it's an 802.1q trunk port).

I assume that your 450's ether3 is an untagged port.

With those assumptions, netrat's suggested configuration should work like a charm if you get rid of the "switch-all-ports" and remove your bridge port mappings so each IP network is a private segment that gets IP routed by the 450 instead of ethernet bridged/switched.

Aaron out.
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Help configure VLAN settings, please.

Sat Jan 09, 2010 9:29 pm

Remove the bridges.
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Re: Help configure VLAN settings, please.

Sun Jan 10, 2010 10:49 am

Netrat & Astounding,

Thank you both for your help.

I did not realise how neat and elegant Netrat's solution was until after I did a /system reset of the router, following Astounding's comments, and reconfigured the router from start (i.e. minus the existing bridge and switch).

Lo and behow, traffic flowing through the VLANs beautifully.

Again, thanks for your community spirit and great help.

Cheers
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Re: Help configure VLAN settings, please.

Wed Jan 13, 2010 12:43 pm

Hi Netrat,

If you are still there.

In my excitement, I overlook the fact that nodes in my Vlan 105 (wifi) does not get connected to the Net under the solution. I can't connect to the wifi router either.

Can you ps help. Thank you.

Who is online

Users browsing this forum: MSN [Bot] and 78 guests