Community discussions

MikroTik App
 
nissandata
newbie
Topic Author
Posts: 37
Joined: Fri Dec 03, 2010 7:20 pm

Unable to administrate through WinBox via VLAN

Wed Jan 25, 2012 11:05 am

Has two SXT's set up, set up to be administrated from my admin-vlan

But i have a problem i can't figure out.
I'm not able to administrate this device via WinBox. It's working as expected via ssh and www.
When it's located in my test environment i'm able to connect to it via WinBox. In that situation im in the same subnet and same fysical switch, without any vlan's.

There's no tunnels on the way to the device. Just one gateway and one vlan

There's no firewall rules at this moment on the device.

When trying to connect via winbox i get "Could not connect to <ip> (port 8291) - no response!"

Tryin to connect this way
172.16.10.0/24 ->
RB1100 routes to 172.16.20.0/24 ->
switch sets traffic as tagged on vlan1 ->
passes through a few switches and reaches the SXT as tagged on vlan1

I have tried this from computer -> switch taggs traffic -> reach SXT tagged on on vlan1 with the same result

the vlan-interface are located on the bridge on the SXT, and the ip for administration is set on vlan-interface
see config below for mor info

Any inputs would be most welcome
# jan/25/2012 07:48:00 by RouterOS 5.11
#
#LAN for our office       Admin-lan
#172.16.10.0/24           172.16.20.0/24
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge1 priority=0x8000 protocol-mode=rstp transmit-hold-count=6

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1598 \
    mac-address=00:0C:42:D4:25:96 mtu=1500 name=ether1 speed=100Mbps

/interface vlan
add arp=enabled disabled=no interface=bridge1 l2mtu=1594 mtu=1500 name=\
    "vlan1 - Adminvlan" use-service-tag=no vlan-id=1

/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
    interface=vpls1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=yes edge=auto external-fdb=auto horizon=none \
    interface="vlan1 - Adminvlan" path-cost=10 point-to-point=auto priority=\
    0x80

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

/ip address
add address=172.16.254.1/30 disabled=no interface=wlan1 network=172.16.254.0
add address=172.16.20.150/24 disabled=no interface="vlan1 - Adminvlan" network=\
    172.16.20.0

/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=217.10.96.44,8.8.8.8

/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.20.1 scope=30 \
    target-scope=10
add disabled=no distance=1 dst-address=172.16.10.0/24 gateway=172.16.20.1 scope=\
    30 target-scope=10

/ip service
set telnet disabled=yes port=23
set ftp disabled=yes port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291

 
User avatar
cbrown
Trainer
Trainer
Posts: 1839
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: Unable to administrate through WinBox via VLAN

Wed Jan 25, 2012 2:28 pm

You have you VLAN interface in the bridge and your IP address set to the actual VLAN. Set your IP to the bridge that the VLAN is in.
 
nissandata
newbie
Topic Author
Posts: 37
Joined: Fri Dec 03, 2010 7:20 pm

Re: Unable to administrate through WinBox via VLAN

Wed Jan 25, 2012 5:38 pm

to clearify, the vlan is not member of the bridge, it's set on the bridge as interface
/interface vlan
add arp=enabled disabled=no interface=bridge1 l2mtu=1594 mtu=1500 name=\
    "vlan1 - Adminvlan" use-service-tag=no vlan-id=1
You have you VLAN interface in the bridge and your IP address set to the actual VLAN. Set your IP to the bridge that the VLAN is in.
so that leads to not being able to connect to it at all.

the admin-vlan is for just being able to administrate the device. It does not have to do with passing traffic through it

But winbox seems to break when it passes through a vlan, can it be a MTU-issue?

i tried to untag the traffic at the switch before the SXT and set the IP direct on the ehter1 and bridge. Result the same
ssh and www works, but not winbox

Who is online

Users browsing this forum: Husky and 77 guests