Unable to administrate through WinBox via VLAN
Posted: Wed Jan 25, 2012 11:05 am
Has two SXT's set up, set up to be administrated from my admin-vlan
But i have a problem i can't figure out.
I'm not able to administrate this device via WinBox. It's working as expected via ssh and www.
When it's located in my test environment i'm able to connect to it via WinBox. In that situation im in the same subnet and same fysical switch, without any vlan's.
There's no tunnels on the way to the device. Just one gateway and one vlan
There's no firewall rules at this moment on the device.
When trying to connect via winbox i get "Could not connect to <ip> (port 8291) - no response!"
Tryin to connect this way
172.16.10.0/24 ->
RB1100 routes to 172.16.20.0/24 ->
switch sets traffic as tagged on vlan1 ->
passes through a few switches and reaches the SXT as tagged on vlan1
I have tried this from computer -> switch taggs traffic -> reach SXT tagged on on vlan1 with the same result
the vlan-interface are located on the bridge on the SXT, and the ip for administration is set on vlan-interface
see config below for mor info
Any inputs would be most welcome
But i have a problem i can't figure out.
I'm not able to administrate this device via WinBox. It's working as expected via ssh and www.
When it's located in my test environment i'm able to connect to it via WinBox. In that situation im in the same subnet and same fysical switch, without any vlan's.
There's no tunnels on the way to the device. Just one gateway and one vlan
There's no firewall rules at this moment on the device.
When trying to connect via winbox i get "Could not connect to <ip> (port 8291) - no response!"
Tryin to connect this way
172.16.10.0/24 ->
RB1100 routes to 172.16.20.0/24 ->
switch sets traffic as tagged on vlan1 ->
passes through a few switches and reaches the SXT as tagged on vlan1
I have tried this from computer -> switch taggs traffic -> reach SXT tagged on on vlan1 with the same result
the vlan-interface are located on the bridge on the SXT, and the ip for administration is set on vlan-interface
see config below for mor info
Any inputs would be most welcome
Code: Select all
# jan/25/2012 07:48:00 by RouterOS 5.11
#
#LAN for our office Admin-lan
#172.16.10.0/24 172.16.20.0/24
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
name=bridge1 priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1598 \
mac-address=00:0C:42:D4:25:96 mtu=1500 name=ether1 speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=bridge1 l2mtu=1594 mtu=1500 name=\
"vlan1 - Adminvlan" use-service-tag=no vlan-id=1
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
interface=vpls1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=yes edge=auto external-fdb=auto horizon=none \
interface="vlan1 - Adminvlan" path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/ip address
add address=172.16.254.1/30 disabled=no interface=wlan1 network=172.16.254.0
add address=172.16.20.150/24 disabled=no interface="vlan1 - Adminvlan" network=\
172.16.20.0
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=217.10.96.44,8.8.8.8
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.20.1 scope=30 \
target-scope=10
add disabled=no distance=1 dst-address=172.16.10.0/24 gateway=172.16.20.1 scope=\
30 target-scope=10
/ip service
set telnet disabled=yes port=23
set ftp disabled=yes port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291