Community discussions

MUM Europe 2020
 
Ohforf
just joined
Topic Author
Posts: 9
Joined: Wed Oct 15, 2014 2:32 pm

Inter-VLAN routing.

Wed Oct 15, 2014 2:40 pm

Hello.

There was a need to move several hosts to a separate VLAN. It was done successfully. But now there is a need to connect from untagged host to a host from VLAN.

Here is an image of our network. I need to ping successfully from PC-0 to PC-1 (vlan 2). What should be done to do it?

Image
 
User avatar
jacekes
Member Candidate
Member Candidate
Posts: 167
Joined: Tue Aug 30, 2011 9:34 am
Location: Poznan, Poland
Contact:

Re: Inter-VLAN routing.

Wed Oct 15, 2014 3:29 pm

I assume you have addressed the untagged interface of the RB951 and the tagged sub-interface in different subnets.
These 2 subnets should be visible in the routing table of the RB. If they are, nothing more should be done.

Are the hosts from vlan2 visible in the ARP table of the RB? Can they ping their default gateway? Can they ping the default gateway of the untagged interface?

There's not really much to be done on the RB...

Post the output of /ip address print, /interface print detail, /ip route print
I was certified a long time ago:
MTCNA# 1210NA193 MTCTCE# 1210TCE056 MTCWE# 1211WE010

ONE NETWORK DIAGRAM IS WORTH MORE THAN A THOUSAND WORDS!
 
Ohforf
just joined
Topic Author
Posts: 9
Joined: Wed Oct 15, 2014 2:32 pm

Re: Inter-VLAN routing.

Wed Oct 15, 2014 9:42 pm

I assume you have addressed the untagged interface of the RB951 and the tagged sub-interface in different subnets.
These 2 subnets should be visible in the routing table of the RB. If they are, nothing more should be done.
Yes, you are right, it is so. Funny thing the day everything was set up there was a connection between these subnets. I even had to make 2 rules to drop packets forward from one subnet to another. Now I deleted these 2 rules and nothing happens.
Are the hosts from vlan2 visible in the ARP table of the RB? Can they ping their default gateway? Can they ping the default gateway of the untagged interface?
Yes, hosts can ping their gateway. And I can ping hosts from RB terminal. But I can't ping from host PC-0 to host PC-1 (2, 3).
There's not really much to be done on the RB...

Post the output of /ip address print, /interface print detail, /ip route print
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   192.168.0.1/24     192.168.0.0     ether2-master-local                      
 1   192.168.2.1/24     192.168.2.0     vlan2_1C                                 
 2 D 10.0.211.153/24    10.0.211.0      ether1-gateway                           
 3 D 194.44.93.33/32    192.168.192.168 pppoe-out1                               
[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-gateway" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 
       max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:74 fast-path=yes 

 1  R  name="ether2-master-local" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:75 fast-path=yes 

 2   S name="ether3-slave-local" default-name="ether3" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:76 fast-path=yes 

 3   S name="ether4-slave-local" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:77 fast-path=yes 

 4   S name="ether5-slave-local" default-name="ether5" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:78 fast-path=yes 

 5  X  name="wlan1" default-name="wlan1" type="wlan" mtu=1500 actual-mtu=1500 l2mtu=2290 
       mac-address=D4:CA:6D:F5:29:79 fast-path=no 

 6  R  name="pppoe-out1" type="pppoe-out" mtu=1480 actual-mtu=1480 fast-path=no 

 7  R  name="vlan2_1C" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1594 mac-address=D4:CA:6D:F5:29:75 
       fast-path=no 
[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.192.168           1
 1 ADS  10.0.0.0/8                         10.0.211.1                1
 2 ADC  10.0.211.0/24      10.0.211.153    ether1-gateway            0
 3 ADC  192.168.0.0/24     192.168.0.1     ether2-master-l...        0
 4 ADC  192.168.2.0/24     192.168.2.1     vlan2_1C                  0
 5 ADC  192.168.192.168/32 194.44.93.33    pppoe-out1                0
 
mrScamp
just joined
Posts: 7
Joined: Mon Dec 26, 2011 9:11 pm

Re: Inter-VLAN routing.

Fri Oct 17, 2014 10:37 pm

Post the output of
/ip firewall export
please.
 
Ohforf
just joined
Topic Author
Posts: 9
Joined: Wed Oct 15, 2014 2:32 pm

Re: Inter-VLAN routing.

Sun Oct 19, 2014 10:19 pm

Post the output of
/ip firewall export
please.
[admin@MikroTik] > /ip firewall export
# oct/19/2014 22:18:21 by RouterOS 6.20
#
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1

Who is online

Users browsing this forum: April and 117 guests