MikroTik

Posted: **Wed Oct 15, 2014 2:40 pm**

Hello.

There was a need to move several hosts to a separate VLAN. It was done successfully. But now there is a need to connect from untagged host to a host from VLAN.

Here is an image of our network. I need to ping successfully from PC-0 to PC-1 (vlan 2). What should be done to do it?

Posted: **Wed Oct 15, 2014 3:29 pm**

I assume you have addressed the untagged interface of the RB951 and the tagged sub-interface in different subnets.
These 2 subnets should be visible in the routing table of the RB. If they are, nothing more should be done.

Are the hosts from vlan2 visible in the ARP table of the RB? Can they ping their default gateway? Can they ping the default gateway of the untagged interface?

There's not really much to be done on the RB...

Post the output of /ip address print, /interface print detail, /ip route print

Posted: **Wed Oct 15, 2014 9:42 pm**

I assume you have addressed the untagged interface of the RB951 and the tagged sub-interface in different subnets.
These 2 subnets should be visible in the routing table of the RB. If they are, nothing more should be done.

Yes, you are right, it is so. Funny thing the day everything was set up there was a connection between these subnets. I even had to make 2 rules to drop packets forward from one subnet to another. Now I deleted these 2 rules and nothing happens.

Are the hosts from vlan2 visible in the ARP table of the RB? Can they ping their default gateway? Can they ping the default gateway of the untagged interface?

Yes, hosts can ping their gateway. And I can ping hosts from RB terminal. But I can't ping from host PC-0 to host PC-1 (2, 3).

There's not really much to be done on the RB...

Post the output of /ip address print, /interface print detail, /ip route print

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   192.168.0.1/24     192.168.0.0     ether2-master-local                      
 1   192.168.2.1/24     192.168.2.0     vlan2_1C                                 
 2 D 10.0.211.153/24    10.0.211.0      ether1-gateway                           
 3 D 194.44.93.33/32    192.168.192.168 pppoe-out1

[admin@MikroTik] > /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-gateway" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1598 
       max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:74 fast-path=yes 

 1  R  name="ether2-master-local" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:75 fast-path=yes 

 2   S name="ether3-slave-local" default-name="ether3" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:76 fast-path=yes 

 3   S name="ether4-slave-local" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:77 fast-path=yes 

 4   S name="ether5-slave-local" default-name="ether5" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=D4:CA:6D:F5:29:78 fast-path=yes 

 5  X  name="wlan1" default-name="wlan1" type="wlan" mtu=1500 actual-mtu=1500 l2mtu=2290 
       mac-address=D4:CA:6D:F5:29:79 fast-path=no 

 6  R  name="pppoe-out1" type="pppoe-out" mtu=1480 actual-mtu=1480 fast-path=no 

 7  R  name="vlan2_1C" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1594 mac-address=D4:CA:6D:F5:29:75 
       fast-path=no

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.192.168           1
 1 ADS  10.0.0.0/8                         10.0.211.1                1
 2 ADC  10.0.211.0/24      10.0.211.153    ether1-gateway            0
 3 ADC  192.168.0.0/24     192.168.0.1     ether2-master-l...        0
 4 ADC  192.168.2.0/24     192.168.2.1     vlan2_1C                  0
 5 ADC  192.168.192.168/32 194.44.93.33    pppoe-out1                0

Posted: **Fri Oct 17, 2014 10:37 pm**

Post the output of

/ip firewall export

please.

Posted: **Sun Oct 19, 2014 10:19 pm**

Post the output of
Code: Select all
/ip firewall export
please.

[admin@MikroTik] > /ip firewall export
# oct/19/2014 22:18:21 by RouterOS 6.20
#
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1

MikroTik

Inter-VLAN routing.

Inter-VLAN routing.

Re: Inter-VLAN routing.

Re: Inter-VLAN routing.

Re: Inter-VLAN routing.

Re: Inter-VLAN routing.