OS: 7.0.5 (stable)
I am brand new to RouterOS.
I have two VLANs on my network: a general LAN (VLAN 21) and a DMZ (VLAN 18). Both work individually when configured with either PVID and "admit only untagged and priority tagged" on individual bridge ports.
I have a VMware ESXi box on ether8 and would like it to have the ability to access both VLANs with only one Ethernet connection with the objective of assigning these VLANs to individual guests allowing me to introduce virtual machines on both networks with a single machine and Ethernet connection.
I have limited experience with 802.1q though in my research of VLANs on RouterOS I've discovered service VLANs though I don't think that is what I am looking for. I've reviewed a number of articles, primarily those targeting VLAN trunking. Every time I reach the point that I believe I have both VLANs going over the single physical port, I get no communication at all.
I am using a single bridge with both VLANs tagged. ether8 has a PVID of 18 (DMZ), the remainder have a PVID of 21 (LAN). When Bridge Port ether8 is set to "admit only untagged and priority tagged" I can access DMZ. Based on my reading, this needs to be set to "admit all" or more likely "admit VLAN tagged". When setting admit VLAN tagged, all communication stops.
On the client computer side I have tried the following--in all of these attempts bridge port ether8 was set to "admit VLAN tagged"
- Configure VMware ESXi vSwitch on VLAND ID 4095 as suggested by some articles though I'm not confident this is what I am actually looking for. A VMware article states this "Enables trunking on port group (VGT Mode)" (https://kb.vmware.com/s/article/1004074) so perhaps it is.
- Configure VMware ESXi vSwitch on VLAN ID 18 with the expectation that I would receive at least communication with DMZ but this does not allow it either.
- Use a standard laptop with an Intel ethernet adapter that supports Intel PROSet with VLAN in attempt to diagnose the issue in a more simplified way. When adding a VLAN using Intel PROSet it introduces new virtual interfaces each configured to listen for traffic on each specific VLAN. No traffic comes from either.
I believe these are the key components from my latest configuration that would prove useful:
Code: Select all
/interface bridge
add auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=DMZ_VLAN vlan-id=18
add interface=bridge name=LAN_VLAN vlan-id=21
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=DMZ
/ip pool
add name=DMZ_POOL ranges=192.168.18.11-192.168.18.20
add name=LAN_POOL ranges=192.168.21.11-192.168.21.254
/ip dhcp-server
add address-pool=DMZ_POOL interface=DMZ_VLAN name=DMZ_DHCP
add address-pool=LAN_POOL interface=LAN_VLAN name=LAN_DHCP
/interface bridge port
add bridge=bridge comment="Home Network" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=21
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether7 pvid=21
add bridge=bridge comment=DMZ edge=yes frame-types=admit-only-vlan-tagged interface=ether8 learn=no pvid=18
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=18
add bridge=bridge tagged=bridge vlan-ids=21
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=DMZ_VLAN list=DMZ
add interface=LAN_VLAN list=LAN
/ip address
add address=192.168.18.1/24 interface=DMZ_VLAN network=192.168.18.0
add address=192.168.21.1/24 interface=LAN_VLAN network=192.168.21.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.18.0/24 dns-server=192.168.18.1 gateway=192.168.18.1
add address=192.168.21.0/24 dns-server=192.168.21.1 gateway=192.168.21.1
I have learn=no set while attempting to follow the aforementioned VMWare article.
I have reviewed many articles, but it would seem I am missing a fundamental component here.
I'd greatly appreciate some direction or guidance on allowing guest machines running on a VMWare ESXi box with a single Ethernet connection to access either of my VLANs.