Community discussions

MikroTik App
 
BrainPain
just joined
Topic Author
Posts: 21
Joined: Sun May 17, 2020 10:40 am

VRF lite not working

Tue Dec 07, 2021 6:45 pm

Hi

i am tesing vrf lite with wAP 60G device. I want to put the client into a "client" vrf that should not be able to access interfaces in the "main" vrf.

My routing table looks like the following:
vrf-lite.PNG
The strange thing is, that i am able to ping 192.168.88.3 from the client net 192.168.63.0/24.

I am using the following config:
/interface bridge
add admin-mac=CC:2D:E0:6C:35:80 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
add name=client
/interface w60g
set [ find ] disabled=no mode=station-bridge name=wlan60-1 ssid=MikroTik-6c3529
/interface vlan
add interface=bridge name=INET vlan-id=80
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.63.10-192.168.63.100
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=client name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=wlan60-1
add bridge=client frame-types=admit-only-untagged-and-priority-tagged interface=ether1
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=80
/ip address
add address=192.168.88.3/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.63.1/24 interface=client network=192.168.63.0
add address=10.10.10.248/28 interface=INET network=10.10.10.240
/ip dhcp-server network
add address=192.168.63.0/24 dns-server=8.8.8.8 gateway=192.168.63.1
/ip route
add distance=1 gateway=10.10.10.241 routing-mark=client
/ip route vrf
add interfaces=INET,client routing-mark=client
/system identity
set name=VRF-TEST
To summerize, i created a bridge "client" and and i am using the standard bridge "bridge". I am not sure, why routerOS is routing those packages from my client 192.168.63.100 -> 192.168.63.1 -> 192.168.88.3. I am starting at the VRF "client" so as i understand, no route leaking should be possible?

Thank you
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Ahrefs [Bot], DanMos79, jaclaz, sebus46 and 93 guests