I have received current config files and a little more info. Not much on there.
I have tried a notepad++ compare mikrotik config and found that P2P-02 does not have an ip route configured, should this be configured?
Should the management VLAN be untagged on both the SW and Mikrotik config? I believe SW-B and SW-C both have a Meraki AP hanging off them.
Customer: The main issue I was having was with devices authenticating via ISE, DHCP does not seem to be returning requests, so whilst ISE authenticated the device connection failed. If a device has a static IP and authenticates with Mac Address Bypass, the devices work.
P2P-03 and P2P-04 have not been installed/configured yet.
Bridge SI.PNG
P2P-01 Config:
[admin@P2P-01] > export
# jun/13/2022 13:54:10 by RouterOS 7.2.3
# software id = 5YBC-HC9N
#
# model = RBLHGG-60ad
# serial number = CXXXXXXXXX9B
/interface bridge
add admin-mac=C4:AD:XX:XX:XX:05 auto-mac=no comment=defconf ingress-filtering=no name=bridge pvid=105 vlan-filtering=yes
/interface w60g
set [ find ] disabled=no mode=bridge name=wlan60-1 ssid=AtoB
/interface w60g station
add mac-address=C4:AD:XX:XX:XX:06 name=wlan60-station-1 parent=wlan60-1 remote-address=C4:AD:XX:XX:XX:5E
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-station-1 pvid=105
/interface bridge vlan
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=1
add bridge=bridge untagged=bridge,ether1,wlan60-1,wlan60-station-1 vlan-ids=105
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=114
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=120
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=204
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=230
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=65
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=180
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=240
/interface list member
add interface=wlan60-1 list=WAN
add interface=bridge list=LAN
/ip address
add address=10.20.105.200/24 comment=defconf interface=ether1 network=10.20.105.0
/ip dns
set servers=10.20.5.13,172.20.5.11
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.20.105.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/system identity
set name=P2P-01
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.20.5.13
add address=10.20.5.11
P2P-02 Config:
[admin@P2P-02] > export
# jun/22/2022 14:33:45 by RouterOS 7.2.3
# software id = NFB1-VT4G
#
# model = RBLHGG-60ad
# serial number = CxxxxxxxxDAD
/interface bridge
add admin-mac=C4:AD:XX:XX:XX:5D auto-mac=no comment=defconf name=bridge pvid=105 vlan-filtering=yes
/interface w60g
set [ find ] disabled=no mode=station-bridge name=wlan60-1 ssid=AtoB
/interface w60g station
add mac-address=C4:AD:XX:XX:XX:5E name=wlan60-station-1 parent=wlan60-1 remote-address=C4:AD:XX:XX:XX:06
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 pvid=105
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan60-1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-station-1 pvid=105
/interface bridge vlan
add bridge=bridge untagged=ether1,wlan60-1,wlan60-station-1,bridge vlan-ids=105
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=1
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=65
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=114
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=120
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=180
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=204
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=230
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=240
/interface list member
add interface=wlan60-1 list=WAN
add interface=ether1 list=LAN
/ip address
add address=10.20.105.201/24 comment=defconf interface=ether1 network=10.20.105.0
/ip dns
set servers=10.20.5.13,172.20.5.11
/system identity
set name=P2P-02
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.20.5.13
add address=10.20.5.11
/tool sniffer
set filter-interface=all filter-ip-address=!10.20.5.54/32 filter-mac-address=!C0:25:XX:XX:XX:7B/FF:FF:FF:FF:FF:FF filter-port=!bootps,!bootpc
Switch Configs:
SW-A
interface GigabitEthernet1/0/24
description WiFi P2P (AtoB)
switchport trunk allowed vlan 1-20,22-114,116-4094
switchport trunk native vlan 105
switchport mode trunk
no logging event link-status
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
no snmp trap link-status
mls qos cos 2
mls qos trust cos
spanning-tree portfast edge
spanning-tree bpduguard disable
!
-----------------------------------------
SW-B
interface GigabitEthernet0/1
description Wireless P2P(Building B to Building A)
switchport trunk allowed vlan 1-20,22-114,116-4094
switchport trunk native vlan 105
switchport mode trunk
no logging event link-status
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
no snmp trap link-status
mls qos cos 2
mls qos trust cos
spanning-tree portfast edge
spanning-tree bpduguard disable
ip dhcp snooping trust
!
-----------------------------------------
SW-C
interface GigabitEthernet1/0/1
description description Wireless P2P (Building C to B)
switchport trunk allowed vlan 1-20,22-114,116-4094
switchport trunk native vlan 105
switchport mode trunk
switchport nonegotiate
priority-queue out
no snmp trap link-status
mls qos cos 2
mls qos trust cos
spanning-tree portfast edge
spanning-tree bpduguard disable
ip dhcp snooping trust
!
You do not have the required permissions to view the files attached to this post.