My topology would be a Mikrotik RB2011, with 2 ISP working in failover (ether1,2) and 3 ports in LAN bridge (ether3, 4 5). Now i want to make ether 3 working as trunk port, with a tag vlan 10. Then, i have managable switch Aruba 1830, that's connected to ether 3 on the mikrotik and already tag everything there (have the ether1 in the switch with a tag vlan 10 and untagged vlan 1, then i have ehter2 with an untagged vlan 10 connected to a PC).
This is my config:
Code: Select all
# aug/30/2022 16:24:25 by RouterOS 6.49.6
# software id = J13U-JGF2
#
# model = 2011UiAS
/interface bridge
add admin-mac=64:D1:54:38:F5:A7 auto-mac=no comment=defconf fast-forward=no \
name=bridgeLAN vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Claro speed=100Mbps
set [ find default-name=ether2 ] name=ether2-Fibercorp speed=100Mbps
set [ find default-name=ether3 ] name=ether3-LAN speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether3-LAN name=VLAN10 vlan-id=10
add interface=ether3-LAN name=VLAN20 vlan-id=20
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=LAN
add name=WAN
add name=VLAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.254
add name=dhcp_pool2 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool3 ranges=10.0.20.2-10.0.20.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridgeLAN name=dhcp
add address-pool=dhcp_pool2 disabled=no interface=VLAN10 name=dhcp1
add address-pool=dhcp_pool3 disabled=no interface=VLAN20 name=dhcp2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
add email-to=<CENSORED> name=email target=email
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN interface=ether4
add bridge=bridgeLAN interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridgeLAN tagged=ether3-LAN,bridgeLAN vlan-ids=10
/interface list member
add interface=ether1-Claro list=WAN
add interface=ether2-Fibercorp list=WAN
add interface=bridgeLAN list=LAN
add interface=VLAN10 list=VLAN
add interface=VLAN20 list=VLAN
/ip address
add address=192.168.1.1/24 comment=LAN interface=ether3-LAN network=\
192.168.1.0
add address=10.0.10.1/24 interface=VLAN10 network=10.0.10.0
add address=10.0.20.1/24 interface=VLAN20 network=10.0.20.0
/ip dhcp-client
add comment="Proveedor 1 - Claro" disabled=no interface=ether1-Claro
add add-default-route=no comment="Proveedor 2 - Fibercorp" disabled=no \
interface=ether2-Fibercorp
/ip dhcp-server network
add gateway=0.0.0.1
add address=10.0.0.0/24 comment="Virtual Machines Net" gateway=10.0.0.1 \
netmask=24
add address=10.0.10.0/24 gateway=10.0.10.1
add address=10.0.20.0/24 gateway=10.0.20.1
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
add address=192.168.100.0/24 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router
/ip firewall address-list
add address=192.168.1.3-192.168.1.101 comment="Resto de la red" list=\
a_fibercorp
add address=192.168.1.102 comment=Cosag list=a_claro
add address=192.168.1.103 comment=W2019 list=a_claro
add address=192.168.1.201 comment=webserver list=a_claro
add address=192.168.1.106-192.168.1.199 list=a_fibercorp
add address=192.168.1.203-192.168.1.254 list=a_fibercorp
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="Allow VLAN" in-interface-list=VLAN
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1-Claro
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether2-Fibercorp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes in-interface=\
ether1-Claro
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=forward comment="VLAN Internet Access only" \
connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-Claro
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether2-Fibercorp
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Env\EDo de tr\E1fico a Fibercorp (ISP2)" new-routing-mark=a-fibercorp \
src-address-list=a_fibercorp
add action=mark-routing chain=prerouting comment=\
"Env\EDo de tr\E1fico a Claro (ISP1)" new-routing-mark=a-claro \
src-address-list=a_claro
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1-Claro
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether2-Fibercorp
/ip route
add check-gateway=ping comment="Ruta principal Fibercorp" distance=1 gateway=\
X.X.X.X routing-mark=a-fibercorp
add check-gateway=ping comment="Respaldo Fibercorp" distance=2 gateway=\
X.X.X.X routing-mark=a-fibercorp
add check-gateway=ping comment="Ruta principal Claro" distance=1 gateway=\
X.X.X.X routing-mark=a-claro
add check-gateway=ping comment="Respaldo Claro" distance=2 gateway=\
X.X.X.1 routing-mark=a-claro
add distance=1 gateway=10.0.10.1
add distance=1 gateway=10.0.20.1
/ip traffic-flow
set enabled=yes interfaces=ether1-Claro
/ip traffic-flow target
add dst-address=192.168.1.253 port=5536 version=5
/lcd interface
add
/lcd interface pages
set 0 interfaces="sfp1,ether1-Claro,ether2-Fibercorp,ether3-LAN,ether4,ether5,\
ether6,*8,ether8,ether9,ether10"
/system clock
set time-zone-name=America/Argentina/Buenos_Aires
/system logging
add action=email topics=ups
/system scheduler
add interval=10m name="cada 10 minutos" on-event=update_gateways policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/25/2022 start-time=11:00:00
/system ups
add name=APC900 offline-time=10h port=usbhid1
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon
set enabled=yes
I Can't pìng or obteing an ip address from the PC connected to the aruba switch.
Any help or advice would be great. Thanks in advance.