Community discussions

MikroTik App
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

HexS - VLAN config not working

Sun Oct 16, 2022 1:52 pm

Hey guys,
after managing to make the internet access working with your help, I want to setup the following infrastructure with the hEX S (image attached):
concept.png
The three Access Points are for three different apartments. All of them should have internet access, their own network address and DHCP server while not being able to see computers from other networks/access points.

To achieve this I went through a tutorial with the help of a friend who is experienced setting up networks and VLANs. But The result with the current state is, that a (windows) computer connected to VLAN 1 does not get an IP address assigned. We were not able to find the reason for this.
Note: I want the three VLANS to be untagged, since the apartments residents will/can bring their own access points. So I do not want those access points need to be configured to work with a certain VLAN only.

This is the current config:
[admin@RouterOS] > export hide-sensitive
# oct/16/2022 12:37:58 by RouterOS 6.48.6
# software id = QXQC-WMAZ
#
# model = RB760iGS
# serial number = HD2086154BV
/interface bridge
add admin-mac=18:FD:74:8B:4F:B0 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan101 vlan-id=101
add interface=bridge name=vlan102 vlan-id=102
add interface=bridge name=vlan103 vlan-id=103
add interface=ether1 name=vlan_wan vlan-id=132
/interface ethernet switch port
set 2 default-vlan-id=101
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool101 ranges=192.168.101.10-192.168.101.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool101 disabled=no interface=vlan101 name=dhcp101
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=101
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=102
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=103
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge vlan-ids=102
add bridge=bridge tagged=ether1 vlan-ids=103
add bridge=bridge untagged=ether3 vlan-ids=101
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=vlan_wan list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.101.1/24 interface=vlan101 network=192.168.101.0
add address=192.168.102.1/24 interface=vlan102 network=192.168.102.0
add address=192.168.103.1/24 interface=vlan103 network=192.168.103.0
/ip dhcp-client
add comment=defconf disabled=no interface=vlan_wan
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.101.0/32 dns-server=192.168.88.1,195.43.113.130 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=vlan_wan \
    out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes out-interface=vlan_wan
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Does anybody has an idea what we are missing?

Thank you so much in advance!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: HexS - VLAN config not working

Sun Oct 16, 2022 2:24 pm

Assuming these are dumb access points that cannot read vlan tags...............
Add vlan for your own connection, keeps it simple and clean, apples to apples
dont set etheport switch
add TRUSTED interface list entry
missing IP pools for all vlans, probably dhcp server probaby dhcp-server network, probably address?????
Adjusted input chain rules so only you have access to the router for config purposes the rest just for DNS services.
Fixed /interface bridge ports and vlans
Adjust forward chain rule to be better for security and clearer rules.
Cannot have two out interfaces for masquerade rule..............
Plus other points, so look at it line by line for differences.......

# oct/16/2022 12:37:58 by RouterOS 6.48.6

# model = RB760iGS
# serial number =DO NOT PUT IN SERIAL NUMBER!!!
/interface bridge
add admin-mac=18:FD:74:8B:4F:B0 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan-home  vlan-id=11
add interface=bridge name=vlan101 vlan-id=101
add interface=bridge name=vlan102 vlan-id=102
add interface=bridge name=vlan103 vlan-id=103
add interface=ether1 name=vlan_wan vlan-id=132
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=TRUSTED
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool101 ranges=192.168.101.10-192.168.101.254
add name=dhcp_pool102 ranges=192.168.102.10-192.168.102.254
add name=dhcp_pool103 ranges=192.168.103.10-192.168.103.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=vlan-home name=dhcp-trusted
add address-pool=dhcp_pool101 disabled=no interface=vlan101 name=dhcp101
add address-pool=dhcp_pool102 disabled=no interface=vlan102 name=dhcp102
add address-pool=dhcp_pool103 disabled=no interface=vlan103 name=dhcp103
/interface bridge port
add bridge=bridge comment=defconf ingress-flitering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=11
add bridge=bridge comment=defconf ingress-flitering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=101
add bridge=bridge comment=defconf ingress-flitering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=102
add bridge=bridge comment=defconf ingress-flitering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=103
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=11
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=101
add bridge=bridge tagged=bridge untagged=ether4 vlan-ids=102
add bridge=bridge tagged=bridge untagged=ether5 vlan-ids=103
/interface list member
add comment=defconf interface=vlan-101 list=LAN
add comment=defconf interface=vlan-102 list=LAN
add comment=defconf interface=vlan-103 list=LAN
add comment=defconf interface=vlan-home  list=LAN
add comment=defconf interface=vlan-home list=TRUSTED
add comment=defconf interface=vlan_wan list=WAN
add interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=vlan-home network=192.168.88.0
add address=192.168.101.1/24 interface=vlan101 network=192.168.101.0
add address=192.168.102.1/24 interface=vlan102 network=192.168.102.0
add address=192.168.103.1/24 interface=vlan103 network=192.168.103.0
/ip dhcp-client
add comment=defconf disabled=no interface=vlan_wan
/ip dhcp-server network
add address=192.168.88.0/24 dns=server=192.168.88.1comment=defconf gateway=192.168.88.1
add address=192.168.101.0/32 dns-server=192.168.101.1,195.43.113.130 gateway=192.168.101.1 netmask=24
add address=192.168.102.0/32 dns-server=192.168.102.1,195.43.113.130 gateway=192.168.102.1 netmask=24
add address=192.168.103.0/32 dns-server=192.168.103.1,195.43.113.130 gateway=192.168.103.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=accept chain=input in-interface-list=TRUSTED
add action=accept chain=input in-interface-list=LAN dst-port=53 protocol=tcp
add action=accept chain=input in-interface-list=LAN dst-port=53 protocol=udp
add action=drop chain=input comment="drop all else"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=accept chain=forward in-interface-list=LAN  out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat 
add action=drop  chain=forward comment="drop all else"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

Re: HexS - VLAN config not working

Tue Oct 18, 2022 8:04 pm

Hi Anav,
thanks for your response and sorry for late reply.

After resetting the configuration I was about to add every config you suggested line by line. And I can't proceed with these:
add bridge=bridge comment=defconf ingress-flitering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=11
This bridge already exists, which is correct, since this is part of the default config:
add bridge=bridge comment=defconf interface=ether2
.

I then tried to identify this config in the UI to adjust it, but I'm not able to find it. "ingress-filtering" can only be set for a bridge interface, but here I cannot set the corresponding interface.
See attached screenshots.

Where do I find the entries to edit the bridge as mentioned?

I would like to use your config as a file to load it as a backup. But I did not find any solution to store this as a file on the Mikrotik.

Thank you again!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: HexS - VLAN config not working

Tue Oct 18, 2022 8:45 pm

The VLAN tab on the Bridge itself.
The only thing that should be done is vlan filtering checked at the end of the config.
The rest leave at default / Pvid=1, ingress filtering=No / frame types = admit all.

I edit in winbox manually line by line OR
use the new terminal window and CLI commands.........

Nlot sure why you are having problems setting the /interface bridge port settings.........???
Go Bridge MENU, select ports tab etc.........
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: HexS - VLAN config not working

Tue Oct 18, 2022 9:21 pm

Given the requirements and the diagram in this configuration, I don't see any advantage in using vlans on any ether port except your WAN ether1 connection (and there only if your ISP is providing you internet on tagged vlan 132).

Vlans are useful when you have more than 1 group of ports in different subnets, e.g. wan on ether1, vlan 101 on ether2 and ether3 and sfp, vlan 201 on ether4 and ether5 and sfp. This would partition the bridge into two "mini-switches" with two access ports each and the spf as a trunk port (perhaps to an external switch).

But in your case, every port has its own ip subnet. I don't see any advantage to using vlans. I generally do recommend using vlans, but in this case I don't. I my opinion, using vlans in this case is just adding complexity with no benefit.

If your goal is to learn vlans, then you should learn in a case where they do add value.
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

Re: HexS - VLAN config not working

Wed Oct 19, 2022 9:09 pm

Vlans are useful when you have more than 1 group of ports in different subnets, e.g. wan on ether1, vlan 101 on ether2 and ether3 and sfp, vlan 201 on ether4 and ether5 and sfp. This would partition the bridge into two "mini-switches" with two access ports each and the spf as a trunk port (perhaps to an external switch).

If your goal is to learn vlans, then you should learn in a case where they do add value.
I roughly understand it and it actually was the first idea to seperate them "physically" with different switches. But it seems the heXS is not able to do this, since there seem to be only one switch for all ports. There is no "add"-Button in the category "switches".
Nlot sure why you are having problems setting the /interface bridge port settings.........???
Go Bridge MENU, select ports tab etc.........
Ah, got it. I expected that "/interface" is the equivalent of "interface" in the UI. Like it is for "/ip".

I now applied everything identically as you had in your list with two exceptions.

1. I still have this setting by default and I don't know how to remove it:
---/ip dns static
---add address=192.168.88.1 comment=defconf name=router.lan
2. I did not dare to add the following because I'm afraid that I could lock myself out again:
---/tool mac-server
---set allowed-interface-list=LAN
---/tool mac-server mac-winbox
---set allowed-interface-list=LAN

The result is: The router and me on Ether2 do have internet. The VLAN 101 to 103 are getting IP's from the correct range. But they do not have internet access.
Any idea what the cause is?

Here is my exact, current config again:
/interface bridge
add admin-mac=18:FD:74:8B:4F:B0 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan-home vlan-id=11
add interface=bridge name=vlan101 vlan-id=101
add interface=bridge name=vlan102 vlan-id=102
add interface=bridge name=vlan103 vlan-id=103
add interface=ether1 name=vlan_wan vlan-id=132
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=TRUSTED
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool101 ranges=192.168.101.10-192.168.101.254
add name=dhcp_pool102 ranges=192.168.102.10-192.168.102.254
add name=dhcp_pool103 ranges=192.168.103.10-192.168.103.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=vlan-home name=dhcp-trusted
add address-pool=dhcp_pool101 disabled=no interface=vlan101 name=dhcp101
add address-pool=dhcp_pool102 disabled=no interface=vlan102 name=dhcp102
add address-pool=dhcp_pool103 disabled=no interface=vlan103 name=dhcp103
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=11
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=101
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=102
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=103
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=11
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=101
add bridge=bridge tagged=bridge untagged=ether4 vlan-ids=102
add bridge=bridge tagged=bridge untagged=ether5 vlan-ids=103
/interface list member
add comment=defconf interface=vlan101 list=LAN
add comment=defconf interface=vlan102 list=LAN
add comment=defconf interface=vlan103 list=LAN
add comment=defconf interface=vlan-home list=LAN
add comment=defconf interface=vlan-home list=TRUSTED
add comment=defconf interface=vlan_wan list=WAN
add interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=vlan-home network=192.168.88.0
add address=192.168.101.1/24 interface=vlan101 network=192.168.101.0
add address=192.168.102.1/24 interface=vlan102 network=192.168.102.0
add address=192.168.103.1/24 interface=vlan103 network=192.168.103.0
/ip dhcp-client
add comment=defconf disabled=no interface=vlan_wan
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
add address=192.168.101.0/32 dns-server=192.168.101.1,195.43.113.130 gateway=192.168.101.1 netmask=24
add address=192.168.102.0/32 dns-server=192.168.102.1,195.43.113.130 gateway=192.168.102.1 netmask=24
add address=192.168.103.0/32 dns-server=192.168.103.1,195.43.113.130 gateway=192.168.103.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
																	
add action=accept chain=input in-interface-list=TRUSTED
add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=udp
add action=drop chain=input comment="drop all else"
																	
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
																		 
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"
																		   
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN


btw: Seems this board is ignoring spaces and line breaks in many cases. I guess this is for saving space in the database, but it makes writing properly formatted, readable posts pretty hard.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: HexS - VLAN config not working

Wed Oct 19, 2022 9:52 pm

I roughly understand it and it actually was the first idea to seperate them "physically" with different switches. But it seems the heXS is not able to do this, since there seem to be only one switch for all ports. There is no "add"-Button in the category "switches".
Each group of ports that are members of that same vlan under the bridge acts like a separate "mini-switch". I.e. each vlan is a separate "broadcast" domain.

It is like a "managed" switch, where you can put different ports into different vlans, and they will be "isolated" from each other. The only way they can communicate then is via some router. In the case of the hEX S, the router is software running on the CPU.

For what I mean as "mini-switches" see Ed Harmoush's generic info about vlans Virtual Local Area Networks (VLANs). Ed also has a video covering the same info VLANs – the simplest explanation
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

Re: HexS - VLAN config not working

Thu Oct 20, 2022 9:22 am

I will keep that in mind, but since I already spent a lot of time into the last approaches and since the current config is very close to be working (I guess), I honestly want to find the issue in the current one.
Also I don't see a big difference to the current config compared to the paragraph "Breaking up one Physical Switch into multiple Virtual Switches" in the first article you have linked.

So before I spend another >10 hours into that approach: Does anybody have an idea why the clients on the VLAN 101 to 103 do not have internet access?
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: HexS - VLAN config not working

Thu Oct 20, 2022 7:47 pm

Does anybody have an idea why the clients on the VLAN 101 to 103 do not have internet access?
When connected to ether2 make a note of the output of command prompt ipconfig /all and tracert -d 1.1.1.1 copy the output to a file (e.g. notepad) or redirect to a file e.g. ipconfig /all > ipconfig_ether2.txt and tracert -d 1.1.1.1 >tracert_ether2.txt

Are you saying that if you plug into ether3, you get an ip address from the ranges=192.168.101.10-192.168.101.254 but can't access internet? What does the ipconfig /all show when connected to ether3? What does output of tracert -d 1.1.1.1 show compared to when connected to ether2?

Same for connecting to ether5. Do you get address from ranges=192.168.103.10-192.168.103.254 but can't access internet? What does the ipconfig /all show when connected to ether5? What does output of tracert -d 1.1.1.1 show compared to when connected to ether2?

You didn't mention vlan 102, so does it work or not? If you connect to ether4 do you get ip address from ranges=192.168.102.10-192.168.102.254 but can't access internet? What does the ipconfig /all show when connected to ether4? What does output of tracert -d 1.1.1.1 show compared to when connected to ether2?
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

Re: HexS - VLAN config not working

Thu Oct 20, 2022 10:54 pm

You didn't mention vlan 102, so does it work or not?
Maybe a misunderstanding: By VLAN 101 to 103 I meant all of them (101, 102 and 103).

And yes, all the VLAN ports are providing the correct IP's / IP Range.

Here are the outputs you asked for:
PC on ether2: /ipconfig.:
Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : Desktop
   Primäres DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
Ethernet-Adapter Ethernet 2:
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection
   Physische Adresse . . . . . . . . : 18-C0-4D-07-57-DE
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::511f:f86b:dfbf:5d5d%8(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.88.252(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:43:23
   Lease läuft ab. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:53:22
   Standardgateway . . . . . . . . . : 192.168.88.1
   DHCP-Server . . . . . . . . . . . : 192.168.88.1
   DHCPv6-IAID . . . . . . . . . . . : 102285389
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-27-20-A8-C6-2C-56-DC-D6-A5-F5
   DNS-Server  . . . . . . . . . . . : 192.168.88.1
   NetBIOS über TCP/IP . . . . . . . : Aktiviert
PC on ether2: tracert -d 1.1.1.1.:
Routenverfolgung zu 1.1.1.1 über maximal 30 Hops

  1    <1 ms    <1 ms    <1 ms  192.168.88.1
  2    17 ms    15 ms    17 ms  10.10.10.2
  3     *        *        *     Zeitüberschreitung der Anforderung.
  4    16 ms    16 ms    15 ms  192.168.127.13
  5    16 ms    16 ms    16 ms  212.88.145.237
  6    17 ms    16 ms    17 ms  217.24.235.181
  7    17 ms    17 ms    17 ms  217.24.235.178
  8    17 ms    17 ms    17 ms  217.24.235.157
  9    24 ms    21 ms    21 ms  80.81.194.180
 10    23 ms    22 ms    26 ms  172.70.244.3
 11    21 ms    20 ms    20 ms  1.1.1.1
 
Ablaufverfolgung beendet.
PC on VLAN 101 (ether3): /ipconfig all.:
Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : DESKTOP-2
   Primäres DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein

Ethernet-Adapter Ethernet:
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Realtek PCIe GbE Family Controller
   Physische Adresse . . . . . . . . : 80-FA-5B-92-0D-C4
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::a8f7:22ee:e7e:e9d6%11(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.101.253(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.255
   Lease erhalten. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:43:52
   Lease läuft ab. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:58:49
   Standardgateway . . . . . . . . . :
   DHCP-Server . . . . . . . . . . . : 192.168.101.1
   DHCPv6-IAID . . . . . . . . . . . : 343997019
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-27-F7-CD-F6-80-FA-5B-92-0D-C4
   DNS-Server  . . . . . . . . . . . : 192.168.101.1
                                       212.88.138.1
                                       195.43.113.130
   NetBIOS über TCP/IP . . . . . . . : Aktiviert
PC on VLAN 101 (ether3): tracert -d 1.1.1.1.:
Routenverfolgung zu 1.1.1.1 über maximal 30 Hops

... Error Code 1231.

Ablaufverfolgung beendet.
.
(sorry for the german text, but I think the necessary informations are still understandable)
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 890
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: HexS - VLAN config not working  [SOLVED]

Thu Oct 20, 2022 11:38 pm

The working PC
   IPv4-Adresse  . . . . . . . . . . : 192.168.88.252(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:43:23
   Lease läuft ab. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:53:22
   Standardgateway . . . . . . . . . : 192.168.88.1
   DHCP-Server . . . . . . . . . . . : 192.168.88.1
The failing PC
   IPv4-Adresse  . . . . . . . . . . : 192.168.101.253(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.255
   Lease erhalten. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:43:52
   Lease läuft ab. . . . . . . . . . : Donnerstag, 20. Oktober 2022 21:58:49
   Standardgateway . . . . . . . . . :
   DHCP-Server . . . . . . . . . . . : 192.168.101.1
Note that there is no gateway address, and it should be 192.168.101.1 and the subnet mask is 255.255.255.255 instead of 255.255.255.0

From your config (knowing where to look from the output above)

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
add address=192.168.101.0/32 dns-server=192.168.101.1,195.43.113.130 gateway=192.168.101.1 netmask=24
add address=192.168.102.0/32 dns-server=192.168.102.1,195.43.113.130 gateway=192.168.102.1 netmask=24
add address=192.168.103.0/32 dns-server=192.168.103.1,195.43.113.130 gateway=192.168.103.1 netmask=24

Try changing addresses to have /24 instead of /32
 
Grolus
just joined
Topic Author
Posts: 14
Joined: Thu Sep 29, 2022 8:33 pm

Re: HexS - VLAN config not working

Fri Oct 21, 2022 12:06 am

That's it, thank you so much!

Actually the /32 was not visible in the UI configuration anymore, since the last parameter set the netmask=24.
But after removing the parameter and adding the /24 manually, if worked.

The day is saved ;).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: HexS - VLAN config not working

Wed Oct 26, 2022 1:03 am

Good catch buckeye!!

Who is online

Users browsing this forum: Bing [Bot], cddaraa, svh79 and 18 guests