- ether1 is a DHCP client of the ISP modem
- ether2 is connected to a TP-Link Deco mesh for LAN devices, phone, laptop, etc...
- ether3 is connected to a proxmox server with a single NIC that will host 3 VLANs, management interface of proxmox, lab vlan and dmz vlan
- All networks should have internet access
- Only Lab network has access to DMZ, DMZ cannot get in to Lab nor LAN
- Only LAN network has access to Lab, LAB cannot get in to LAN
If not, what would be the recommended way to gain VLAN separation for my proxmox hypervisor while using just 1 hEX router for this use case?
I've been playing with multiple configurations and I can't get in to any of my proxmox VLANs, hence the question if this design is even feasible/possible?
For simplicity, isolation, and easier troubleshooting, I only used ether3 to connect to a proxmox hypervisor with an IP of 192.168.68.10 (vlan99), my laptop with an IP of 192.168.68.254 (untagged) c/o mikrotic DHCP. From the config below, ping doesn't work from either the proxmox hypervisor nor my laptop
Code: Select all
# jan/02/1970 00:12:33 by RouterOS 7.8
# software id = 8GAA-890C
#
# model = RB750Gr3
# serial number = HDJ08PDPNZ1
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=mgmt vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=bridge1 ranges=192.168.68.100-192.168.68.254
/ip dhcp-server
add address-pool=bridge1 interface=bridge1 name=bridge_dhcp
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether5 pvid=99
/interface bridge vlan
add bridge=bridge1 tagged=ether3,bridge1 untagged=ether5 vlan-ids=99
/ip address
add address=192.168.68.1/24 interface=bridge1 network=192.168.68.0
add address=192.168.68.1/24 interface=mgmt network=192.168.68.0