I'm stuck configuring these devices with VLAN access.
I would be grateful if you could direct me where I am wrong in the configuration.
I have a simple architecture - three client VLANs + MGMT VLAN,
My config VLANS an VLAN menu of CSS326: My Router config:
Code: Select all
# jan/02/1970 01:10:50 by RouterOS 7.7
# software id = M4MX-3Q36
#
# model = RB2011UiAS
# serial number = HDH08WWRHPT
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes igmp-snooping=yes \
ingress-filtering=no name=bridge1 pvid=99 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface vlan
add interface=bridge1 name=VLAN_GOSC vlan-id=200
add interface=bridge1 name=VLAN_KONF vlan-id=100
add interface=bridge1 name=VLAN_MGMT vlan-id=99
add interface=bridge1 name=VLAN_USERS vlan-id=10
/interface ethernet switch port
set 3 default-vlan-id=99 vlan-mode=secure
set 4 default-vlan-id=99 vlan-mode=secure
set 5 default-vlan-id=99 vlan-mode=secure
set 11 vlan-mode=secure
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.0.50-192.168.0.254
add name=dhcp-konf ranges=192.168.100.20-192.168.100.200
add name=dhcp-mgmt ranges=192.168.99.20-192.168.99.40
add name=dhcp-gosc ranges=192.168.200.20-192.168.200.220
/ip dhcp-server
add add-arp=yes address-pool=dhcp always-broadcast=yes interface=VLAN_USERS \
lease-time=1w name=server0
add add-arp=yes address-pool=dhcp-gosc always-broadcast=yes interface=\
VLAN_GOSC lease-time=1d name=dhcp-gosc
add add-arp=yes address-pool=dhcp-konf conflict-detection=no interface=\
VLAN_KONF lease-time=5d name=dhcp-konf use-framed-as-classless=no
add add-arp=yes address-pool=dhcp-mgmt always-broadcast=yes interface=bridge1 \
lease-time=5d name=dhcp-mgmt
/routing table
add fib name=WAN1
add fib name=WAN2
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether3 pvid=99
add bridge=bridge1 ingress-filtering=no interface=ether4 pvid=99
add bridge=bridge1 ingress-filtering=no interface=ether5 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=99
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=100
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=200
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=10
/interface ethernet switch vlan
add independent-learning=yes ports=ether3,ether4,ether5,switch1-cpu switch=\
switch1 vlan-id=100
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
switch1 vlan-id=99
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
switch1 vlan-id=10
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
switch1 vlan-id=200
/ip address
add address=192.168.0.1/24 interface=VLAN_USERS network=192.168.0.0
add address=192.168.99.1/24 interface=bridge1 network=192.168.99.0
add address=192.168.100.1/24 interface=VLAN_KONF network=192.168.100.0
add address=192.168.200.1/24 interface=VLAN_GOSC network=192.168.200.0
After connecting the MGMT STATION to Port 23 switch I have access to the router (on IP 192.168.99.1) and I have IMCP to 192.168.99.1.
But if I connect the computer to any other access port (e.g. to VLAN 10) to the switch - the computer does not get the DHCP address and the IMCP to the VLAN interface does not work (e.g. in VLAN10 - 192.168.0.1) - even if I assign the station address manually.
I also noticed that the only packet traffic I have is only on VLAN-MGMT other VLANS do not generate traffic(!).
Also when I connect two computers to access ports in this same VLAN, I can't ping them one from other.
Regards
MS