Community discussions

MikroTik App
 
MarCDIT
just joined
Topic Author
Posts: 1
Joined: Sat Feb 25, 2023 4:35 pm

RB2011UiAS-RM AND CSS326-24G-2S+RM - VLAN access problem

Sun Feb 26, 2023 1:48 am

Hello everyone,

I'm stuck configuring these devices with VLAN access.
I would be grateful if you could direct me where I am wrong in the configuration.

I have a simple architecture - three client VLANs + MGMT VLAN,
Schemat-Core.png
My config VLANS an VLAN menu of CSS326:
VLANs.png
vlan.png
My Router config:
# jan/02/1970 01:10:50 by RouterOS 7.7
# software id = M4MX-3Q36
#
# model = RB2011UiAS
# serial number = HDH08WWRHPT
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes igmp-snooping=yes \
    ingress-filtering=no name=bridge1 pvid=99 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface vlan
add interface=bridge1 name=VLAN_GOSC vlan-id=200
add interface=bridge1 name=VLAN_KONF vlan-id=100
add interface=bridge1 name=VLAN_MGMT vlan-id=99
add interface=bridge1 name=VLAN_USERS vlan-id=10
/interface ethernet switch port
set 3 default-vlan-id=99 vlan-mode=secure
set 4 default-vlan-id=99 vlan-mode=secure
set 5 default-vlan-id=99 vlan-mode=secure
set 11 vlan-mode=secure
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.0.50-192.168.0.254
add name=dhcp-konf ranges=192.168.100.20-192.168.100.200
add name=dhcp-mgmt ranges=192.168.99.20-192.168.99.40
add name=dhcp-gosc ranges=192.168.200.20-192.168.200.220
/ip dhcp-server
add add-arp=yes address-pool=dhcp always-broadcast=yes interface=VLAN_USERS \
    lease-time=1w name=server0
add add-arp=yes address-pool=dhcp-gosc always-broadcast=yes interface=\
    VLAN_GOSC lease-time=1d name=dhcp-gosc
add add-arp=yes address-pool=dhcp-konf conflict-detection=no interface=\
    VLAN_KONF lease-time=5d name=dhcp-konf use-framed-as-classless=no
add add-arp=yes address-pool=dhcp-mgmt always-broadcast=yes interface=bridge1 \
    lease-time=5d name=dhcp-mgmt
/routing table
add fib name=WAN1
add fib name=WAN2
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether3 pvid=99
add bridge=bridge1 ingress-filtering=no interface=ether4 pvid=99
add bridge=bridge1 ingress-filtering=no interface=ether5 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=99
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=100
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=200
add bridge=bridge1 tagged=ether3,ether4,ether5 vlan-ids=10
/interface ethernet switch vlan
add independent-learning=yes ports=ether3,ether4,ether5,switch1-cpu switch=\
    switch1 vlan-id=100
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
    switch1 vlan-id=99
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
    switch1 vlan-id=10
add independent-learning=no ports=ether3,ether4,ether5,switch1-cpu switch=\
    switch1 vlan-id=200
/ip address
add address=192.168.0.1/24 interface=VLAN_USERS network=192.168.0.0
add address=192.168.99.1/24 interface=bridge1 network=192.168.99.0
add address=192.168.100.1/24 interface=VLAN_KONF network=192.168.100.0
add address=192.168.200.1/24 interface=VLAN_GOSC network=192.168.200.0
The problem is that the DHCP server only works for the MGMT network.
After connecting the MGMT STATION to Port 23 switch I have access to the router (on IP 192.168.99.1) and I have IMCP to 192.168.99.1.
But if I connect the computer to any other access port (e.g. to VLAN 10) to the switch - the computer does not get the DHCP address and the IMCP to the VLAN interface does not work (e.g. in VLAN10 - 192.168.0.1) - even if I assign the station address manually.
I also noticed that the only packet traffic I have is only on VLAN-MGMT other VLANS do not generate traffic(!).
interfaces.png
Also when I connect two computers to access ports in this same VLAN, I can't ping them one from other.

Regards
MS
You do not have the required permissions to view the files attached to this post.
 
un9edsda
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sun Mar 15, 2020 11:11 pm

Re: RB2011UiAS-RM AND CSS326-24G-2S+RM - VLAN access problem

Tue Mar 14, 2023 12:47 pm

Have a look at post #3 in the Bad performance (slow) of RB2011UAS-2HnD topic, than continue in the Layer2 misconfiguration section of the documentation.

Who is online

Users browsing this forum: Amazon [Bot], raiod and 80 guests