Community discussions

MikroTik App
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

vlan and ethernet in bridge not working

Fri Jun 24, 2016 10:45 pm

i have the following configuration
isp --- ether1[router]ether3---lan
i talked to my isp to give me 2 vlans, one for connecting to offices in other parts of the city and one for internet access.
each office has it's own public ip /26 class, and in the main office we have a /25 public class.
i tried to create a bridge between the vlan connecting the offices and ether3.
when i add the vlan to the bridge it works ok, when i add ether3 to the bridge i start getting timeout from computers connected to ether3.
when i add ether3 to the bridge i also add it's ip to the bridge interface.
anyone have some suggestions?
 
pohutukawa
newbie
Posts: 41
Joined: Mon Oct 03, 2011 6:55 am

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 11:11 am

i have the following configuration
isp --- ether1[router]ether3---lan
i talked to my isp to give me 2 vlans, one for connecting to offices in other parts of the city and one for internet access.
each office has it's own public ip /26 class, and in the main office we have a /25 public class.
i tried to create a bridge between the vlan connecting the offices and ether3.
when i add the vlan to the bridge it works ok, when i add ether3 to the bridge i start getting timeout from computers connected to ether3.
when i add ether3 to the bridge i also add it's ip to the bridge interface.
anyone have some suggestions?
Not sure if I can help but…
1. Could you post some config. (if you have any) so far?
2. Are your external IP addresses (fixed) established via DHCP or PPPoE?
3. This sounds like a similar problem I had to do with NAT rules.
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 1:26 pm

Post your export

Sent from my XT1575 using Tapatalk
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 2:17 pm

# jun/25/2016 13:55:08 by RouterOS 6.33.3
# software id = IYGK-CLSI
#
/interface bridge
add name=bridge1
/interface vlan
add interface=ether1 name=vlan1 vlan-id=106
add interface=ether1 name=vlan2 vlan-id=114
/ip pool
add name=pool1 ranges=192.168.4.2-192.168.5.254
/ip dhcp-server
# DHCP server can not run on slave interface!
add address-pool=pool1 disabled=no interface=ether3 lease-time=3d name=\
    server1
/routing bgp instance
add as=65524 client-to-client-reflection=no name=bgp1 router-id=a.b.c.129
/interface bridge port
add bridge=bridge1 interface=vlan2
add bridge=bridge1 interface=ether3
/ip address
add address=x.y.z.1/25 interface=bridge1 network=x.y.z.0
add address=a.b.c.130/29 interface=vlan1 network=a.b.c.128
add address=192.168.0.1/29 interface=bridge1 network=192.168.0.0
/ip firewall nat
add action=masquerade chain=srcnat comment="nat pentru servere" src-address=\
    192.168.0.0/29
/ip route
add check-gateway=ping distance=21 gateway=a.b.c.129 routing-mark=\
    default-route
add check-gateway=ping distance=1 gateway=a.b.c.129
add distance=1 dst-address=x.y.z.128/26 gateway=192.168.0.3
add distance=1 dst-address=x.y.z.192/26 gateway=192.168.0.2
/ip route rule
add dst-address=a.b.c.128/29 table=main
add dst-address=192.168.0.0/29 table=main
add dst-address=x.y.z.0/24 table=main
add dst-address=x.y.z.0/24 src-address=x.y.z.0/24 table=main
add src-address=x.y.z.0/24 table=man-routes
add src-address=x.y.z.0/24 table=default-route
/routing bgp peer
add in-filter=peer-in instance=bgp1 name=peer1 remote-address=a.b.c.129 \
    remote-as=xxxxx ttl=default
/routing filter
add action=accept chain=peer-in prefix=0.0.0.0/0 set-routing-mark=\
    default-route
add action=accept chain=peer-in set-routing-mark=man-routes

a.b.c.129 is my isp gateway
x.y.z.129 is office1 public address, office1 asigns public addresses from x.y.z.130-x.y.z.190
x.y.z.192 is office2 public address, office2 asigns public addresses from x.y.z.193-x.y.z.254
x.y.z.1 is main-office public address, main-office assigns public addresses from x.y.z.2-x.y.z.126

a traceroute from a computer in main office to a computer in office2 (before adding vlan2 and ether3 to bridge1) looks like this:

  1    <1 ms    <1 ms    <1 ms  x.y.z.1
  2     1 ms     1 ms     1 ms  192.168.0.2
  3     1 ms     1 ms     1 ms  x.y.z.194

Trace complete.

a traceroute from a computer in main office to office2 public ip (before adding vlan2 and ether3 to bridge1) looks like this:

  1    <1 ms    <1 ms    <1 ms  x.y.z.1
  2     1 ms    <1 ms    <1 ms  x.y.z.193

Trace complete.
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 3:12 pm

I'm slightly confused... why do you have both a public and private address on bridge1?  Also that masq rule is odd.... it doesn't have an interface?

Can you diagram what your trying to do?
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 4:08 pm

i use 192.168.0.0/29 for internal routing
both routers in office1 and office2 get their time from the internet so i need to nat their ip's.

diagram
http://creately.com/diagram/example/ipv66ga41/none
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 7:18 pm

I'll try to look at it in a bit.  Should be able to get it to work... 
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jun 25, 2016 7:20 pm

Which routers need to be configured... and where do you need NAT to be working on?
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: vlan and ethernet in bridge not working

Sun Jun 26, 2016 12:19 am

Main-office is the router where the problem is. I disabled the nat rule, the behaviour is the same.
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: vlan and ethernet in bridge not working

Tue Jun 28, 2016 11:02 am

efaden, did you get it to work?
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Wed Jun 29, 2016 12:11 am

I was looking at it again last night... I suppose I am still confused....

So you have three networks... I'm confused what is "inside/lan" and what is outside... where does NAT take place.  What networks need to see each other.  What is the configuration on the Remote boxes?
 
deejayq
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: vlan and ethernet in bridge not working

Fri Jul 01, 2016 12:36 pm

nat is only for office1 and office2 routers acces to the internet. as i said i disabled that rule, nothing changed.
at the moment office1 and office2 are connected to access ports of my isp, if i don't bridge vlan114 and lan on main-office router, everything works as expected.
what i noticed: if i add to bridge1 vlan114 and then add lan interface the internet stops working for the pc's connected to the lan interface.
if i add to bridge1 the lan interface and then add vlan114 the internet stops working for office1 pc's and office2 pc's. i didn't try it many times but i think it's a fact.
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jul 02, 2016 12:26 am

Post the configurations for all the routers.... I think I know what you want to do... I'll work on it when I have time.
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: vlan and ethernet in bridge not working

Sat Jul 02, 2016 2:53 am

Also... why are you using BGP?...  

-Eric

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot] and 29 guests