The title already explain my problem. My main router (pfSense) is connected with my new Mikrotik CRS317, via VLAN's. I Always did expect that would not be any problem, but it is.
Situation is as follows:
- there are two VLAN's between pfSense and the CRS317. One for management. One for data.
- pfSense should be "the owner" of the VLAN's and is gateway for those VLAN's,
- the CRS317 should only
forward the VLAN's towards the indicated ports and
- in case of the MNGT-lan the CPU should be reachable via that management VLAN.
- mngt vlans is the default gateway for mngt, data vlan is the default gateway for data
That easy …... I thought.
However, the CRS317 assumes that it own's every VLAN and forces a (extra) gateway on that VLAN, of course that does not work!
What I want from the CRS is that:
- it is gateway (and DHCP-server) for local only
- that it just client
of incoming VLAN's (learing GW, address and DNS from the broadcasts)
I tried a lot to get that to work:
- Did add address ranges to IP addresses with as address “2” where “1” is the external gateway on pfSense
- Adding the address range to IP routes
- Tried using IP address “1” local and “remote” which is of course conflicting
- Adding default routes to the routing table (using separate routing table mark for management)
- Or, and that is IMHO the correct option(!), not at all defining addresses and routes, since that is responsibility of pfSense.
…. Only adding the default routes to the routing table.
Whatever none of these methods work. So please advice on this.