i am tesing vrf lite with wAP 60G device. I want to put the client into a "client" vrf that should not be able to access interfaces in the "main" vrf.
My routing table looks like the following: The strange thing is, that i am able to ping 192.168.88.3 from the client net 192.168.63.0/24.
I am using the following config:
Code: Select all
/interface bridge
add admin-mac=CC:2D:E0:6C:35:80 auto-mac=no comment=defconf name=bridge vlan-filtering=yes
add name=client
/interface w60g
set [ find ] disabled=no mode=station-bridge name=wlan60-1 ssid=MikroTik-6c3529
/interface vlan
add interface=bridge name=INET vlan-id=80
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.63.10-192.168.63.100
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=client name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=wlan60-1
add bridge=client frame-types=admit-only-untagged-and-priority-tagged interface=ether1
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=80
/ip address
add address=192.168.88.3/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.63.1/24 interface=client network=192.168.63.0
add address=10.10.10.248/28 interface=INET network=10.10.10.240
/ip dhcp-server network
add address=192.168.63.0/24 dns-server=8.8.8.8 gateway=192.168.63.1
/ip route
add distance=1 gateway=10.10.10.241 routing-mark=client
/ip route vrf
add interfaces=INET,client routing-mark=client
/system identity
set name=VRF-TEST
Thank you