Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RB5009UG+S Configration Issues with VLANS

Post Reply
 
nichols430
just joined
Topic Author
Posts: 10
Joined: Thu Mar 03, 2016 7:54 pm

RB5009UG+S Configration Issues with VLANS

Thu Jan 20, 2022 2:23 pm

I am having some sort of issues not figuring out exactly where I went wrong with this config. I had an edgerouter fail, decided to switch to MikroTik, got ahold of a RB5009UG and read a ton of sites, trying to get this nailed down. I have 4 VLANS for the network, and a default vlan of 1 for the management. The management part is the unifi stuff, one day I'll get around to moving that to something other than default. Dont plan on keeping them around. I cannot for the the life of me get this configuration to work correctly.

VLAN10, VLAN40, VLAN1 are private networks, VLAN30 and 20 are Public/IOT. The DHCP, DNS,etc is handled by a server that is connected to the coreswitch. Its setup as microsoft windows server, running a NIC teaming setup, so each VLAN has virtual nic on that one port. I dont want the private to see the public vlans. I know im doing something stupid. The coreswitch worked under the edgerouter. The odd thing which is for another day on the core switch,I tried to do the upgrade to the 7.1.1 and it broke just about everything on that switch, so I went back to the OS6.



Code: Select all
# jan/20/2022 06:09:46 by RouterOS 7.1.1
# software id = ASGE-BEY4
#
# model = RB5009UG+S+
# serial number = EC1A0E09B217
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-half,1000M-full,2500M-full \
    rx-flow-control=auto speed=1Gbps tx-flow-control=auto
/interface vlan
add interface=sfp-sfpplus1 name=Corp vlan-id=10
add interface=sfp-sfpplus1 name=Guest vlan-id=20
add interface=sfp-sfpplus1 name=Mech vlan-id=30
add interface=sfp-sfpplus1 name=Sound vlan-id=40
/interface list
add name=WAN
add name=Priv
add name=Public
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=ether1 list=WAN
add interface=Corp list=Priv
add interface=Guest list=Public
add interface=Mech list=Public
add interface=Sound list=Priv
add interface=sfp-sfpplus1 list=Priv
/ip address
add address=10.10.50.1/24 interface=sfp-sfpplus1 network=10.10.50.0
add address=xxx.xxx.xxx.xxx/26 interface=ether1 network=xxx.xxx.xxx.xxx
add address=10.10.10.1/24 interface=Corp network=10.10.10.0
add address=192.168.20.1/24 interface=Guest network=192.168.20.0
add address=10.10.30.1/24 interface=Mech network=10.10.30.0
add address=10.10.40.1/24 interface=Sound network=10.10.40.0
/ip dns
set servers=10.10.10.10

/ip firewall filter
add action=accept chain=input comment="Allow Estab&Related" connection-state=\
    established,related
add action=accept chain=input comment="Allow Priv Full Access" \
    in-interface-list=Priv
add action=drop chain=input comment=Drop
add action=accept chain=forward comment="Allow estab & related" \
    connection-state=established,related
add action=accept chain=forward comment="Public Internet Access Only" \
    connection-state=new in-interface-list=Public out-interface-list=WAN
add action=accept chain=forward comment="VLAN inter-VLAN routing" \
    connection-state=new in-interface-list=Priv
add action=drop chain=forward comment=Drop
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add gateway=xxx.xxx.xxx.xxx
/system clock
set time-zone-name=America/Chicago
/system identity
set name=CoreRouter
/system routerboard settings
set cpu-frequency=auto
Code: Select all
# jan/20/2022 06:10:27 by RouterOS 6.49.2
# software id = 9DYC-9G3A
#
# model = CRS326-24S+2Q+
# serial number = D84F0C8135CC
/interface bridge
add frame-types=admit-only-untagged-and-priority-tagged name=Trunking \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus11 ] l2mtu=1592 name=HUMC_NVR speed=10Gbps
set [ find default-name=sfp-sfpplus17 ] auto-negotiation=no l2mtu=1592 name=\
    humc_srv_p1 speed=10Gbps
set [ find default-name=sfp-sfpplus18 ] auto-negotiation=no l2mtu=1592 name=\
    humc_srv_p2 speed=10Gbps
set [ find default-name=qsfpplus1-3 ] auto-negotiation=no l2mtu=1592 speed=\
    10Gbps
set [ find default-name=qsfpplus1-4 ] l2mtu=1592 speed=25Gbps
set [ find default-name=qsfpplus2-1 ] disabled=yes l2mtu=1592 speed=25Gbps
set [ find default-name=qsfpplus2-2 ] disabled=yes l2mtu=1592 speed=25Gbps
set [ find default-name=qsfpplus2-3 ] disabled=yes l2mtu=1592 speed=25Gbps
set [ find default-name=qsfpplus2-4 ] l2mtu=1592 speed=25Gbps
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592 name=router_p1
set [ find default-name=sfp-sfpplus2 ] l2mtu=1592 name=router_p2
set [ find default-name=sfp-sfpplus16 ] l2mtu=1592 name=sfp16
set [ find default-name=sfp-sfpplus10 ] l2mtu=1592 name=tr_aw_sw01_p1
set [ find default-name=sfp-sfpplus9 ] l2mtu=1592 name=tr_aw_sw01_p2
set [ find default-name=sfp-sfpplus5 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw02_p1
set [ find default-name=sfp-sfpplus6 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw02_p2
set [ find default-name=sfp-sfpplus8 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw03_p1 speed=10Gbps
set [ find default-name=sfp-sfpplus7 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw03_p2 speed=10Gbps
set [ find default-name=qsfpplus1-1 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw04_p1 speed=10Gbps
set [ find default-name=qsfpplus1-2 ] auto-negotiation=no l2mtu=1592 name=\
    tr_aw_sw04_p2 speed=10Gbps
set [ find default-name=sfp-sfpplus12 ] l2mtu=1592 name=tr_cw_sw01_p1
set [ find default-name=sfp-sfpplus13 ] l2mtu=1592 name=tr_cw_sw01_p2 speed=\
    10Gbps
set [ find default-name=sfp-sfpplus14 ] l2mtu=1592 name=tr_cw_sw02_p1
set [ find default-name=sfp-sfpplus15 ] l2mtu=1592 name=tr_cw_sw02_p2
set [ find default-name=sfp-sfpplus19 ] l2mtu=1592 name=tr_cw_sw03_p1
set [ find default-name=sfp-sfpplus20 ] l2mtu=1592 name=tr_cw_sw03_p2
set [ find default-name=sfp-sfpplus21 ] l2mtu=1592 name=tr_tnr_sw01_p1
set [ find default-name=sfp-sfpplus22 ] l2mtu=1592 name=tr_tnr_sw01_p2
set [ find default-name=sfp-sfpplus23 ] l2mtu=1592 name=tr_tnr_sw02_p1
set [ find default-name=sfp-sfpplus24 ] l2mtu=1592 name=tr_tnr_sw02_p2
set [ find default-name=sfp-sfpplus3 ] l2mtu=1592 name=tr_tnr_sw03_p1
set [ find default-name=sfp-sfpplus4 ] l2mtu=1592 name=tr_tnr_sw03_p2
/interface bonding
add mode=802.3ad name=HUMC_Srv slaves=humc_srv_p1,humc_srv_p2
add mode=802.3ad name=tr_aw_sw01 slaves=tr_aw_sw01_p1,tr_aw_sw01_p2 \
    transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=tr_aw_sw02 slaves=tr_aw_sw02_p1,tr_aw_sw02_p2 \
    transmit-hash-policy=layer-2-and-3
add mode=802.3ad name=tr_aw_sw03 slaves=tr_aw_sw03_p1,tr_aw_sw03_p2
add mode=802.3ad name=tr_aw_sw04 slaves=tr_aw_sw04_p1,tr_aw_sw04_p2
add mode=802.3ad name=tr_cw_sw01 slaves=tr_cw_sw01_p1,tr_cw_sw01_p2
add mode=802.3ad name=tr_cw_sw02 slaves=tr_cw_sw02_p1,tr_cw_sw02_p2
add mode=802.3ad name=tr_cw_sw03 slaves=tr_cw_sw03_p1,tr_cw_sw03_p2
add mode=802.3ad name=tr_tnr_sw01 slaves=tr_tnr_sw01_p1,tr_tnr_sw01_p2
add mode=802.3ad name=tr_tnr_sw02 slaves=tr_tnr_sw02_p1,tr_tnr_sw02_p2
add mode=802.3ad name=tr_tnr_sw03 slaves=tr_tnr_sw03_p1,tr_tnr_sw03_p2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/snmp community
set [ find default=yes ] disabled=yes
add addresses=::/0 name=HUMC
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=Trunking interface=tr_aw_sw02
add bridge=Trunking interface=tr_aw_sw03
add bridge=Trunking interface=tr_aw_sw01
add bridge=Trunking interface=tr_cw_sw01
add bridge=Trunking interface=tr_cw_sw02
add bridge=Trunking interface=tr_cw_sw03
add bridge=Trunking interface=tr_tnr_sw01
add bridge=Trunking interface=tr_tnr_sw02
add bridge=Trunking interface=tr_tnr_sw03
add bridge=Trunking interface=HUMC_NVR
add bridge=Trunking interface=tr_aw_sw04
add bridge=Trunking interface=qsfpplus1-3 pvid=10
add bridge=Trunking interface=qsfpplus1-4
add bridge=Trunking interface=qsfpplus2-4
add bridge=Trunking interface=router_p1
add bridge=Trunking interface=HUMC_Srv
/ip neighbor discovery-settings
set discover-interface-list=all lldp-med-net-policy-vlan=1
/interface bridge vlan
add bridge=Trunking tagged="HUMC_Srv,tr_aw_sw02,tr_aw_sw03,tr_aw_sw01,tr_cw_sw\
    01,tr_cw_sw02,tr_cw_sw03,tr_tnr_sw01,tr_tnr_sw02,tr_tnr_sw03,tr_aw_sw04,ro\
    uter_p1" untagged=qsfpplus1-3 vlan-ids=10
add bridge=Trunking tagged="HUMC_Srv,tr_aw_sw02,tr_aw_sw03,tr_aw_sw01,tr_cw_sw\
    01,tr_cw_sw02,tr_cw_sw03,tr_tnr_sw01,tr_tnr_sw02,tr_tnr_sw03,tr_aw_sw04,ro\
    uter_p1" vlan-ids=20
add bridge=Trunking tagged="HUMC_Srv,tr_aw_sw02,tr_aw_sw03,tr_aw_sw01,tr_cw_sw\
    01,tr_cw_sw02,tr_cw_sw03,tr_tnr_sw01,tr_tnr_sw02,tr_tnr_sw03,tr_aw_sw04,ro\
    uter_p1" vlan-ids=30
add bridge=Trunking tagged="HUMC_Srv,tr_aw_sw02,tr_aw_sw03,tr_aw_sw01,tr_cw_sw\
    01,tr_cw_sw02,tr_cw_sw03,tr_tnr_sw01,tr_tnr_sw02,tr_tnr_sw03,tr_aw_sw04,ro\
    uter_p1" vlan-ids=40
add bridge=Trunking vlan-ids=1
/ip address
add address=10.10.50.2/24 interface=Trunking network=10.10.50.0
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=10.10.50.1
/snmp
set enabled=yes trap-community=HUMC trap-generators=\
    temp-exception,interfaces,start-trap trap-version=2
/system clock
set time-zone-name=America/Chicago
/system identity
set name=CoreSwitch
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=static allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,\
    p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27\
    ,p28,p29,p30,p31,p32" identity=MikroTik static-ip-address=10.10.50.2
Top
Post Reply

Who is online

Users browsing this forum: baragoon and 59 guests
  4. RouterOS
  5. Beginner Basics