I roughly followed https://administrator.de/tutorial/mikro ... 67186.html to setup the hEX and https://help.mikrotik.com/docs/display/ ... +switching to setup the CRS. However, I configured the hEX to NAT on the WAN port and of course I used my own VLAN IDs. Attaching my client to ether4 I receive DHCP and can access the internet hopefully via "clients-trusted-vlan". Next step, was to set up a trunk connection in between the hEX and the CRS. To me it looks sufficiently similar to the tutorials, but if I try to ping the hEX from the CRS I get "host unreachable".
I have no idea to further troubleshoot the matter. What am I missing?
Update: Using the setup for the hEX made ether2 another tagged port and connected it to a linux server, where I let the kernel sort out the VLAN. It works perfectly, so I assume that the set-up of the hEX ist fine. I also found this https://wiki.mikrotik.com/wiki/Manual:C ... s_ports.29 tutorial, but still I cannot ping in between the two switches.
This is the relevant part of the hEX configuration:
Code: Select all
/interface bridge
add name=vlan-bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether5 ] name=Trunk-eth5
set [ find default-name=ether1 ] name=WAN-eth1
/interface vlan
add interface=vlan-bridge name=admin-vlan vlan-id=110
add interface=vlan-bridge name=clients-trusted-vlan vlan-id=131
add interface=vlan-bridge name=services-vlan vlan-id=115
add interface=vlan-bridge name=vlan1 vlan-id=1
/interface bridge port
add bridge=vlan-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=131
add bridge=vlan-bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=110
add bridge=vlan-bridge interface=Trunk-eth5
/interface bridge vlan
add bridge=vlan-bridge tagged=vlan-bridge vlan-ids=1
add bridge=vlan-bridge tagged=vlan-bridge,Trunk-eth5 untagged=ether4 vlan-ids=131
add bridge=vlan-bridge tagged=vlan-bridge,Trunk-eth5 vlan-ids=110
add bridge=vlan-bridge tagged=vlan-bridge,Trunk-eth5 vlan-ids=115
/ip address
add address=172.18.1.1/24 interface=admin-vlan network=172.18.1.0
add address=172.18.32.1/24 interface=clients-trusted-vlan network=172.18.32.0
add address=172.18.16.1/24 interface=services-vlan network=172.18.16.0
Code: Select all
/interface bridge add name=vlan-bridge vlan-filtering=yes
/interface vlan
add interface=vlan-bridge name=admin-vlan vlan-id=110
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether9
/interface bridge port
add bridge=vlan-bridge interface=ether1
add bridge=vlan-bridge interface=ether10
add bridge=vlan-bridge interface=ether9
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1 vlan-id=110
add tagged-ports=ether1 vlan-id=115
add tagged-ports=ether1 vlan-id=131
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=131 ports=ether9
/interface ethernet switch vlan
add ports=ether1,ether9 vlan-id=131
add ports=ether1,switch1-cpu vlan-id=110
/ip address
add address=172.18.1.2/24 interface=admin-vlan network=172.18.1.0