Community discussions

MikroTik App
 
Bolo
just joined
Topic Author
Posts: 8
Joined: Tue Jan 17, 2023 10:31 pm

Studying VLANs - connectivity issue - what's wrong?

Fri Jan 27, 2023 2:00 pm

Hi there, I'm studying some networking and Mikrotik routeros. I'm a newbie, so please don't blame me.
Just as a try, I set a RB760 as a main router and a hAP ac lite as a switch with access point. I know it's not the best config, but I just wanted to learn a little about VLANs.
Now, port 5 of RB60 is carrying VLAN ids 20 and 30 (my trunk port). In hAP ac lite I have the trunk port and one port dedicated to each of the VLANs by using the switch chip.
If I connect a PC to either port 3 or 4 of the "hAP switch", PC gets correctly the Vlan IP, I can ping everything but if I open up the web browser, all the google services are very well reachable and reactive but I can't browse other websites or the connection works just from time to time. The connection icon in Windows says "internet present". Could you help me in understanding what's wrong in this first setup?
Thanks and regards

Here's the configuration of the RB760 (rOS 6.49.2)
/interface bridge
add dhcp-snooping=yes igmp-snooping=yes name=bridge234
/interface ethernet
set [ find default-name=ether1 ] comment=WAN-DCHP_client name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-br
set [ find default-name=ether3 ] name=ether3-br
set [ find default-name=ether4 ] name=ether4-br
set [ find default-name=ether5 ] name=ether5_VLAN_Trunk
/interface vlan
add interface=ether5_VLAN_Trunk name=vlan20 vlan-id=20
add interface=ether5_VLAN_Trunk name=vlan30 vlan-id=30
/interface list
add include=static name=BridgeIntList
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=bridgePool ranges=10.1.1.241-10.1.1.253
add name=dhcp_pool1 ranges=10.20.20.241-10.20.20.253
add name=dhcp_pool2 ranges=10.30.30.241-10.30.30.253
/ip dhcp-server
add address-pool=bridgePool disabled=no interface=bridge234 lease-time=1d name=\
    dhcp_s_bridge
add address-pool=dhcp_pool1 disabled=no interface=vlan20 lease-time=1d name=\
    dhcp1
add address-pool=dhcp_pool2 disabled=no interface=vlan30 lease-time=1d name=\
    dhcp2
/interface bridge port
add bridge=bridge234 interface=ether2-br
add bridge=bridge234 interface=ether3-br
add bridge=bridge234 interface=ether4-br
/interface list member
add interface=ether2-br list=BridgeIntList
add interface=ether3-br list=BridgeIntList
add interface=ether4-br list=BridgeIntList
/ip address
add address=10.1.1.254/28 interface=bridge234 network=10.1.1.240
add address=10.20.20.254/28 interface=vlan20 network=10.20.20.240
add address=10.30.30.254/28 interface=vlan30 network=10.30.30.240
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ip dhcp-server network
add address=10.1.1.240/28 dns-server=8.8.8.8 gateway=10.1.1.254
add address=10.20.20.240/28 dns-server=192.168.1.220,8.8.8.8 gateway=\
    10.20.20.254
add address=10.30.30.240/28 dns-server=192.168.1.220,8.8.8.8 gateway=\
    10.30.30.254
/ip firewall nat
add action=masquerade chain=srcnat to-addresses=192.168.1.149
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=hEX-BLACK
Here's the configuration of hAP
# jan/02/1970 00:46:13 by RouterOS 6.49.7
# software id = GR8W-HM0T
#
# model = RB941-2nD
# serial number = D0550D2B15C1
/interface bridge
add dhcp-snooping=yes igmp-snooping=yes name=bridgeVLAN
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] comment="Winbox Safe"
set [ find default-name=ether2 ] name=ether2-Trunk
set [ find default-name=ether3 ] name=ether3VLAN20
set [ find default-name=ether4 ] name=ether4VLAN30
/interface ethernet switch port
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
/interface list
add include=static name=Winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeVLAN interface=ether2-Trunk
add bridge=bridgeVLAN interface=ether3VLAN20
add bridge=bridgeVLAN interface=ether4VLAN30
add bridge=bridgeVLAN interface=wlan1
/interface ethernet switch vlan
add ports=ether2-Trunk,ether3VLAN20 switch=switch1 vlan-id=20
add ports=ether2-Trunk,ether4VLAN30 switch=switch1 vlan-id=30
/interface list member
add interface=ether1 list=Winbox
/system identity
set name=hAP-WHITE
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Studying VLANs - connectivity issue - what's wrong?

Fri Jan 27, 2023 6:08 pm

The src-nat rule looks very odd. I suggest you to replace it with this one:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN

Also verify that DNS server address 192.168.1.220, present in DHCP server config, is correct.

Who is online

Users browsing this forum: Ahrefs [Bot], maciejl and 78 guests