Answer the question
In order to leave comments, you need to log in
R
R
Ruslan Egorov2015-12-03 17:52:01
Ruslan Egorov, 2015-12-03 17:52:01
How to set up routing between two VLANs on one Mikrotik?
The task is very voluminous - to divide all departments at several remote objects into several VLANs and configure routing between them.
I never worked and did not raise VLAN, I used a wide mask /12 I
started designing and decided to test two VLANs on one Mikrotik RB2011UiAS, and then misunderstandings began.
This Mikrotik is working and serves as a gateway for two subnets and with a tuned tunnel, I decided to configure a free port for two VLANs and connected to VMWare ESXi 6 a server on which one physical port was divided into two VLANs with the corresponding id, as shown in the diagram: 
Settings on VMWare itself ESXi: 
Mikrotik configuration:
interface:
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU M
0 R ;;; WAN IP
eth1-WAN ether 1500 1598
1 R ;;; LOCAL AREA
eth2-LOCAL ether 1500 1598
2 eth3 ether 1500 1598
3 eth4 ether 1500 1598
4 eth5 ether 1500 1598
5 eth6 ether 1500 1598
6 RS ;;; VLAN (100,69)
eth7-LOCAL-VLANs ether 1500 1598
7 eth8 ether 1500 1598
8 eth9 ether 1500 1598
9 eth10 ether 1500 1598
10 sfp1 ether 1500 1598
11 R BRIDGE-VLAN bridge 1500 1598
12 R VLAN69 vlan 1500 1594
13 R VLAN100 vlan 1500 1594
14 R gre-tunnel1 gre-tunnel 1476 65535interface vlan:
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R VLAN69 1500 enabled 69 BRIDGE-VLAN
1 R VLAN100 1500 enabled 100 BRIDGE-VLANinterface bridge:
Flags: X - disabled, R - running
0 R name="BRIDGE-VLAN" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled
mac-address=4C:5E:0C:6F:BC:4B protocol-mode=rstp priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5minterface bridge port:
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I eth2-LOCAL *14 0x80 10 none
1 I eth1-WAN *14 0x80 10 none
2 eth7-LOCAL-VLANs BRIDGE-VLAN 0x80 10 noneip address:
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 x.x.x.x/20 x.x.x.0 eth1-WAN
1 x.x.x.x/12 x.x.0.0 eth2-LOCAL
2 x.x.x.x/30 x.x.x.0 gre-tunnel1
3 192.168.100.1/24 192.168.100.0 VLAN100
4 192.168.69.1/24 192.168.69.0 VLAN69ip dhcp-server:
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 DHCP VLAN100 VLAN100 POOL VLAN100 3d
1 DHCP VLAN69 VLAN69 POOL VLAN69 3dippool:
# NAME RANGES
0 POOL VLAN100 192.168.100.100-192.168.100.200
1 POOL VLAN69 192.168.69.100-192.168.69.200ip routes:
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 x.x.x.x 1
1 ADC x.x.x.0/20 x.x.x.x eth1-WAN 0
2 ADC x.x.0.0/12 x.x.x.x eth2-LOCAL 0
3 ADC x.x.x.0/30 x.x.x.x gre-tunnel1 0
4 ADC 192.168.69.0/24 192.168.69.1 VLAN69 0
5 ADC 192.168.100.0/24 192.168.100.1 VLAN100 0
6 A S x.x.x.0/20 x.x.x.x 1Everything seems to be working. OS1 and OS2 received according to their VLAN ip addresses via DHCP, there is Internet access, but they do not ping each other.
I understand that it is necessary to configure a rule in the ip firewall nat, but no matter what I do, it still does not ping, I read quite a few manuals.
Please tell me where to look, or I was initially wrong !!!
PS: Thanks in advance! And do not judge strictly)))
3 answer(s)
@regorov
@regorov
V
Vladimir Zhurkin, 2015-12-03 @regorov
Painfully familiar rake.
> Everything seems to be working. OS1 and OS2 received according to their VLAN ip addresses via DHCP, there is Internet access, but they do not ping each other.
The feeling that the packets are dropping, as they are considered not for this network.
If the response to the current packet cannot leave through the same interface (when
it arrives through one interface and leaves through another), the packet is filtered out.
See if there is ip_forward,
rp_filter
wiki.mikrotik.com/wiki/Manual:IP/Settings
I would try sniffing the packets and see what is happening and where the plug is.
R
Ruslan Egorov, 2015-12-04 @regorov
The answer, as it turned out, is simple to disgrace)))
On OS 2 is Win 10, on OS 1 is WinSrvStd2k12r2 - they had the firewall turned on by default, thus pings did not pass. Turning off the firewall, the pings went.
I confess, I repeat, for the first time I configure VLAN and did not expect this.
Similar questions
I
A
A
S
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question