Answer the question
In order to leave comments, you need to log in
S
S
smokerxf2017-01-10 23:05:17
smokerxf, 2017-01-10 23:05:17
How to start vlanroute on Mikrotik CRS?
the task is to configure port-based VLANs and routing between them,
as I understand the process, there are two groups of ports on L2
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 ether01-master-sw-ext ether 1500 1588 4064 6C:3B:6B:87:37:91
1 S ether02 ether 1500 1588 4064 6C:3B:6B:87:37:92
2 S ether03 ether 1500 1588 4064 6C:3B:6B:87:37:93
3 S ether04 ether 1500 1588 4064 6C:3B:6B:87:37:94
4 R ether05-master-sw-int ether 1500 1588 4064 6C:3B:6B:87:37:95
5 S ether06 ether 1500 1588 4064 6C:3B:6B:87:37:96
6 S ether07 ether 1500 1588 4064 6C:3B:6B:87:37:97
7 S ether08 ether 1500 1588 4064 6C:3B:6B:87:37:98
8 S ether09 ether 1500 1588 4064 6C:3B:6B:87:37:99
9 S ether10 ether 1500 1588 4064 6C:3B:6B:87:37:9A
10 RS ether11 ether 1500 1588 4064 6C:3B:6B:87:37:9B
11 S ether12 ether 1500 1588 4064 6C:3B:6B:87:37:9C
12 S ether13 ether 1500 1588 4064 6C:3B:6B:87:37:9D
13 RS ether14 ether 1500 1588 4064 6C:3B:6B:87:37:9E
14 S ether15 ether 1500 1588 4064 6C:3B:6B:87:37:9F
15 S ether16 ether 1500 1588 4064 6C:3B:6B:87:37:A0
16 S ether17 ether 1500 1588 4064 6C:3B:6B:87:37:A1
17 S ether18 ether 1500 1588 4064 6C:3B:6B:87:37:A2
18 S ether19 ether 1500 1588 4064 6C:3B:6B:87:37:A3
19 S ether20 ether 1500 1588 4064 6C:3B:6B:87:37:A4
20 S ether21 ether 1500 1588 4064 6C:3B:6B:87:37:A5
21 S ether22 ether 1500 1588 4064 6C:3B:6B:87:37:A6
22 S ether23 ether 1500 1588 4064 6C:3B:6B:87:37:A7
23 RS ether24 ether 1500 1588 4064 6C:3B:6B:87:37:A8
24 XS sfp1 ether 1500 1588 4064 6C:3B:6B:87:37:A9
25 RS VLAN20 vlan 1500 1584 6C:3B:6B:87:37:95VLAN20: 13-14 access ports, switch1-cpu trunk in L3 to CPU where we will hang IP
/interface ethernet switch vlan> print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP
0 20 ether13 no yes no no none
ether14
switch1-cpu
1 D 4091 ether05-master-sw-int no yes no no none
ether06
ether07
ether08
ether09
ether10
ether11
ether12
ether13
ether14
ether15
ether16
ether17
ether18
ether19
ether20
ether21
ether22
ether23
ether24
switch1-cpu
2 D 4095 switch1-cpu no no no no nonemark switch1-cpu as a trunk
/interface ethernet switch egress-vlan-tag> pr
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID TAGGED-PORTS
0 20 switch1-cpu
1 D 4091
2 D 4095I tag incoming traffic on 13 and 14
/interface ethernet switch ingress-vlan-translation> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether13,ether14 service-vlan-format=any customer-vlan-format=any customer-vid=0 new-customer-vid=20 pcp-propagation=no sa-learning=yes
1 D ports=ether05-master-sw-int,ether06,ether07,ether08,ether09,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24 service-vlan-format=any
customer-vlan-format=any new-customer-vid=4091 pcp-propagation=no sa-learning=yes
2 D ports="" service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 pcp-propagation=no sa-learning=noremove tag from outgoing
/interface ethernet switch egress-vlan-translation> pr
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether13,ether14 service-vlan-format=any customer-vlan-format=any customer-vid=20 new-customer-vid=0 pcp-propagation=nocreate interface
/interface vlan> print
Flags: X - disabled, R - running, S - slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R VLAN20 1500 enabled 20 ether05-master-sw-intand post the address
/ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.0.1/24 192.168.0.0 ether05-master-sw-int
1 ххх.ххх.ххх.ххх/29 ххх.ххх.ххх.ххх ether01-master-sw-ext
2 172.22.20.1/24 172.22.20.0 VLAN20but "skis don't roll" ping from the client on the 14th 172.22.20.5 does not go to 172.22.20.1
where am I wrong?
1 answer(s)
@smokerxf
A
Alexander Romanov, 2017-01-11 @smokerxf
Describe which ports in which vlans you should have? If you just need two groups of ports - then just two master ports cope with this task, hang addresses on them - and you're done. Using more than one master port imposes some restrictions on the use of vlans. If you need a more flexible scheme with tagging, etc., then combine all ports into one switch ( /interface ethernet set [find default-name!=ether1] master-port=[/interface ethernet get [find default-name=ether1] name ]), then in switch-vlans on the first tab you define the membership of ports in vlans, on the second tab you define tagged ports (if not needed, then the switch-cpu port for routing), and on the ingress vlan translations tab you define untagged ports for your vlans. The Egress translations tab does not need to be turned on at all, it is meant for someone else. After these procedures in interfaces-vlan, create the vlans you need on the master port, assign ip-addresses to them, and then drive as you wish.
Similar questions
E
T
F
U
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question