Tentando fazer com que as VLANs funcionem entre o Mikrotik HAP AC e o RB4011iGS +

Question

Tentando fazer com que as VLANs funcionem entre o Mikrotik HAP AC e o RB4011iGS +

#1 resposta do (0 votos)
#2 resposta do (0 votos)

1

Aqui está o diagrama da rede:

Euconfigurei3vlans:

vlan1:192.168.9.0/24vlan11-lan:192.168.11.0/24vlan22-guest:192.168.22.0/24

vlan1estáfuncionandoperfeitamente.Cadahostnarede192.168.9.0/24estápingandounsaosoutros.

vlan11-lanevlan22-guestnãofuncionamcorretamente:

OHAPACpodeexecutarpingnoRB4011(192.168.11.1ou192.168.22.1)
ORB4011podefazerpingnoHAPAC(192.168.11.2ou192.168.22.2)
OPC5eoPC2nãopodemefetuarpingunsaosoutrosenãopodemexecutarpingnoRB4011(192.168.11.1)nemnoHAPAC(192.168.11.2).ElesnemsequerobtêmendereçosMACumdooutroemsuastabelasARP.
OPC3nãopodeefetuarpingnoRB4011(192.168.22.1)nemnoHAPAC(192.168.22.2).TambémnãoobtémseusendereçosMACemsuatabelaARP.

Desativeiofirewallcompletamente,masaindanãoobtivesucesso.Eutenhoobailedemáscarassaindodainterfacedainternet(eth1noRB4011iGS+).

RB4011iGS+config:

#nov/15/201822:53:31byRouterOS6.43.4#softwareid=WP4U-Z565##model=RB4011iGS+#serialnumber=968A09187F4C/interfacebridgeaddadmin-mac=B8:69:F4:92:25:57auto-mac=nocomment=defconfname=bridgevlan-filtering=yes/interfaceethernetset[finddefault-name=ether1]l2mtu=1598set[finddefault-name=ether2]l2mtu=1598set[finddefault-name=ether3]l2mtu=1598set[finddefault-name=ether4]l2mtu=1598set[finddefault-name=ether5]l2mtu=1598set[finddefault-name=ether6]l2mtu=1598set[finddefault-name=ether7]l2mtu=1598set[finddefault-name=ether8]l2mtu=1598set[finddefault-name=ether9]l2mtu=1598set[finddefault-name=ether10]l2mtu=1598/interfacevlanaddinterface=ether10name=vlan11-lanvlan-id=11addinterface=ether10name=vlan22-guestvlan-id=22/interfacelistaddcomment=defconfname=WANaddcomment=defconfname=LAN/interfacewirelesssecurity-profilesset[finddefault=yes]supplicant-identity=MikroTik/ippooladdname=dhcpranges=192.168.9.50-192.168.9.254/ipdhcp-serveraddaddress-pool=dhcpdisabled=nointerface=bridgename=defconf/interfacebridgeportaddbridge=bridgeinterface=ether10addbridge=bridgeinterface=ether5pvid=11addbridge=bridgeinterface=ether6/ipneighbordiscovery-settingssetdiscover-interface-list=LAN/interfacebridgevlanaddbridge=bridgetagged=ether10vlan-ids=11addbridge=bridgetagged=ether10vlan-ids=22/interfacelistmemberaddcomment=defconfinterface=bridgelist=LANaddcomment=defconfinterface=ether1list=WANaddlist=LAN/ipaddressaddaddress=192.168.100.2/24interface=ether1network=192.168.100.0addaddress=192.168.22.1/24interface=vlan22-guestnetwork=192.168.22.0addaddress=192.168.9.1/24interface=bridgenetwork=192.168.9.0addaddress=192.168.11.1/24interface=vlan11-lannetwork=192.168.11.0/ipcloudsetddns-enabled=yes/ipdhcp-servernetworkaddaddress=192.168.9.0/24gateway=192.168.9.1netmask=24/ipdnssetallow-remote-requests=yes/ipdnsstaticaddaddress=192.168.9.1name=router.lan/ipfirewallnataddaction=masqueradechain=srcnatcomment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=netmap chain=dstnat dst-port=3484 in-interface=ether1 protocol=tcp to-addresses=192.168.9.4 to-ports=3306
add action=netmap chain=dstnat dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.9.6 to-ports=3389
add action=masquerade chain=srcnat dst-port=80 protocol=tcp src-address=192.168.9.0/24
add action=netmap chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.9.4 to-ports=80
/ip route
add distance=1 gateway=192.168.100.1
/ip traffic-flow
set cache-entries=32k interfaces=local
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=RB4011
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=ether10

Configuração do HAP AC:

# nov/15/2018 22:47:07 by RouterOS 6.43.2
# software id = R9TC-1I4K
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 6737065A9A5D
/interface bridge
add admin-mac=6C:3B:6B:11:EB:C1 auto-mac=no name=bridge vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-11EBC7 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-11EBC6 wireless-protocol=802.11
/interface vlan
add interface=ether1 name=vlan11-lan vlan-id=11
add interface=ether1 name=vlan22-guest vlan-id=22
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=1620290162 wpa2-pre-shared-key=1620290162
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4 pvid=11
add bridge=bridge interface=ether5 pvid=22
/interface bridge vlan
add bridge=bridge tagged=ether1 vlan-ids=11
add bridge=bridge tagged=ether1 vlan-ids=22
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=sfp1 list=WAN
/ip address
add address=192.168.22.2/24 interface=vlan22-guest network=192.168.22.0
add address=192.168.9.2/24 interface=bridge network=192.168.9.0
add address=192.168.11.2/24 interface=vlan11-lan network=192.168.11.0
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.9.2 name=router.lan
/ip route
add distance=1 gateway=192.168.9.1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=HAP_AC
/system routerboard settings
set silent-boot=no
/tool sniffer
set filter-interface=ether1 filter-ip-address=!192.168.13.2/32

networking vlan mikrotik

por Rualark 15.11.2018 / 21:07

2 respostas

0

Crie uma ponte com a filtragem de vlan desativada para evitar perder o acesso ao roteador antes que as VLANs estejam completamente configuradas.

/interface bridge add 
name=bridge1 vlan-filtering=no

Adicione portas de ponte e especifique pvid para portas de acesso de VLAN para atribuir seu tráfego não marcado à VLAN pretendida.

/interface bridge port
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether5 pvid=11
add bridge=bridge1 interface=ether6 pvid=12

Adicione as entradas Bridge VLAN e especifique as portas marcadas e não marcadas nelas.

/interface bridge vlan
add bridge=bridge1 tagged=ether10 untagged=ether5 vlan-ids=11
add bridge=bridge1 tagged=ether10 untagged=ether6 vlan-ids=12
add bridge=bridge1 tagged=ether10 vlan-ids=22

No final, quando a configuração da VLAN estiver concluída, ative a filtragem por bridge VLAN.

/interface bridge set bridge1 vlan-filtering=yes

This was for the first router, do the same for the other one(don't forget to change the ports and pvid,vlan numbers accordingly)

por 17.11.2018 / 04:32

Tags networking vlan mikrotik

iproute2 roteamento através de múltiplas redes com rt_tables Confuso sobre se meu compartilhamento iSCSI está disponível / como fazê-lo

score 0 · Accepted Answer

Obrigado ao carinho por uma ideia! A resposta completa para o problema é a seguinte:

Adicione bridge como membro da VLAN em ambas as pontes (obrigado grawity):

/interface bridge vlan
add bridge=bridge tagged=ether10,bridge untagged=ether5 vlan-ids=11
add bridge=bridge tagged=ether10,bridge vlan-ids=22

/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether4 vlan-ids=11
add bridge=bridge tagged=ether1,bridge untagged=ether5 vlan-ids=22

Mova as interfaces vlan da interface de troncos para a ponte:

/interface vlan
add interface=bridge name=vlan11-lan vlan-id=11
add interface=bridge name=vlan22-guest vlan-id=22

/interface vlan
add interface=bridge name=vlan11-lan vlan-id=11
add interface=bridge name=vlan22-guest vlan-id=22

Corrigido RB4011iGS + config:

# nov/16/2018 19:24:29 by RouterOS 6.43.4
# software id = WP4U-Z565
#
# model = RB4011iGS+
# serial number = 968A09187F4C
/interface bridge
add admin-mac=B8:69:F4:92:25:57 auto-mac=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1598
set [ find default-name=ether2 ] l2mtu=1598
set [ find default-name=ether3 ] l2mtu=1598
set [ find default-name=ether4 ] l2mtu=1598
set [ find default-name=ether5 ] l2mtu=1598
set [ find default-name=ether6 ] l2mtu=1598
set [ find default-name=ether7 ] l2mtu=1598
set [ find default-name=ether8 ] l2mtu=1598
set [ find default-name=ether9 ] l2mtu=1598
set [ find default-name=ether10 ] l2mtu=1598
/interface vlan
add interface=bridge name=vlan11-lan vlan-id=11
add interface=bridge name=vlan22-guest vlan-id=22
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.9.50-192.168.9.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge interface=ether10
add bridge=bridge interface=ether5 pvid=11
add bridge=bridge interface=ether6
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge tagged=ether10,bridge untagged=ether5 vlan-ids=11
add bridge=bridge tagged=ether10,bridge vlan-ids=22
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add list=LAN
/ip address
add address=192.168.100.2/24 interface=ether1 network=192.168.100.0
add address=192.168.22.1/24 interface=vlan22-guest network=192.168.22.0
add address=192.168.9.1/24 interface=bridge network=192.168.9.0
add address=192.168.11.1/24 interface=vlan11-lan network=192.168.11.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.9.0/24 gateway=192.168.9.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.9.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=netmap chain=dstnat dst-port=3484 in-interface=ether1 protocol=tcp to-addresses=192.168.9.4 to-ports=3306
add action=netmap chain=dstnat dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.9.6 to-ports=3389
add action=masquerade chain=srcnat dst-port=80 protocol=tcp src-address=192.168.9.0/24
add action=netmap chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.9.4 to-ports=80
/ip route
add distance=1 gateway=192.168.100.1
/ip traffic-flow
set cache-entries=32k interfaces=local
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=RB4011
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=vlan22-guest

Corrigida a configuração de AC do HAP:

# nov/16/2018 19:20:06 by RouterOS 6.43.4
# software id = R9TC-1I4K
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 6737065A9A5D
/interface bridge
add admin-mac=6C:3B:6B:11:EB:C1 auto-mac=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether3 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-11EBC7 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-11EBC6 wireless-protocol=802.11
/interface vlan
add interface=bridge name=vlan11-lan vlan-id=11
add interface=bridge name=vlan22-guest vlan-id=22
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=1234567123 wpa2-pre-shared-key=1234567123
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4 pvid=11
add bridge=bridge interface=ether5 pvid=22
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether4 vlan-ids=11
add bridge=bridge tagged=ether1,bridge untagged=ether5 vlan-ids=22
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=sfp1 list=WAN
/ip address
add address=192.168.22.2/24 interface=vlan22-guest network=192.168.22.0
add address=192.168.9.2/24 interface=bridge network=192.168.9.0
add address=192.168.11.2/24 interface=vlan11-lan network=192.168.11.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.9.2 name=router.lan
/ip route
add distance=1 gateway=192.168.9.1
add distance=1 gateway=192.168.22.1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=HAP_AC
/system routerboard settings
set silent-boot=no
/tool sniffer
set filter-interface=ether1 filter-ip-address=!192.168.13.2/32