I apologize if similar was asked. Iam begginer with Mikrotik and networking.
I was inspired by coleges that Mikrotik is great ruters and switches, so i got 1 to replace current router that I have. I am trying to configure it for past 14 days. One day 50% works and other 50% not, Next day is vice versa.
What i use as equipment:
- - 1x L009UiGS
- 2x Netgeat GS108Tv3
- 1x TP-link TL-SG108E
- 1x Netgear GS105E
-vlan 100 - mgmt
-vlan 200 - laptops
-vlan 800 - IOT
-vlan 1000 - VMWare
L009 port:
- - sfp - internet
- ether1 to ether4 VLAN 200
- ether5 to ether8 TRUNK to each switch
- each port 1 on switches is trunk
- other ports i managed to set with VLNAs 100,200,800,1000
---------------------------------------------------------------------------
Currently working:
4 trunk ports connecting to switches work. Each port on switch that has different VLAN assigned takes IP from DHCP's on router.
First 4 ports on L009 ethr1 - ethr4 refuse to give dhcp ips. If I turn on VLAN filetring on Bridge --> situation turns 180 degress.
ethr1 to ethr4 works normally and gives DHCP addresses, and Trunk side just dies and doesnt want to give anything.
I would assume there is some small mistake somewhere. attaching config what i did.
Thanks in advance for suggestinons.
Code: Select all
# 2024-03-01 15:53:47 by RouterOS 7.14
# software id = XXXXXXXXXX
#
# model = L009UiGS
# serial number = XXXXXXXXXX
/interface bridge
add admin-mac=XXXXXXXXXX auto-mac=no mtu=1500 name=TrunkBridge
/interface vlan
add interface=TrunkBridge name="Desktop V200" vlan-id=200
add interface=TrunkBridge name="IOT V800" vlan-id=800
add interface=TrunkBridge name="MGMT V100" vlan-id=100
add interface=TrunkBridge name="VMWare V1000" vlan-id=1000
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name="MGMT pool" ranges=192.168.250.111-192.168.250.122
add name="IOT pool" ranges=192.168.8.111-192.168.8.150
add name="vmware pool" ranges=192.168.200.50-192.168.200.90
add name="desktop pool" ranges=192.168.10.105-192.168.10.200
/ip dhcp-server
add add-arp=yes address-pool="MGMT pool" interface="MGMT V100" name=\
"MGMT 250 dhcp"
add add-arp=yes address-pool="IOT pool" interface="IOT V800" name=\
"IOT 8 DHCP"
add add-arp=yes address-pool="vmware pool" interface="VMWare V1000" name=\
"vmware V1000 DHCP"
add add-arp=yes address-pool="desktop pool" interface="Desktop V200" name=\
"Desktop V200 DHCP"
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/interface bridge port
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether5
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether6
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether7
add bridge=TrunkBridge frame-types=admit-only-vlan-tagged interface=ether8
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=ether2 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4 pvid=200
add bridge=TrunkBridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether1 pvid=200
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=TrunkBridge tagged=TrunkBridge,ether5,ether6,ether7,ether8 \
untagged=ether1,ether2,ether3,ether4 vlan-ids=200
/interface list member
add interface=TrunkBridge list=LAN
add interface=sfp1 list=WAN
/ip address
add address=192.168.250.1/24 interface="MGMT V100" network=192.168.250.0
add address=192.168.8.1/24 interface="IOT V800" network=192.168.8.0
add address=192.168.200.1/24 interface="VMWare V1000" network=192.168.200.0
add address=192.168.10.1/24 interface="Desktop V200" network=192.168.10.0
/ip arp
add address=192.168.250.3 interface="MGMT V100" mac-address=08:36:C9:19:16:30
add address=192.168.250.4 interface="MGMT V100" mac-address=08:36:C9:19:16:64
/ip dhcp-client
add interface=sfp1
/ip dhcp-server network
add address=192.168.8.0/24 gateway=192.168.8.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.200.0/24 gateway=192.168.200.1
add address=192.168.250.0/24 gateway=192.168.250.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Jupiter/Europa
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN