Hi all,
my router is a RB5009UG+S+ and my switch is a CRS328-24P-4S+
I managed to setup the whole thing by my own and it seems to work for now (of course firewall can be improved later)
IP of my router is 10.0.17.1 and IP of my switch is 10.0.17.100.
I have a management vlan #17 which should only be allowed to access router and switch. My "normal" vlan is #30 where most of my clients are connected to.
The only way to login on router and switch is by having access to my management network. When I am in my normal network, no access is possible. So far so good.
Today I figured out that I can ping my router when I am in vlan #30. But I can't ping my switch while I am in #30.
Since I am still learning on network and RouterOS things, can someone here maybe try to explain why this is happening? I just try to understand what's happening here.
Here are my configs:
my router is a RB5009UG+S+ and my switch is a CRS328-24P-4S+
I managed to setup the whole thing by my own and it seems to work for now (of course firewall can be improved later)
IP of my router is 10.0.17.1 and IP of my switch is 10.0.17.100.
I have a management vlan #17 which should only be allowed to access router and switch. My "normal" vlan is #30 where most of my clients are connected to.
The only way to login on router and switch is by having access to my management network. When I am in my normal network, no access is possible. So far so good.
Today I figured out that I can ping my router when I am in vlan #30. But I can't ping my switch while I am in #30.
Since I am still learning on network and RouterOS things, can someone here maybe try to explain why this is happening? I just try to understand what's happening here.
Here are my configs:
Code:
# 2024-12-29 13:01:30 by RouterOS 7.15.3# software id ## model = RB5009UG+S+# serial number = xxx/interface bridgeadd name=bridge port-cost-mode=short vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="Trunk zum Switch"set [ find default-name=ether3 ] comment=\ "F\FCr den Notfall, wenn ich mich mal wieder aussperre"/interface vlanadd interface=bridge name=door32 vlan-id=32add interface=bridge name=homeautomation31 vlan-id=31add interface=bridge name=house30 vlan-id=30add interface=bridge name=mgmt17 vlan-id=17add interface=ether2 name=pppoe-na10 vlan-id=10/interface pppoe-clientadd add-default-route=yes allow=pap,chap,mschap2 comment=ISP disabled=no \ interface=pppoe-na10 name=pppoe-na use-peer-dns=yes user=\ xxx@xxx/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment=defconf name=MGMT/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254add name=dhcp_pool1 ranges=143.0.0.2add name=dhcp_pool5 ranges=10.0.30.200-10.0.30.250add name=dhcp_pool6 ranges=10.0.17.2-10.0.17.6add name=dhcp_pool7 ranges=10.0.31.200-10.0.31.250add name=dhcp_pool8 ranges=10.0.32.200-10.0.32.250/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=10m name=defconfadd address-pool=dhcp_pool1 interface=ether3 lease-time=10m name=dhcp1add address-pool=dhcp_pool5 interface=house30 lease-time=10m name=dhcp2add address-pool=dhcp_pool6 interface=mgmt17 lease-time=10m name=dhcp3add address-pool=dhcp_pool7 interface=homeautomation31 lease-time=10m name=\ dhcp4add address-pool=dhcp_pool8 interface=door32 lease-time=10m name=dhcp5/interface bridge portadd bridge=bridge comment=defconf frame-types=\ admit-only-untagged-and-priority-tagged interface=ether4 \ internal-path-cost=10 path-cost=10 pvid=30add bridge=bridge comment=defconf frame-types=\ admit-only-untagged-and-priority-tagged interface=ether5 \ internal-path-cost=10 path-cost=10 pvid=30add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \ interface=ether1 internal-path-cost=10 path-cost=10add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether6 internal-path-cost=10 path-cost=10 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether7 internal-path-cost=10 path-cost=10 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=ether8 internal-path-cost=10 path-cost=10 pvid=17/ip firewall connection trackingset udp-timeout=10s/interface bridge vlanadd bridge=bridge tagged=bridge,ether1 vlan-ids=30add bridge=bridge tagged=bridge,ether4,ether1 vlan-ids=17add bridge=bridge tagged=bridge,ether1 vlan-ids=31add bridge=bridge tagged=bridge,ether1 vlan-ids=32/interface list memberadd comment=LAN interface=bridge list=LANadd comment=ISP interface=pppoe-na list=WANadd interface=house30 list=LANadd comment="mgmt interfaces" interface=ether4 list=MGMTadd interface=mgmt17 list=MGMTadd interface=homeautomation31 list=LANadd interface=door32 list=LANadd interface=ether3 list=MGMT/ip addressadd address=143.0.0.1/24 interface=ether3 network=143.0.0.0add address=10.0.30.1/24 interface=house30 network=10.0.30.0add address=10.0.17.1/24 interface=mgmt17 network=10.0.17.0add address=10.0.31.1/24 interface=homeautomation31 network=10.0.31.0add address=10.0.32.1/24 interface=door32 network=10.0.32.0/ip dhcp-server networkadd address=10.0.17.0/24 dns-server=8.8.8.8 gateway=10.0.17.1add address=10.0.30.0/24 dns-server=8.8.8.8 gateway=10.0.30.1add address=10.0.31.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.31.1add address=10.0.32.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.32.1add address=17.0.0.0/24 dns-server=8.8.8.8 gateway=17.0.0.1add address=30.0.0.0/24 dns-server=8.8.8.8 gateway=30.0.0.1add address=143.0.0.0/24 dns-server=8.8.8.8 gateway=143.0.0.1/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=drop chain=input comment=\ "defconf: drop all not coming from Management VLAN" in-interface-list=\ !MGMTadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/system clockset time-zone-name=Europe/Berlin/system noteset show-at-login=no=======================================================================================================================================# 1971-01-06 01:57:49 by RouterOS 7.13# software id## model = CRS328-24P-4S+# serial number = xxx/interface bridgeadd name=bridge vlan-filtering=yes/interface ethernetset [ find default-name=ether4 ] name=2n-front-eth4set [ find default-name=ether15 ] name=Notfall-eth15set [ find default-name=ether5 ] name=dg-eth5set [ find default-name=ether18 ] name=nuc-eth18set [ find default-name=ether2 ] name=kitchen-eth2set [ find default-name=ether21 ] name=office1-eth21set [ find default-name=ether22 ] name=office2-eth22set [ find default-name=ether20 ] name=office3-eth20set [ find default-name=ether19 ] name=office4-eth19set [ find default-name=ether17 ] name=rasp-eth17set [ find default-name=ether3 ] name=sma-sm-eth3set [ find default-name=ether9 ] name=sma-wr-eth9set [ find default-name=ether10 ] name=playsi-eth10set [ find default-name=ether1 ] name=trunk-eth1set [ find default-name=ether8 ] name=wifi-eg-eth8set [ find default-name=ether6 ] name=wifi-kg-eth6set [ find default-name=ether7 ] name=wifi-og-eth7set [ find default-name=ether24 ] name=wz1-eth24set [ find default-name=ether23 ] name=wz2-eth23/interface vlanadd interface=bridge name=mgmt17 vlan-id=17/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=dhcp_pool0 ranges=192.168.144.2-192.168.144.254/ip dhcp-serveradd address-pool=dhcp_pool0 interface=Notfall-eth15 name=dhcp1/portset 0 name=serial0/interface bridge portadd bridge=bridge frame-types=admit-only-vlan-tagged interface=trunk-eth1add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=2n-front-eth4 pvid=32add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=dg-eth5 pvid=31add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=knx-eth2 pvid=31add bridge=bridge interface=office1-eth21 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=office2-eth22 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=office3-eth20 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=office4-eth19 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=sma-sm-eth3 pvid=31add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=sma-wr-eth9 pvid=31add bridge=bridge interface=wifi-eg-eth8 pvid=30add bridge=bridge interface=wifi-kg-eth6 pvid=30add bridge=bridge interface=wifi-og-eth7 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=wz1-eth24 pvid=31add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=wz2-eth23 pvid=31add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \ interface=rasp-eth17 pvid=30add bridge=bridge interface=intelnuc-eth18 pvid=17add bridge=bridge interface=playsi-eth10 pvid=30/interface bridge vlanadd bridge=bridge tagged=trunk-eth1,intelnuc-eth18 vlan-ids=30add bridge=bridge tagged=\ trunk-eth1,bridge,wifi-eg-eth8,wifi-og-eth7,wifi-kg-eth6 vlan-ids=17add bridge=bridge tagged=\ bridge,trunk-eth1,wifi-kg-eth6,wifi-eg-eth8,wifi-og-eth7,intelnuc-eth18 \ vlan-ids=31add bridge=bridge tagged=\ bridge,trunk-eth1,wifi-kg-eth6,wifi-eg-eth8,wifi-og-eth7,intelnuc-eth18 \ vlan-ids=32/ip addressadd address=192.168.144.1/24 interface=Notfall-eth15 network=192.168.144.0add address=10.0.17.100/24 interface=mgmt17 network=10.0.17.0/ip dhcp-server networkadd address=192.168.144.0/24 dns-server=8.8.8.8 gateway=192.168.144.1/system clockset time-zone-name=Europe/Berlin/system noteset show-at-login=no/system routerboard settingsset boot-os=router-os/system swosset identity=MikroTikStatistics: Posted by stitch84ac — Mon Dec 30, 2024 6:15 pm