Hi there,
I've been scratching my head and pounding it on the desk in frustration for the past little while.
I have read the VLAN wiki entry numerous times and it hasn't (yet) lead to a lightbulb moment!
I'm trying to split 2 sections of a network off from the rest with a couple of VLANs in a mixed Cisco/Mikrotik environment. Until earlier this week, the entire network was in 192.168.1.0/24 across 4 buildings. There are now a bunch of new VLANs and subnets configured.
Essentially, I would like there to be two networks (bottom left and right), 192.168.2.0/24 and 192.168.3.1/24 in VLANs 2 and 3 respectively able to connect through the intervening architecture and NAT on the RB1000 using real.world.ip.2 and real.world.ip.3 respectively. The NAT part I have figured out - the VLANs, not so much!
Eventually, I would like to enable OSPF so that the links between the RB750s can "fail over/back" between the ~54 megabit wireless link and the ~1.5mbps SDSL, so I would need the solution to support this (over the "triangle" between the 3 RB750s), including the ethernet link.
Network description:
192.168.1.254 is the gateway for our network on the RB1000, which then connects to a real world IP address through "Internet" interface upstream from a real world IP address range (NAT x.x.x.1; subnets/VLAN will also be NATd ). There is a connection to a local INX through "INX" port; routes are exchanged via BGP in a private use ASN.
Starting at the RB 1000 (our core router), there is a physical link from a physical port called "private", which links into Gi1/0/24 on the 3750 (core switch); this is configured as a trunk port on the Cisco, and the mikrotik currently has VLAN 2,3 and 111 configured on "private". The core cisco 3750 switch has VLANs 2,3 110-116 configured on it.
From the core switch, 4 Cisco 2960s are connected to a trunk port each (Gi1/0/13-16); we can ignore these.
More relevantly, there is then a trunk port (Gi1/0/17) from the 3750 into eth5 of the RB750 (A). On the 750A, I've added VLAN 2,3,114,116 to eth2,3&5.
从750年开始,eth2 RB433然后throu连接gh a wireless bridge to another RB433 to eth2 on a 750G.
From 750A, eth 3 connects to an SDSL bridge and then to eth3 of RB750(B).
Between 750G and 750(B), there is an ethernet link, forming a nice networking triangle.现在,我阻止马循环nually disabling eth3 of RB750(B), and enabling it if the wireless fails. (R)STP didn't work (too much flapping), and with a flat subnet structure up until now, I couldn't get OSPF to work.
The 2950s (A) and (B) have VLAN 2, 114, 116 and 3, 114, 116 configured on them; Port Gi1/0/24 is configured as a trunk, the rest will be client access ports.
VLAN descriptions:
VLAN 2 - 192.168.2.0/24
VLAN 3 - 192.168.3.0/24
VLAN 110 - Servers (192.168.110.0/24)
VLAN 111 - Data (192.168.111.0/24)
VLAN 112 - Wireless VLAN (not yet used; 192.168.112.0/24)
VLAN 113 - Guest Wireless VLAN (not yet used; 192.168.113.0/24)
VLAN 114 - Management VLAN (Ciscos configured with 192.168.114.0/24)
VLAN 115 - Voice VLAN (not yet used; 192.168.115.0/24)
VLAN 116 - Migration VLAN (carrying 192.168.1.0/24) - this will fall away in time.
All these are present on the core 3750;
110-116 are on the 4x48 port 2960s;
2,114,116 should be present on 2960A
3,114,116 should be present on 2960B
I have put interfaces on all the mikrotiks with the various VLANs; the core cisco 3750 also has VLAN 2 and 3 enabled.
I have added 192.168.2.1/24 to VLAN2 on RB1000
192.168.2.2/24 to port Gi1/0/17 on the 3750
192.168.2.3/24 to (interface) VLAN 2 on 750
192.168.2.4/24 to (interface) VLAN2 on 433 (A)
192.168.2.5/24 to (interface) VLAN2 on 433 (B)
192.168.2.252/24 to the trunk port Gi1/0/24 on the 2950(A)
192.168.2.254/24 to (interface) VLAN 2 on 750G
Problems:
The main thing that is causing me major headaches is I can't for the life of me get pings to travel across the entire network within VLAN 2 (I have yet to start work on VLAN 3). Do I need to configure the VLANs (and a VLAN address) on each physical interface of all the Mikrotiks (I've tried this), or do I need to create some sort of bridge?
Or have I misunderstood VLANs entirely!?
Here's how my pings are going:
192.168.2.1 - nothing reachable
192.168.2.2 - can reach 192.168.2.3, not 192.168.2.1
192.168.2.3 - can reach 192.168.2.2
192.168.2.100 (DHCP client) - can reach 192.168.2.252, 192.168.2.254, nothing below .100.
192.168.2.252 - can reach .254, but not DHCP address (i.e. .2.100)
192.168.2.254 - can reach 192.168.2.252, nothing else
I'm currently accessing all the routerboards through their old 192.168.1.0/24 addresses.
750G is running a DHCP server on VLAN2 interface handing out 192.168.2.100-192.168.2.200 addresses. Machines there can successfully DHCP and can ping 192.168.2.252, .254 and each other (but .252 can't ping them!). DHCP leases specify 192.168.2.254 as gateway.
RouterOS Versions:
The RB 1000 is running ROS 3.30; the RB750s and RB433s are all on ROS 5.4.
Gateways on this network are normally configured at the top of the subnet. (i.e. .254)
So....
What am I doing wrong and how can I fix it?
Many, many thanks in advance.