Zdravim
Skusam na stole podobny sposob, kde sa cez jednu man Vlan chcem dostat iba na switch cez jeho uplink na ktorom je router.
Na vsetkych portoch Switcha sa dostanem cez VLAN nim pridelenym na Router a dalej, ale cez router sa neviem dostat na switch.
Ked pingam cez winbox tool tak ping vo VLAN chodi medzi zariadeniami. Ale z Pc za routerom sa uz na IP vlan switcha nedostanem.
Zapojenie.jpg
neviete mi poradit , alebo ma nasmerovat? Prikladam obrazok narychlo a exporty
Dakujem
switch:
# jan/02/1970 03:16:34 by RouterOS 6.41rc38
# model = CRS112-8G-4S
/interface bridge
add fast-forward=no igmp-snooping=no name=bridge1 protocol-mode=none
/interface vlan
add interface=bridge1 name=vlan99 vlan-id=99
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether8
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether8 vlan-id=110
add tagged-ports=ether8 vlan-id=111
add tagged-ports=ether8 vlan-id=112
add tagged-ports=ether8 vlan-id=113
add tagged-ports=ether8 vlan-id=114
add tagged-ports=ether8 vlan-id=115
add tagged-ports=switch1-cpu,ether8 vlan-id=99
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=110 ports=ether1
add customer-vid=0 new-customer-vid=111 ports=ether2
add customer-vid=0 new-customer-vid=112 ports=ether3
add customer-vid=0 new-customer-vid=113 ports=ether4
add customer-vid=0 new-customer-vid=114 ports=ether5
add customer-vid=0 new-customer-vid=115 ports=ether6
/interface ethernet switch vlan
add ports=ether1,ether8 vlan-id=110
add ports=ether2,ether8 vlan-id=111
add ports=ether3,ether8 vlan-id=112
add ports=ether4,ether8 vlan-id=113
add ports=ether5,ether8 vlan-id=114
add ports=ether6,ether8 vlan-id=115
add ports=switch1-cpu,ether8 vlan-id=99
/ip address
add address=192.168.99.2/24 interface=vlan99 network=192.168.99.0
router:
# jan/01/2002 01:27:06 by RouterOS 3.30
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1526 max-message-age=20s \
mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
l2mtu=1526 mac-address=00:0C:42:2E:8C:C1 mtu=1500 name=ether1 speed=\
100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:2E:8C:C2 \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=yes full-duplex=yes mac-address=00:0C:42:2E:8C:C3 \
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=yes full-duplex=yes mac-address=00:0C:42:2E:8C:C4 \
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:2E:8C:C5 \
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN111 use-service-tag=no vlan-id=111
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN112 use-service-tag=no vlan-id=112
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN113 use-service-tag=no vlan-id=113
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN114 use-service-tag=no vlan-id=114
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN115 use-service-tag=no vlan-id=115
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN116 use-service-tag=no vlan-id=116
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN99 use-service-tag=no vlan-id=99
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
name=VLAN110 use-service-tag=no vlan-id=110
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=pool101 ranges=192.168.101.2-192.168.101.254
add name=pool100 ranges=192.168.100.100-192.168.100.254
add name=pool102 ranges=192.168.102.2-192.168.102.254
add name=pool107 ranges=192.168.107.2-192.168.107.254
add name=pool106 ranges=192.168.106.2-192.168.106.254
add name=pool105 ranges=192.168.105.2-192.168.105.254
add name=pool104 ranges=192.168.104.2-192.168.104.254
add name=pool103 ranges=192.168.103.2-192.168.103.254
add name=pool9 ranges=192.168.9.2-192.168.9.254
add name=pool99 ranges=192.168.99.2-192.168.99.200
/ip dhcp-server
add address-pool=pool101 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN111 lease-time=1d name=server101
add address-pool=pool102 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN112 lease-time=1d name=server102
add address-pool=pool103 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN113 lease-time=1d name=server103
add address-pool=pool104 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN114 lease-time=1d name=server104
add address-pool=pool105 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN115 lease-time=1d name=server105
add address-pool=pool107 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=ether2 lease-time=1d name=server107
add address-pool=pool100 authoritative=after-2sec-delay bootp-support=static \
disabled=yes interface=bridge1 lease-time=1d name=server100
add address-pool=pool99 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=VLAN99 lease-time=1d name=server99
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no name=backbone \
type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
,test,winbox,password,web,sniff,sensitive"
/user
add address=0.0.0.0/0 comment="system default user" disabled=no group=full \
name=admin
/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet mirror
set mirror-port=none source-port=none
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:FA:17:FB:FD:E2 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.101.1/24 broadcast=192.168.101.255 comment="" disabled=no \
interface=VLAN111 network=192.168.101.0
add address=192.168.107.1/24 broadcast=192.168.107.255 comment="" disabled=no \
interface=ether2 network=192.168.107.0
add address=192.168.106.1/24 broadcast=192.168.106.255 comment="" disabled=no \
interface=VLAN116 network=192.168.106.0
add address=192.168.105.1/24 broadcast=192.168.105.255 comment="" disabled=no \
interface=VLAN115 network=192.168.105.0
add address=192.168.104.1/24 broadcast=192.168.104.255 comment="" disabled=no \
interface=VLAN114 network=192.168.104.0
add address=192.168.103.1/24 broadcast=192.168.103.255 comment="" disabled=no \
interface=VLAN113 network=192.168.103.0
add address=192.168.102.1/24 broadcast=192.168.102.255 comment="" disabled=no \
interface=VLAN112 network=192.168.102.0
add address=192.168.100.1/24 broadcast=192.168.100.255 comment="" disabled=no \
interface=VLAN110 network=192.168.100.0
add address=192.168.99.1/24 broadcast=192.168.99.255 comment="" disabled=no \
interface=VLAN99 network=192.168.99.0
/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
interface=ether5 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.99.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.99.1
add address=192.168.100.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.100.1
add address=192.168.101.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.101.1
add address=192.168.102.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.102.1
add address=192.168.103.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.103.1
add address=192.168.104.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.104.1
add address=192.168.105.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.105.1
add address=192.168.106.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.106.1
add address=192.168.107.0/24 comment="" dns-server=8.8.8.8 gateway=\
192.168.107.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=192.168.1.1 secondary-dns=\
195.146.132.58
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set VLAN111 discover=no
set VLAN112 discover=no
set VLAN113 discover=no
set VLAN114 discover=no
set VLAN115 discover=no
set VLAN116 discover=no
set VLAN99 discover=no
set VLAN110 discover=no
set bridge1 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set VLAN111 queue=default
set VLAN112 queue=default
set VLAN113 queue=default
set VLAN114 queue=default
set VLAN115 queue=default
set VLAN116 queue=default
set VLAN99 queue=default
set VLAN110 queue=default
set bridge1 queue=default
/radius incoming
set accept=no port=3799
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=\
no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=user-manager1 type=user-manager
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=unicast primary-ntp=192.168.1.1 secondary-ntp=\
208.66.175.36
/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \
streaming-server=0.0.0.0
/tool user-manager customer
add comment="" disabled=no login=admin parent=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
