Hi all,
After successfully configuring my network with VLANs, I had to change the topology, and now I have a situation where one ethernet port has to serve two machines that are in different VLANs. I tried enabling the MACVLAN, untagging the ethernet port and allowing all traffic and setting DHCP on the macvlan1, but no machine was detected in the port, even before the DHCP server had a chance to connect to it. What is the correct way to change the "standard" VLAN configuration for one port being trunk with MACVLAN on it?
After successfully configuring my network with VLANs, I had to change the topology, and now I have a situation where one ethernet port has to serve two machines that are in different VLANs. I tried enabling the MACVLAN, untagging the ethernet port and allowing all traffic and setting DHCP on the macvlan1, but no machine was detected in the port, even before the DHCP server had a chance to connect to it. What is the correct way to change the "standard" VLAN configuration for one port being trunk with MACVLAN on it?
Code:
/interface bridgeadd admin-mac=DC:2C:6E:13:F3:B3 auto-mac=no comment=defconf name=bridge protocol-mode=none vlan-filtering=yes/interface wirelessset [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-XXXX country=brazil disabled=no distance=indoors frequency-mode=superchannel \ mode=ap-bridge secondary-frequency=auto ssid=loveandrockets wireless-protocol=802.11 wps-mode=disabledset [ find default-name=wlan2 ] band=2ghz-g/n channel-width=20/40mhz-XX country=brazil disabled=no distance=indoors frequency=2447 frequency-mode=\ superchannel installation=indoor mode=ap-bridge ssid=rocketsandlove wireless-protocol=802.11/interface vlanadd interface=bridge name=base_vlan vlan-id=99add interface=bridge name=guest_vlan vlan-id=30add interface=bridge name=home_vlan vlan-id=10add interface=bridge name=work_vlan vlan-id=20/interface macvlanadd disabled=yes interface=ether9 mac-address=A2:86:E2:AC:4B:F3 name=macvlan1/interface pppoe-clientadd ac-name=i-br-sp-scl-cli-hl4-01 add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 user=cliente@cliente/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd name=VLANadd name=BASE/interface wifi channeladd band=5ghz-ax disabled=no frequency=2300-7300 name=channel1 width=20/40/80+80mhz/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk connect-priority=0 disabled=no name=home_wifi_sec wps=disable/interface wifi configurationadd channel.band=5ghz-ax .frequency=2300-7300 .width=20/40/80+80mhz country=Brazil disabled=no manager=local mode=station-bridge name=cfg1 security=\ home_wifi_sec security.connect-priority=0 ssid=loveandrockets/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=workshop supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=guest supplicant-identity=MikroTik/interface wirelessadd disabled=no mac-address=DE:2C:6E:13:F3:BD master-interface=wlan1 name=wlan3 security-profile=workshop ssid=workshopadd disabled=no mac-address=2E:C8:1B:BF:E8:D6 master-interface=wlan2 name=wlan4 security-profile=guest ssid=paloma/ip pooladd name=home_pool ranges=192.168.10.2-192.168.10.254add name=work_pool ranges=192.168.20.2-192.168.20.254add name=guest_pool ranges=192.168.30.2-192.168.30.254add name=base_pool ranges=192.168.0.10-192.168.0.254/ip dhcp-serveradd address-pool=home_pool interface=home_vlan name=home_dhcpadd address-pool=work_pool interface=work_vlan name=work_dhcpadd address-pool=guest_pool interface=guest_vlan name=guest_dhcpadd address-pool=base_pool interface=base_vlan name=base_dhcp/portset 0 name=serial0set 1 name=serial1/system logging actionadd name=logserver remote=192.168.10.2 target=remote/interface bridge portadd bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=20add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether9 pvid=30add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=ether10 pvid=99add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=wlan1 pvid=10add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged interface=wlan2 pvid=10add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=wlan4 pvid=30add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=wlan3 pvid=20/ip neighbor discovery-settingsset discover-interface-list=BASE/interface bridge vlanadd bridge=bridge tagged=bridge vlan-ids=10add bridge=bridge tagged=bridge vlan-ids=20add bridge=bridge tagged=bridge vlan-ids=30add bridge=bridge tagged=bridge vlan-ids=99/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=home_vlan list=VLANadd interface=work_vlan list=VLANadd interface=guest_vlan list=VLANadd interface=base_vlan list=BASEadd interface=pppoe-out1 list=WAN/ip addressadd address=192.168.0.1/24 interface=base_vlan network=192.168.0.0add address=192.168.10.1/24 interface=home_vlan network=192.168.10.0add address=192.168.20.1/24 interface=work_vlan network=192.168.20.0add address=192.168.30.1/24 interface=guest_vlan network=192.168.30.0/ip cloudset update-time=no/ip dhcp-clientadd comment=defconf disabled=yes interface=ether1/ip dhcp-server networkadd address=192.168.0.0/24 dns-server=1.1.1.1,9.9.9.9 gateway=192.168.0.1add address=192.168.10.0/24 dns-server=192.168.10.2,192.168.0.1,1.1.1.1 gateway=192.168.10.1add address=192.168.20.0/24 dns-server=1.1.1.1,9.9.9.9 gateway=192.168.20.1add address=192.168.30.0/24 dns-server=1.1.1.1,9.9.9.9 gateway=192.168.30.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,9.9.9.9/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall address-listadd address=8.8.8.8 comment="google DNS" list=GOOGLE_DNSadd address=8.8.4.4 comment="google DNS" list=GOOGLE_DNSadd address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=not_global_ipv4add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4add address=192.168.0.0/24 list=allowed_to_routeradd address=192.168.0.0/16 comment="internal networks, including VLANs" list=allowed_lanadd address=192.168.10.11 comment=roku list=redirect_dnsadd address=192.168.10.7 comment=chiba list=redirect_dnsadd address=192.168.10.7 list=allowed_to_routeradd address=192.168.10.12 list=allowed_to_router/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="Allow list to router" src-address-list=allowed_to_routeradd action=accept chain=input comment="DNS - UDP" dst-port=53 in-interface-list=VLAN protocol=udpadd action=accept chain=input comment="DNS - TCP" dst-port=53 in-interface-list=VLAN protocol=tcpadd action=drop chain=input comment=Dropadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=accept chain=forward comment="VLAN Internet Access only" connection-state=new in-interface-list=VLAN out-interface-list=WANadd action=drop chain=forward comment="Drop google DNS" disabled=yes dst-address-list=GOOGLE_DNS log=yes log-prefix=googlednsadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log-prefix=fw_invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=\ WANadd action=drop chain=forward comment="defconf: drop bad forward IPs" src-address-list=no_forward_ipv4add action=drop chain=forward comment="defconf: drop bad forward IPs" dst-address-list=no_forward_ipv4 log=yesadd action=drop chain=forward comment=Drop/ip firewall natadd action=masquerade chain=srcnat comment="fix the ntp client by changing its source port 123 with something higher (mikrotik forum 794718)" protocol=\ udp src-port=123 to-ports=12400-12440add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat disabled=yes dst-address=192.168.10.2 dst-port=53 log=yes log-prefix=roku_dns_src protocol=udp src-address-list=\ redirect_dnsadd action=masquerade chain=srcnat disabled=yes dst-address=192.168.10.2 dst-port=53 log=yes log-prefix=roku_dns_src protocol=tcp src-address-list=\ redirect_dnsadd action=dst-nat chain=dstnat dst-port=53 log-prefix=roku_dns_dst protocol=udp src-address-list=redirect_dns to-addresses=192.168.10.2 to-ports=53add action=dst-nat chain=dstnat dst-port=53 log-prefix=roku_dns_dst protocol=tcp src-address-list=redirect_dns to-addresses=192.168.10.2 to-ports=53/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh port=2233set www-ssl address=192.168.0.0/16 certificate=tunguska.cc.cer_0 disabled=noset api disabled=yesset winbox address=192.168.0.0/16set api-ssl address=192.168.0.0/16 certificate=tunguska.cc.cer_0 disabled=yes/ip sshset host-key-size=4096 host-key-type=ed25519/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6add address=fe80::/16 list=allowedadd address=ff02::/16 comment=multicast list=allowed/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=input comment="allow established and related" connection-state=established,relatedadd action=accept chain=input comment="allow allowed addresses" src-address-list=allowedadd action=drop chain=input comment="Drop all"add action=accept chain=forward comment=established,related connection-state=established,relatedadd action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalidadd action=drop chain=forward comment="drop all" log-prefix=IPV6/system clockset time-zone-name=America/Sao_Paulo/system ledsadd interface=wlan2 leds=wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-led,wlan2_signal4-led,wlan2_signal5-led type=wireless-signal-strengthadd interface=wlan2 leds=wlan2_tx-led type=interface-transmitadd interface=wlan2 leds=wlan2_rx-led type=interface-receive/system loggingset 0 topics=info,!firewalladd prefix=login topics=system,infoadd action=logserver prefix=MikroTik topics=!debug,!packet,!snmp,!dns/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=2001:12ff::8add address=200.189.40.8/tool mac-serverset allowed-interface-list=BASE/tool mac-server mac-winboxset allowed-interface-list=BASE/tool netwatchadd comment=NAS disabled=no down-script=":log message=\"NAS down\"" host=192.168.10.2 interval=1m packet-count=10 packet-interval=1s test-script="" \ timeout=10s type=icmp up-script=":log message=\"NAS up\"" Statistics: Posted by tunguskalabs — Wed Mar 20, 2024 3:08 pm