Hello,
I tried to create VLANs on my Mikrotik router, but both my computers are not able to ping each other unless they are in the same VLAN. Except the devices in their VLAN they can only ping their VLAN gateways and the router itself (172.16.10.1). I use default Mikrotik firewall settings, but it seem that it is not in firewall because ping doesn't even work with entire firewall disabled (except for the testing "accept all" rule).
Example:
PC1 in VLAN 60 with IP 172.16.60.1 can ping PC2 in the same VLAN with IP 172.16.60.2 (and both their GW 172.16.60.88 and the router 172.16.10.1)
but ping doesn't work when the PC2 is in VLAN 50 with IP 172.16.50.2 (tracert from PC1 ends with * * * after 172.16.60.88 – Request timed out.)
What could I have set up wrong or be missing?
Thank you in advance.
I tried to create VLANs on my Mikrotik router, but both my computers are not able to ping each other unless they are in the same VLAN. Except the devices in their VLAN they can only ping their VLAN gateways and the router itself (172.16.10.1). I use default Mikrotik firewall settings, but it seem that it is not in firewall because ping doesn't even work with entire firewall disabled (except for the testing "accept all" rule).
Example:
PC1 in VLAN 60 with IP 172.16.60.1 can ping PC2 in the same VLAN with IP 172.16.60.2 (and both their GW 172.16.60.88 and the router 172.16.10.1)
but ping doesn't work when the PC2 is in VLAN 50 with IP 172.16.50.2 (tracert from PC1 ends with * * * after 172.16.60.88 – Request timed out.)
What could I have set up wrong or be missing?
Thank you in advance.
Code:
# 2024-01-06 21:46:52 by RouterOS 7.13# software id = IU8T-YSM6## model = RBD53iG-5HacD2HnD# serial number = blabla/interface bridgeadd admin-mac=18:FD:blabla auto-mac=no comment=defconf name=bridge port-cost-mode=short/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="blabla" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \ wireless-protocol=802.11 wps-mode=disabledset [ find default-name=wlan2 ] band=5ghz-onlyac channel-width=20/40/80mhz-XXXX country="blabla" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\ MikroTik wireless-protocol=802.11 wps-mode=disabled/interface vlanadd interface=bridge name=vlan50 vlan-id=50add interface=bridge name=vlan60 vlan-id=60add interface=bridge name=vlan70 vlan-id=70add interface=ether1 name=vlan848 vlan-id=848/interface pppoe-clientadd add-default-route=yes disabled=no interface=vlan848 max-mru=1492 max-mtu=1492 name=pppoe-isp user=blabla/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=172.16.201.0-172.16.255.254add name=dhcp_pool50 ranges=172.16.50.1-172.16.50.87,172.16.50.89-172.16.50.254add name=dhcp_pool60 ranges=172.16.60.1-172.16.60.87,172.16.60.89-172.16.60.254add name=dhcp_pool70 ranges=172.16.70.1-172.16.70.87,172.16.70.89-172.16.70.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=12h name=defconfadd address-pool=dhcp_pool50 interface=vlan50 lease-time=12h name=dhcp50add address-pool=dhcp_pool60 interface=vlan60 lease-time=12h name=dhcp60add address-pool=dhcp_pool70 interface=vlan70 lease-time=12h name=dhcp70/interface bridge portadd bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=wlan1 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface=wlan2 internal-path-cost=10 path-cost=10/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=vlan50 list=LANadd interface=vlan60 list=LANadd interface=vlan70 list=LAN/ip addressadd address=172.16.10.1/16 comment=defconf interface=bridge network=172.16.0.0add address=172.16.50.88/24 interface=vlan50 network=172.16.50.0add address=172.16.60.88/24 interface=vlan60 network=172.16.60.0add address=172.16.70.88/24 interface=vlan70 network=172.16.70.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=172.16.0.0/16 comment=defconf dns-server=172.16.10.1 gateway=172.16.10.1 netmask=16add address=172.16.50.0/24 dns-server=172.16.50.88 gateway=172.16.50.88add address=172.16.60.0/24 dns-server=172.16.60.88 gateway=172.16.60.88add address=172.16.70.0/24 dns-server=172.16.70.88 gateway=172.16.70.88/ip dnsset allow-remote-requests=yes servers=1.1.1.1,1.1.1.2 verify-doh-cert=yes/ip dns staticadd address=172.16.10.1 name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat out-interface=pppoe-isp/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by hardwareuser — Sun Jan 07, 2024 1:02 am