Hello,
I new to mikrotik and have spent a long time researching how to set up my MikroTik CCR2116-12G-4S+ to do what I need it to do. Up to this point I really can't understand what I'm doing wrong, but clearly I am doing something wrong. I really hope that someone can point me in the direction to get this sorted.
I have read many articles, seen loads of YT tutorials and read many forum posts here without being able to understand what I'm doing wrong.
Here is a simple schematic over my environment:
Here is my usecase with references to the simple schematics attached to this post:
I like the following machines to be able to communicate:
- A and E, B and F, C and G, D and H on as close to wire speed as possible. These pairs should be separated from each other (pair to pair).
- J to be able to talk to E and K to G without any demand on wire speed. No other traffic should be routed to J and K than responses from E and G. Naturally J and G should not be able to talk to each other nor should E not be able to reach K.
A, B, C and D are virtual machines running on a hypervisor terminating them two trunk connections ("sfp-sfpplus3 – TRUNK1" and "sfp-sfpplus2 – TRUNK2"). Non of these VMs should be able to talk to each other.
E, F, G, H are physical machines with Gigabit Ethernet ports.
J and K are virtual machines running on another hypervisor. J and K are to share a physical trunk connection ("ether2 – TRUNK3") to the router.
This environment is not connected to internet nor have the need for any DHCP server functionality. All machines will have their IPs set staticky
Here is my export result:
What I think I'm stuck on is sharing the "ether2 – TRUNK3" connection with BR0 and BR1 having VLAN19 to go to BR0 and VLAN29 to go to BR1.
Any suggestions would be much appreciated. And I know my usecase might seem a bit odd but its for a test environment where I'm going to run tests towards the machines E, F, G and H. There of no access to outside this environment.
If i have missed providing any information please do not hesitate to make me aware of it.
I have tried to understand the viewtopic.php?t=143620 thread but clearly not been able to sort my issues described above.
I like to understand where I have gone wrong.
With hopeful regards
Toby
I new to mikrotik and have spent a long time researching how to set up my MikroTik CCR2116-12G-4S+ to do what I need it to do. Up to this point I really can't understand what I'm doing wrong, but clearly I am doing something wrong. I really hope that someone can point me in the direction to get this sorted.
I have read many articles, seen loads of YT tutorials and read many forum posts here without being able to understand what I'm doing wrong.
Here is a simple schematic over my environment:
Here is my usecase with references to the simple schematics attached to this post:
I like the following machines to be able to communicate:
- A and E, B and F, C and G, D and H on as close to wire speed as possible. These pairs should be separated from each other (pair to pair).
- J to be able to talk to E and K to G without any demand on wire speed. No other traffic should be routed to J and K than responses from E and G. Naturally J and G should not be able to talk to each other nor should E not be able to reach K.
A, B, C and D are virtual machines running on a hypervisor terminating them two trunk connections ("sfp-sfpplus3 – TRUNK1" and "sfp-sfpplus2 – TRUNK2"). Non of these VMs should be able to talk to each other.
E, F, G, H are physical machines with Gigabit Ethernet ports.
J and K are virtual machines running on another hypervisor. J and K are to share a physical trunk connection ("ether2 – TRUNK3") to the router.
This environment is not connected to internet nor have the need for any DHCP server functionality. All machines will have their IPs set staticky
Here is my export result:
Code:
[@MikroTik] > export# RouterOS 7.13/interface bridgeadd name=BR0 vlan-filtering=yesadd name=BR1 vlan-filtering=yesadd name=BR2 vlan-filtering=yes/interface ethernetset [ find default-name=ether2 ] name="ether2 - TRUNK3"set [ find default-name=sfp-sfpplus2 ] name="sfp-sfpplus2 - TRUNK1"set [ find default-name=sfp-sfpplus3 ] name="sfp-sfpplus3 - TRUNK2"/interface vlanadd interface="sfp-sfpplus2 - TRUNK1" name=VLAN10 vlan-id=10add interface="sfp-sfpplus2 - TRUNK1" name=VLAN11 vlan-id=11add interface=BR2 name=VLAN19 vlan-id=19add interface="sfp-sfpplus3 - TRUNK2" name=VLAN20 vlan-id=20add interface="sfp-sfpplus3 - TRUNK2" name=VLAN21 vlan-id=21add interface=BR2 name=VLAN29 vlan-id=29/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/portset 0 name=serial0/interface bridge portadd bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\ ether4 pvid=10add bridge=BR0 frame-types=admit-only-vlan-tagged interface=\ "sfp-sfpplus2 - TRUNK1"add bridge=BR1 frame-types=admit-only-vlan-tagged interface=\ "sfp-sfpplus3 - TRUNK2"add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\ ether7 pvid=20add bridge=BR0 frame-types=admit-only-untagged-and-priority-tagged interface=\ ether5 pvid=11add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\ ether8 pvid=21add bridge=BR0 frame-types=admit-only-vlan-tagged interface=VLAN19add bridge=BR1 frame-types=admit-only-vlan-tagged interface=VLAN29add bridge=BR2 frame-types=admit-only-vlan-tagged interface="ether2 - TRUNK3"/ip firewall connection trackingset enabled=yes/interface bridge vlanadd bridge=BR0 tagged="sfp-sfpplus2 - TRUNK1" vlan-ids=10add bridge=BR0 tagged="sfp-sfpplus2 - TRUNK1" vlan-ids=11add bridge=BR1 tagged="sfp-sfpplus3 - TRUNK2" vlan-ids=20add bridge=BR1 tagged="sfp-sfpplus3 - TRUNK2" vlan-ids=21add bridge=BR0 tagged=VLAN19 vlan-ids=19add bridge=BR1 tagged=VLAN29 vlan-ids=29/ip addressadd address=192.168.125.11/24 interface=VLAN10 network=192.168.125.0add address=10.0.11.11/24 interface=VLAN11 network=10.0.11.0add address=192.168.125.11/24 interface=VLAN20 network=192.168.125.0add address=10.0.21.11/24 interface=VLAN21 network=10.0.21.0add address=192.168.125.11/24 interface=VLAN19 network=192.168.125.0add address=192.168.125.11/24 interface=VLAN29 network=192.168.125.0/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-keyWhat I think I'm stuck on is sharing the "ether2 – TRUNK3" connection with BR0 and BR1 having VLAN19 to go to BR0 and VLAN29 to go to BR1.
Any suggestions would be much appreciated. And I know my usecase might seem a bit odd but its for a test environment where I'm going to run tests towards the machines E, F, G and H. There of no access to outside this environment.
If i have missed providing any information please do not hesitate to make me aware of it.
I have tried to understand the viewtopic.php?t=143620 thread but clearly not been able to sort my issues described above.
I like to understand where I have gone wrong.
With hopeful regards
Toby
Statistics: Posted by mr2web — Fri Jan 19, 2024 7:37 pm