Hi So how do I work with the local services .. DNS and NTP ??? Alex ________________________________________ From: Public [public-bounces@talk.mikrotik.com.au] on behalf of Alex Samad - Yieldbroker [Alex.Samad@yieldbroker.com] Sent: Friday, 27 January 2017 3:10 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VRF - routing and default local services Also one other question it was mentioned that if I enter a rule (or two ?) into /ip route vrf Route will disappear from the default route table. /ip route> export # /ip route add distance=250 gateway=10.32.80.1 routing-mark=Management add distance=251 gateway=192.168.0.2 /ip route vrf add interfaces=Management routing-mark=Management /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 10.32.80.1 250 1 ADC 10.32.80.0/24 10.32.80.72 Management 0 2 A S 0.0.0.0/0 192.168.0.2 251 3 ADC 192.168.0.0/24 192.168.0.1 ether1 0 So what do I need to add to vrf to make 0 A S 0.0.0.0/0 10.32.80.1 250 Disappear when printing the default table ? Or am I misunderstanding something Alex -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 27 January 2017 3:02 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VRF - routing and default local services Hi Just continuing on my journey for multiple VRF. I have segregated of an interface for management. Using routing with vrf = Management and mangle rules to mark all packets / connections with vrf=Management. Caveat is that my default routing table must have a valid route. So when I tested telnet ccr on the management port ip from a box on the same vlan - management, I could see packets coming in and then nothing leaving Add in default route via a cross connect and suddenly packets start to flow back. Note I can send default to blackhole that doesn't work. Now my question is things like logging can I set the source address / interface . will setting the source set the interface ? Will packets pick up the mark if they have that source address - or do I need to add in a mangle that say's any with that source address has the vrf=Management Alex Alex Samad | Network And System Manager | Yieldbroker * +61 2 9994 2893 | ( +61 438 838 143 | * alex.samad@yieldbroker.com<mailto:alex.samad@yieldbroker.com> This email is confidential and intended for the addressee only. If you may have received this email in error please delete it and notify the sender immediately. Recipients should not forward, disclose, distribute or copy this e-mail or any attachments in whole or part without the express permission of the sender. Views expressed in this message are those of the individual sender, except where they are specifically stated to be those of Yieldbroker. Yieldbroker accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Yieldbroker can not guarantee the integrity of this communication and shall not be liable for e-mail which may be intercepted, corrupted, lost, spoofed, delayed, incomplete, or virus infected. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg Click here to report this message as spam: https://console.mailguard.com.au/ras/1Q8Yx1dlys/BtttE6CLbVF1p34JTDGua/0.2 _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au