Community discussions

MikroTik App
  4. RouterOS
  5. General

First Guess at VLAN on the Switch Chip  [SOLVED]

Post Reply
 
gotsprings
Forum Guru
Forum Guru
Topic Author
Posts: 2124
Joined: Mon May 14, 2012 9:30 pm

First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 6:13 am

First Time trying to use a RB960 as a switch

Needed Ports 1,4,5 to be Trunks
ether2 VLAN 20
ether3 VLAN 234

Am I even close here?
Code: Select all
# model = RB960PGS-PB
/interface bridge
add name=bridge
/interface ethernet switch port
set 0 default-vlan-id=1 vlan-mode=secure
set 1 default-vlan-id=20 vlan-mode=secure
set 2 default-vlan-id=234 vlan-mode=secure
set 3 default-vlan-id=1 vlan-mode=secure
set 4 default-vlan-id=1 vlan-mode=secure
set 5 default-vlan-id=1 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge disabled=yes interface=sfp1
/interface ethernet switch vlan
add independent-learning=no ports=\
    ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=1
add independent-learning=no ports=\
    ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=no ports=\
    ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=234
/ip dhcp-client
add interface=bridge
/system clock
set time-zone-name=America/New_York
/system note
set show-at-login=no
/tool romon
set enabled=yes
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 8:57 am

Close.

Just keep vlan membership of ports under /interface ethernet switch vlan in line with intended port role. E.g. if ether2 is only supposed to be access port to VLAN 20, then it should only be member of VLAN 20 under this configuration "branch" ... the way it's configured now (PVID a.k.a. default-vlan-id set to 20, port set as member of VLANs 1, 20 and 234) it's hybrid port (i.e. it'll communcate also with VLANs 1 and 234 ... tagged on out side).

And a suggestion: if you don't have good reasons to use it, then avoid using VLAN ID 1 ... there are many places where VID 1 is used by default config (thus implicit from administrator's point of view) and it can contradict your intents.
Top
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1205
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 9:00 am

Is there any benefit of configuring VLANs this way when supported ?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 9:17 am

Is there any benefit of configuring VLANs this way when supported ?

On devices with Qualcomm switch chips (QCAxxxx or ARxxx), mostly present in devices with Qualcomm ASICs (QCAxxxx), bridge is not offloaded to hardware. So if you want to use device as a swtich and have wirespeed performance without bothering CPU, you have to set up VLANs under /interface/ethernet/switch configuration subtree. On other "small MT devices" this kind of setup is not necessary (or even not supported) as bridge offloads to hardware. OTOH, some devices have CPU powerful enough to deal with switched traffic even if bridge is not offloaded, but this also depends on speed of switch-CPU interconnect (which may be a bottleneck in such scenario).

From the top of my head I can tell you about one bug, which is present in QCA4018 (at least), affecting PPPoE over access port (because it plagues my hAP ac2 :wink:), but I guess the scenario is used fairly rarely, so MT doesn't fix it (although they did confirm it as a bug).
OTOH, CPU in QCA401x is powerful enough to support wirespeed "switching" and interconnect is 2Gbps ... not much CPU cycles are left for other duties (e.g. wireless, routing, firewalling) though, so this kind of setup may not be always feasible.
Top
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1205
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 9:45 am

Thanks for explanation :D
Top
 
gotsprings
Forum Guru
Forum Guru
Topic Author
Posts: 2124
Joined: Mon May 14, 2012 9:30 pm

Re: First Guess at VLAN on the Switch Chip

Mon Mar 04, 2024 2:00 pm

When I first set the unit up. I treated it like a CRS328. Using bridge VLAN filtering... I could see the CPU taking the hit.

Speedtest were noticably impacted.

I found all the competing documentation that explained out to use the switch chips. But they were different between router os 6 and 7.

Then there are the "if you have this chip it doesn't follow these rules."

Finally found a page that showed what I thought would work. It didn't... Why because it never mentioned the CPU having to have the VLAN tags. So after hours and hours and resets... I tried the config above.

And for the first time I could get a proper IP address from each port.

Also I noticed that speedtest now didn't seem to affect the CPU at all. They also were getting up into the 900+ Meg range.

Since the documentation didn't include the CPU in the VLAN tables on one example and did in another... I figured I would ask here.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: First Guess at VLAN on the Switch Chip  [SOLVED]

Mon Mar 04, 2024 10:12 pm

When thinking about switch-cpu1 port ... just think of your switch chip as having 6 (otherwise equal ports), one of them being named "switch-cpu1" and connected to CPU. So it only has to be member of certain VLAN if CPU has to deal with traffic in that VLAN. E.g. if there's a VLAN which has to be switched between a few ports but ROS doesn't interact with it (e.g. IPTV broadcast service, delivered over a VLAN), then switch-cpu1 doesn't have to be a member.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], jaclaz, jurajhampel, Techsystem and 38 guests
  4. RouterOS
  5. General