Community discussions

MikroTik App
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Native VLAN and Tagging

Wed Mar 10, 2010 4:34 pm

I am trying to get VLAN tagging of traffic to work. I think I have trunking figured out, but if I plug a non VLAN aware device in, the traffic just stays on the default untagged VLAN. I do not have a managed switch, instead I am using a Mikrotik RB750 and trying to get it to act as an edge port a with Native VLAN of say 20 such that traffic to/from the port to the non vlan aware device is untagged, but traffic going upstream is tagged VLAN20. I was able to do a packet sniff and it isn't doing that now. I was pretty sure that when I went into the Switch menu and then VLAN and then added VLAN ID 20 to port 2 that it would tag traffic going upstream but this isn't the case. Does anyone know how to get port to tag traffic without a different switch?
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 1:03 am

I just assign the port to a bridge in "vlan" 20. It really isnt a "vlan" when you are doing it the way you are doing it, unless you are using the switch features of ROS which I havent done any VLAN stuff with yet.
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 5:30 am

That from what I understand is pretty much how you do trunking, IE allowing a switch to pass a VLAN information to the mikrotik or another router, or even getting the Mikrotik to recognize VLANed traffic and assigning IP addresses and routing etc. What I need to know is how to get the mikrotik to tag untagged traffic from a VLAN unaware device (IE most computers)
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 6:35 am

How are you doing VLANs in the RB? Under switch, or under interfaces? There would be a distinct difference between the 2. Personally, I never use native VLANs in the same port that has tagged VLANs. I think its sloppy.
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 4:17 pm

I have tried every way I can think of. Both just adding VLANs to the interface(from my research that is how you do trunking, and via the Switch menu on the left. Neither are turning the port into a native port and tagging untagged traffic like I need it to.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 4:28 pm

The problem with doing it on the interface is this:

The port has no native VLAN. It is just a port. If you want to associate it with a network on a router, you bridge the interface to the network. If you attach an interface that has vlans on it to a bridge, it bridges over the tagged information as well.

The actual vlanids on the tagged ports is irrelevant inside the router. If you have vlans 10,20,30 on ether2 and 40,50,60 on ether3, by bridging the 40 and 20 vlan together, they will pass information. It isnt like a switch where everything on the switch in a particular vlan automatically passes across all ports/trunks in that vlan.

This is because doing it under /interfaces doesnt use the switch chip. Now, it might be possible to do what you want under /interface ethernet switch, but I havent doen anything more with the switch chip than allocate certain ports together into a switch group.
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 4:33 pm

Yup, I got as far as what you posted. I am wondering if there is a way under the switch to make a port tag untagged traffic as a specific vlan like you would in any other switch. I think I am kind of on the brink but am apparently missing something crucial.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 4:38 pm

The real reason I dont care so much is that it kind of negates the security of VLANs. If you have a trunked port, typically it is running from switch to switch or router to switch. Devices that can be secured, not a port accessible to others. If you have a "secure" network as a trunked vlan on the same port that has a native vlan, anyone can just attach to that vlan.
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 7:59 pm

basically what I need is for say port 1 to be the trunk, feeding VLANs up to the next device, and then the other ports on the switch each be tag any traffic from VLAN unaware devices with their own VLAN to effect client isolation
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Native VLAN and Tagging

Thu Mar 11, 2010 8:27 pm

Ohh, in that case, make port 1 the trunk port with say vlanids 1,2,3,4

Create 4 bridges called vlan1,2,3,4

Add the vlan ports into the proper bridge and ports 2,3,4,5 into the proper bridge
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 135
Joined: Sat Feb 06, 2010 6:32 am

Re: Native VLAN and Tagging

Sun Mar 14, 2010 11:05 pm

Here are the steps I took. Thank you for your help. I hope the below helps the next person with VLANs.
On your Mikrotik router
Create a bridge
Create an IP address on that bridge
Create a DHCP server on that bridge
Create a VLAN interface with the VLAN ID you want tagged traffic (tagged traffic VLAN) to come across under the ethernet interface that will be connected to the downstream equipment.
Create a VLAN interface with the VLAN ID you want to use for device management (management VLAN) under the ethernet interface that will be conencted to the downstream equipment.
Add the VLAN interfaces (both tagged traffic and management VLANs) you created to the bridge, do not add the physical port interface to the bridge.
If you want a hotspot on the vLAN, do a hotspot setup for the bridge.

On the downstream Mikrotik switch/router
Create the management VLAN interface under the uplink port interface. Use the same VLAN ID you used for the management VLAN on your mikrotik router.
Add an IP address or a DHCP client to the management VLAN interface.
Create a bridge
Create the tagged traffic VLAN interface under the uplink ethernet interface. Use the same VLAN ID you used for the tagged traffic VLAN on your mikrotik router.
Add the tagged traffic VLAN interface to the bridge as well as the ehternet port interface you want tagged with that vlan.
Test.
 
galaxyclusters
just joined
Posts: 1
Joined: Fri Feb 23, 2018 11:19 am

Re: Native VLAN and Tagging

Fri Feb 23, 2018 12:16 pm

Hi There

I hope this is the correct place to post this...

My scenario:
I have a Cloud Core Router CRS109-8G-1S-2HnD-IN and I would like to create and "separate network" with this. Use one external IP for the MikroTik & GW and then a internal 10. something network. I am however struggling to get this to work. I have issues with the Uplink from a network switch to the MikroTik, which uses VLAN's and the "uplink" port to the MikroTik is a trunk port, using both an untagged and tagged vlan, as this is needed for the setup.

So that is my question, how do I set this up? How do you get the MikroTik to communicate on TAGGED VLAN's from a network switch? It works on a untagged VLAN, but that is not how we want it to work. This "uplink's" external IP needs to work on a tagged VLAN, because the untagged VLAN is being used for other services. You can have multiple tagged VLAN's on the network switch on one port but only 1 untagged.

I have tried a bunch of things to get this to work, ranging from bridge VLAN, the mikrotik switch VLAN and ports, the interface VLAN etc.. but non seem to work. So is this possible or am I missing something?

Let me know if more details are required to explain this scenario?

Thanks!

Who is online

Users browsing this forum: Amazon [Bot], bertus, Google [Bot], mgrlobo and 92 guests