Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Need help with L3 VLAN  [SOLVED]

Post Reply
 
ansky
just joined
Topic Author
Posts: 15
Joined: Sun Mar 10, 2024 6:10 pm

Need help with L3 VLAN

Sun Mar 10, 2024 6:21 pm

Hello,
I just bought a hAP ax3 and I tried configuring a L3 VLAN.
I have my laptop connected to port ether1. The laptop's interface is set to 192.168.55.2/24.
The ether1 interface on the device does not have any IP configured.
I created a L3 VLAN named VLAN1 and added it to ether1. I set the ip address of it to 192.168.55.1/24.

The two machines won't ping each other.

If I set the IP to ether1 instead of VLAN1, I can ping the two machines.
If I create a bridge and add both VLAN1 and ether1 to the bridge, the interface stops working.

Here's my complete configuration:

Code: Select all
[admin@MikroTik] > export
# 2024-03-10 17:17:37 by RouterOS 7.12.1
# software id = **ELIDED**
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = **ELIDED**
/interface vlan
add interface=ether1 name=VLAN1 vlan-id=1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.55.1/24 interface=VLAN1 network=192.168.55.0
/ip firewall filter
add action=accept chain=forward
add action=accept chain=input
add action=accept chain=output
/system clock
set time-zone-name=Europe/Zurich
/system note
set show-at-login=no

What am I missing?
It's been 3 hours that I'm wrestling with this problem.
Last edited by tangent on Mon Mar 11, 2024 12:25 am, edited 1 time in total.
Reason: Elided PII
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Need help with L3 VLAN

Mon Mar 11, 2024 3:57 am

As long as the port using the vlan is not on the bridge its a viable path.
If you have the vlan on the bridge then you should use all vlans and the bridge does no DHCP etc...
Do not use VLAN1 for anything carrying data..........
If your router gets a public IP, then your firewall rules are your biggest issue.

This is not a config, its a few lines that are mostly useless.
Top
 
RhoAius
newbie
Posts: 31
Joined: Fri Jul 12, 2019 10:47 pm

Re: Need help with L3 VLAN  [SOLVED]

Mon Mar 11, 2024 10:11 am

  • VLAN is a L2 concept, it has nothing to do with layer 3 from the OSI model.
  • Your laptop is on the normal (untagged) broadcast domain
    But you set your router on the vlan 1 broadcast domain(thus packets are tagged from ether1)
    The devices are in 2 different broadcast domains(L2) this is why they cannot communicate
  • You cannot bridge a parent interface with its child subinterface(ether1 and vlan1 tied to ether1)
With your config example the vlan1 is completely useless.
Top
 
ansky
just joined
Topic Author
Posts: 15
Joined: Sun Mar 10, 2024 6:10 pm

Re: Need help with L3 VLAN

Mon Mar 11, 2024 1:57 pm

  • VLAN is a L2 concept, it has nothing to do with layer 3 from the OSI model.
  • Your laptop is on the normal (untagged) broadcast domain
    But you set your router on the vlan 1 broadcast domain(thus packets are tagged from ether1)
    The devices are in 2 different broadcast domains(L2) this is why they cannot communicate
  • You cannot bridge a parent interface with its child subinterface(ether1 and vlan1 tied to ether1)
With your config example the vlan1 is completely useless.
Thank you. I resolved the issue by associating the Layer 3 VLAN with the bridge, making VLAN1 a subinterface of the bridge. I then connected ether1 to the bridge as a port. Following that, I enabled VLAN filtering and configured ether1 to be untagged for VLAN 1, so that packets leaving ether1 have their VLAN 1 tag removed.

By the way, I believe that what are referred to as Layer 3 VLANs should actually be termed virtual interfaces. However, in MikroTik terminology, virtual interfaces and Layer 2 VLANs share the same designation.

Additionally, I find it peculiar that MikroTik treats the bridge as both a Layer 2 switch and a Layer 3 interface.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: Need help with L3 VLAN

Mon Mar 11, 2024 4:58 pm

Additionally, I find it peculiar that MikroTik treats the bridge as both a Layer 2 switch and a Layer 3 interface.

If one is pedantic as to what a particular entity does, then bridge actually has 4 personalities ... and there's a good explanation of all of them.

As to L3 VLANs: it's a pitty to (ab)use a well defined technical acronym (Virtual LAN as defined by IEEE 802.1Q) for something that is otherwise also (well) known as "IP subnet". There's simply no logic to call VLANs few subnets on "LAN" side of a router ... what's so Virtual about them?
Last edited by mkx on Mon Mar 11, 2024 5:29 pm, edited 1 time in total.
Top
 
jaclaz
Long time Member
Long time Member
Posts: 667
Joined: Tue Oct 03, 2023 4:21 pm

Re: Need help with L3 VLAN

Mon Mar 11, 2024 5:22 pm

Only as a side note, I have read several times that it is - generally speaking - not a good idea to use vlan 1 as it is the "default" one and may cause conflicts, if there are no particular reasons for it to be 1, better use 10 (or 99, whatever).
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Need help with L3 VLAN

Mon Mar 11, 2024 5:31 pm

vlan1 is already used in the background, and not just by MT devices.
best to never use for vlans carrying traffic.
Top
Post Reply

Who is online

Users browsing this forum: evv2v6 and 16 guests
  4. RouterOS
  5. Beginner Basics