i have trouble with dhcp work under bridged vlans
Some at logs without success some can’t get ips at all with no warning
Re: MT 5.2 bridged vlan's dhcp trouble
Could you please provide more information? Post the output of:
Thanks.
Code: Select all
/interface bridge export
/interface vlan print
/interface dhcp-server print
/ip address printRe: MT 5.2 bridged vlan's dhcp trouble
Code: Select all
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1508 \
name="bridge1" priority=0x8000 protocol-mode=rstp \
transmit-hold-count=6
/interface bridge port
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=lan1 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan2 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan3 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan99 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=yes
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan1 1508 enabled 1 lan1
1 R vlan2 1508 enabled 2 lan1
2 R ;;; Cable
vlan3 1508 enabled 3 lan1
3 R w-2-BR 1508 enabled 4 lan1
3 R ;;; Devices
vlan99 1500 enabled 99 lan1
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 DHCP bridge1 LAN_POOL1 3d yes
# ADDRESS NETWORK INTERFACE
0 ;;; WAN
xxx.xxx.xxx.xxx/24 xxx.xxx.xxx.0 wan1
1 ;;; LAN
10.10.10.1/24 10.10.10.0 lan1
Re: MT 5.2 bridged vlan's dhcp trouble
Can you describe your topology in a bit more detail? Is the MT trunking those VLANs into a switch, or connecting directly to VLAN-aware devices on lan1?
Re: MT 5.2 bridged vlan's dhcp trouble
You've binded an IP to the bridge and you're binding the DHCP to the bridge, not the VLAN right?
Re: MT 5.2 bridged vlan's dhcp trouble
Code: Select all
/interface bridge port
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=lan1 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan2 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan3 path-cost=10 point-to-point=auto priority=0x80
add bridge="bridge1" disabled=no edge=auto external-fdb=auto horizon=\
none interface=vlan99 path-cost=10 point-to-point=auto priority=0x80
That won't do much of anything but put lan 1 on a bridge by itself.
As a guess, remove lan1 from the bridge. Then all your vlans will be bridged, if that is what you are after.
I once had a professor that gave 5 points just for drawing a picture of the problem.
As blake suggested, describe what you are trying to do and post even a hand drawn network diagram.
Re: MT 5.2 bridged vlan's dhcp trouble
I have several VLAN each vlan is branch of my network it may be switch or server or something else...
Main goal to link it together with one single subnet same DHCP and NAT...
LAN it's interface where connected all wlans .. (some pc not at VLAN some in VLAN's) so i join it all together to bridge
Main goal to link it together with one single subnet same DHCP and NAT...
LAN it's interface where connected all wlans .. (some pc not at VLAN some in VLAN's) so i join it all together to bridge
Re: MT 5.2 bridged vlan's dhcp trouble
I also wanted to do something like this at my parent's home with their MikroTik RB750 with ROS v5.2, but as soon as I bridged 2 (or more) VLAN's (used by the WiFi AP's clients) then their network stops. The problem wasn't just with DHCP but that the network completely stopped functioning for those devices connected to the bridged VLANs.
I wanted to bridge both the PC's on the LAN (Ether3) and the wireless devices on VLAN 1 & VLAN 2 (via Ether2).
The reason for bridging them was so that I can stream to the TV, which requires the device to be on the same subnet.
The reason for the different VLAN's was to be able to identify/graph the different sources easily (eg. my parents / the neighbours).
Here's a simple network diagram: I ended up bridging (bridge-lan) only 1x VLAN (vlan-2) with the Ether3 interface.
I set up unique IP addresses/subnets for the vlan-1 and bridge-lan interfaces. I also had to create 2 separate DHCP servers.
I think the same problem was in ROS v4 as well, but I can't say for sure.
I wanted to bridge both the PC's on the LAN (Ether3) and the wireless devices on VLAN 1 & VLAN 2 (via Ether2).
The reason for bridging them was so that I can stream to the TV, which requires the device to be on the same subnet.
The reason for the different VLAN's was to be able to identify/graph the different sources easily (eg. my parents / the neighbours).
Here's a simple network diagram: I ended up bridging (bridge-lan) only 1x VLAN (vlan-2) with the Ether3 interface.
I set up unique IP addresses/subnets for the vlan-1 and bridge-lan interfaces. I also had to create 2 separate DHCP servers.
I think the same problem was in ROS v4 as well, but I can't say for sure.
You do not have the required permissions to view the files attached to this post.
Re: MT 5.2 bridged vlan's dhcp trouble
@Pada: Are you running stock firmware on the Dlink or Open/DD WRT?
I looked at the Dlink site and they have an emulator running so you can play with the device web config:
http://www.support.dlink.com/emulators/ ... izard.html
I don't see a way to add vlan's nor a second ssid.
This network is easy to implement in ROS, but based on what you want to do it requires SSID1 and SSID2 traffic to arrive tagged at the 750 port 2.
If you are running Open/DD WRT, post the contents of /etc/config/network and /etc/config/wireless
The 750 would have:
2 vlans on port 2
The same 2 vlans bridged to port 3
An ip address, dhcp server, etc on the bridge.
Masquerade out ether.
Firewall rules,
etc.
It's very simple.
I looked at the Dlink site and they have an emulator running so you can play with the device web config:
http://www.support.dlink.com/emulators/ ... izard.html
I don't see a way to add vlan's nor a second ssid.
This network is easy to implement in ROS, but based on what you want to do it requires SSID1 and SSID2 traffic to arrive tagged at the 750 port 2.
If you are running Open/DD WRT, post the contents of /etc/config/network and /etc/config/wireless
The 750 would have:
2 vlans on port 2
The same 2 vlans bridged to port 3
An ip address, dhcp server, etc on the bridge.
Masquerade out ether.
Firewall rules,
etc.
It's very simple.
Re: MT 5.2 bridged vlan's dhcp trouble
@reverged:
Thanks for your response.
And 'no' w.r.t. DD-WRT firmware.
I've installed the German D-Link (v2.50de) firmware on it, which fixed the stability issues and allows for Multi-SSID. See page 37 & 38 of ftp://ftp.dlink.de/dwl/dwl-2100ap/docum ... ndbuch.pdf
I have actually setup my RB750 just like you said, but as soon as I add both VLANs to the same bridge they stop working, which is why I currently have only one of the VLAN's bridged.
Thanks for your response.
And 'no' w.r.t. DD-WRT firmware.
I've installed the German D-Link (v2.50de) firmware on it, which fixed the stability issues and allows for Multi-SSID. See page 37 & 38 of ftp://ftp.dlink.de/dwl/dwl-2100ap/docum ... ndbuch.pdf
I have actually setup my RB750 just like you said, but as soon as I add both VLANs to the same bridge they stop working, which is why I currently have only one of the VLAN's bridged.
Re: MT 5.2 bridged vlan's dhcp trouble
I made it through some of that document based on some fading German I picked up in Vienna -- then had to Google Translate it....
I'd suggest running Torch on the 750 port 2 and verify the correct vlan tags are being assigned by the Dlink.
Click the vlan tick box and set the timeout to something reasonable like 30 seconds.
Generate traffic on both ssid's and you'll see how it arrives at the 750.
What's odd is the Dlink doesn't seem to have a way to assign a management vlan.
If the Dlink leaves management traffic untagged, then you have a bit of a problem as ROS cannot deal with untagged and tagged on the same port. If you have a 750G then you can use the switch chip to force a vlan for untagged management traffic.
Post:
I'd suggest running Torch on the 750 port 2 and verify the correct vlan tags are being assigned by the Dlink.
Click the vlan tick box and set the timeout to something reasonable like 30 seconds.
Generate traffic on both ssid's and you'll see how it arrives at the 750.
What's odd is the Dlink doesn't seem to have a way to assign a management vlan.
If the Dlink leaves management traffic untagged, then you have a bit of a problem as ROS cannot deal with untagged and tagged on the same port. If you have a 750G then you can use the switch chip to force a vlan for untagged management traffic.
Post:
Code: Select all
/interface bridge export
/interface vlan print
/interface dhcp-server print
/ip address print
Re: MT 5.2 bridged vlan's dhcp trouble
When you bridge several VLANs together (especially when they share the same physical port) you need to set up a filter to block them from talking to each other. Without it things break down very very quickly and stop working altogether.
There are two ways of doing this that I am aware of.
1.) Specify the horizon option in bridge port. This is the easiest and cleanest way to do it.
http://wiki.mikrotik.com/wiki/Manual:MP ... n_bridging
2.) Set up an actual bridge firewall filter that blocks communication between ports.
Second note about bridging VLANs together. If you bridge them together, the physical interface that they are a part of cannot be a member of the same bridge. I.E. if all of your VLANs are on LAN1, LAN1 cannot be a part of the VLAN bridge as well, this will break things. This basically means to you then that all traffic entering that interface must be tagged in order to reach your bridge.
Just remember to treat each VLAN in a MikroTik as its own separate routed interface.
There are two ways of doing this that I am aware of.
1.) Specify the horizon option in bridge port. This is the easiest and cleanest way to do it.
http://wiki.mikrotik.com/wiki/Manual:MP ... n_bridging
2.) Set up an actual bridge firewall filter that blocks communication between ports.
Second note about bridging VLANs together. If you bridge them together, the physical interface that they are a part of cannot be a member of the same bridge. I.E. if all of your VLANs are on LAN1, LAN1 cannot be a part of the VLAN bridge as well, this will break things. This basically means to you then that all traffic entering that interface must be tagged in order to reach your bridge.
Just remember to treat each VLAN in a MikroTik as its own separate routed interface.
Re: MT 5.2 bridged vlan's dhcp trouble
Thanks Feklar.
In my case (see the image in my previous post), I have 2 tagged VLAN's for the AP's clients and an untagged VLAN on Ether2 for managing the D-Link - all on the same physical port.
I would like to have the vlan1 & vlan2 bridged with the Ether3 interface.
Do you perhaps have an example of how to setup the Bridge filtering so that the VLAN's on that interface cannot communicate with each other?
Would it be as simple as:?
In my case (see the image in my previous post), I have 2 tagged VLAN's for the AP's clients and an untagged VLAN on Ether2 for managing the D-Link - all on the same physical port.
I would like to have the vlan1 & vlan2 bridged with the Ether3 interface.
Do you perhaps have an example of how to setup the Bridge filtering so that the VLAN's on that interface cannot communicate with each other?
Would it be as simple as:
Code: Select all
/ip firewall filter
add chain=forward in-interface=vlan1 out-interface=vlan2 action=drop
add chain=forward in-interface=vlan2 out-interface=vlan1 action=dropRe: MT 5.2 bridged vlan's dhcp trouble
I think it's this. I've stopped using this and gone purely to specifying the horizon option. It accomplishes the same thing, only seems to do it much better.
You can bridge a physical port together with a VLAN with no issue, you just cannot bridge a VLAN together with the physical port it is a part of.
This works:
This will not work:
Horizon is a way of isolating ports, any traffic coming in on a port cannot leave another port with the same horizon value. If you wanted to allow Ether3 to talk to the two VLANs and the VLANs to talk to Ether3, just don't specify the horizon option on ehter3 when adding it to the bridge.
Like I said, when adding a VLAN to a MikroTik it is its own separate routed interface. There is nothing stopping you from assigning an IP and running a "separate" layer2 network on the VLAN and on the physical port. What you can do is bridge the two SSID VLANs together and run whatever services you want on that interface. Then on Ether2 have a separate subnet etc. on that interface for you to use as management for the switch (possibly the APs as well). Then just set up firewall filters to prevent the VLAN-bridge subnet from talking to the Ether2 subnet.
Code: Select all
interface bridge filter add in-interface="LAN-bridge" out-interface="LAN-bridge" action=drop
This works:
Code: Select all
/interface vlan
add name=VLAN002 vlan-id=2 disabled=no interface=ether5
/interface bridge add name="LAN-bridge"
/interface bridge port
add bridge="LAN-bridge" interface=VLAN002 horizon=1
add bridge="LAN-bridge" interface=ether4 horizon=1
Code: Select all
/interface vlan
add name=VLAN002 vlan-id=2 disabled=no interface=ether5
/interface bridge add name="LAN-bridge"
/interface bridge port
add bridge="LAN-bridge" interface=VLAN002 horizon=1
add bridge="LAN-bridge" interface=ether5 horizon=1
Like I said, when adding a VLAN to a MikroTik it is its own separate routed interface. There is nothing stopping you from assigning an IP and running a "separate" layer2 network on the VLAN and on the physical port. What you can do is bridge the two SSID VLANs together and run whatever services you want on that interface. Then on Ether2 have a separate subnet etc. on that interface for you to use as management for the switch (possibly the APs as well). Then just set up firewall filters to prevent the VLAN-bridge subnet from talking to the Ether2 subnet.
Re: MT 5.2 bridged vlan's dhcp trouble
@Feklar:
I have never had a problem bridging vlans together even on the same port.
(although I haven't needed to do it often where they are on the same port and I've never done it with 5.2, which is plagued)
As you wrote, they are treated as separate interfaces in ROS.
The bridge should keep track of which mac is on which interface, no?
e.g.: mac1 is on vlan6; mac2 is on vlan7; mac3 is on etherx; etc.
There's no difference between bridging a vlan and bridging a port. Or is there?
Am I missing something?
And I've also setup filters between bridged ports (and vlans). The filter can get lots of hits especially if the devices are on the same broadcast subnet.
If the point is to isolate interfaces, then simply run them as separate interfaces and don't incur the processing of the filter.
My assumption is the goal here is to allow traffic between the vlans but to be able to identify traffic as belonging to a vlan.
@Pada:
Having the management interface untagged on the same port with the tagged vlans for ssid's will not work with a 750.
You'll either need a MT device with a vlan capable switch chip (750G) or a vlan capable switch.
What is the switch you have?
Can you explain why things "break down very very quickly" further?When you bridge several VLANs together (especially when they share the same physical port) you need to set up a filter to block them from talking to each other. Without it things break down very very quickly and stop working altogether.
I have never had a problem bridging vlans together even on the same port.
(although I haven't needed to do it often where they are on the same port and I've never done it with 5.2, which is plagued)
As you wrote, they are treated as separate interfaces in ROS.
The bridge should keep track of which mac is on which interface, no?
e.g.: mac1 is on vlan6; mac2 is on vlan7; mac3 is on etherx; etc.
There's no difference between bridging a vlan and bridging a port. Or is there?
Am I missing something?
And I've also setup filters between bridged ports (and vlans). The filter can get lots of hits especially if the devices are on the same broadcast subnet.
If the point is to isolate interfaces, then simply run them as separate interfaces and don't incur the processing of the filter.
My assumption is the goal here is to allow traffic between the vlans but to be able to identify traffic as belonging to a vlan.
@Pada:
Having the management interface untagged on the same port with the tagged vlans for ssid's will not work with a 750.
You'll either need a MT device with a vlan capable switch chip (750G) or a vlan capable switch.
What is the switch you have?
Re: MT 5.2 bridged vlan's dhcp trouble
@Feklar:
Thanks.
I will most definitely give the Horizon parameter a go some time, when I'm back at my parent's home again
@reverged:
Thanks as well.
I had the RB750G, but I swapped it with my friend's RB750 because I had no gigabit devices in my home and I didn't know that the non-gigabit one lacked the switching chip
Currently everything is working with my RB750.
I have 4 tagged VLAN's on ether3-Switch, of which only 1 (vlan-L1) is bridged with 2x untagged Ethernet ports (ether1-Nanostation & ether2-Bure).
The untagged ether3-Switch works for managing the D-Link AP, as well as for all the PC's connected to it via an unmanaged (I think it's an Accton) 24-port 100Mbps switch.
I have attached a WinBox screenshot of this too: Here are my settings:
Thanks.
I will most definitely give the Horizon parameter a go some time, when I'm back at my parent's home again
@reverged:
Thanks as well.
I had the RB750G, but I swapped it with my friend's RB750 because I had no gigabit devices in my home and I didn't know that the non-gigabit one lacked the switching chip
Currently everything is working with my RB750.
I have 4 tagged VLAN's on ether3-Switch, of which only 1 (vlan-L1) is bridged with 2x untagged Ethernet ports (ether1-Nanostation & ether2-Bure).
The untagged ether3-Switch works for managing the D-Link AP, as well as for all the PC's connected to it via an unmanaged (I think it's an Accton) 24-port 100Mbps switch.
I have attached a WinBox screenshot of this too: Here are my settings:
Code: Select all
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \
mac-address=00:0C:42:5A:F3:45 mtu=1500 name=ether1-Nanostation speed=\
100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5A:F3:46 \
master-port=none mtu=1500 name=ether2-Bure speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5A:F3:47 \
master-port=none mtu=1500 name=ether3-Switch speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5A:F3:48 \
master-port=none mtu=1500 name=ether4-SDSL-Univ speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:5A:F3:49 \
master-port=none mtu=1500 name=ether5-ADSL-MWeb speed=100Mbps
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=1520 max-message-age=20s mtu=1500 \
name=bridge-SCN priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface bridge port
add bridge=bridge-SCN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2-Bure path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-SCN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether1-Nanostation path-cost=10 point-to-point=auto priority=\
0x80
add bridge=bridge-SCN disabled=no edge=auto external-fdb=auto horizon=none \
interface=vlan-L1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/interface vlan
add arp=enabled disabled=no interface=ether3-Switch l2mtu=1520 mtu=1500 name=\
vlan-L3 use-service-tag=no vlan-id=2
add arp=enabled disabled=no interface=ether3-Switch l2mtu=1520 mtu=1500 name=\
vlan-L1 use-service-tag=no vlan-id=1
add arp=enabled disabled=no interface=ether3-Switch l2mtu=1520 mtu=1500 name=\
vlan-L2 use-service-tag=no vlan-id=4
add arp=enabled disabled=no interface=ether3-Switch l2mtu=1520 mtu=1500 name=\
vlan-L4 use-service-tag=no vlan-id=3
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=vlan-L3 lease-time=3d name=dhcp-LAN-WiFi
add address-pool=dhcp-switch authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether3-Switch lease-time=3d name=\
dhcp-LAN-Switch
add address-pool=pool-vlan2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=vlan-L2 lease-time=3d name=dhcp-L2
add address-pool=pool-vlan4 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=vlan-L4 lease-time=3d name=dhcp-L4
/ip dhcp-server network
add address=192.168.90.0/24 comment="LAN - WiFi" dns-server=192.168.90.1 \
domain=tuis gateway=192.168.90.1
add address=192.168.91.0/24 comment="LAN - Switch" dns-server=192.168.91.1 \
domain=tuis gateway=192.168.91.1
add address=192.168.100.0/24 comment=VLAN-L2 dns-server=192.168.100.1 domain=\
tuis gateway=192.168.100.1
add address=192.168.101.0/24 comment=VLAN-L4 dns-server=192.168.101.1 domain=\
tuis gateway=192.168.101.1
/ip address
add address=192.168.90.1/24 comment="LAN - WiFi" disabled=no interface=\
vlan-L3 network=192.168.90.0
add address=10.20.60.123/24 comment=SCN disabled=no interface=bridge-SCN \
network=10.20.60.0
add address=192.168.89.254/32 comment="Nanostation @ 192.168.89.2" disabled=\
no interface=ether1-Nanostation network=192.168.89.2
add address=146.xx.xx.xx/25 comment="SDSL routers @ 146.xx.xx.xx-xx" \
disabled=no interface=ether4-SDSL-Univ network=146.xx.xx.0
add address=192.168.89.254/32 comment="D-ink ADSL router @ 192.168.89.1" \
disabled=no interface=ether5-ADSL-MWeb network=192.168.89.1
add address=192.168.89.254/32 comment="D-ink WiFi AP @ 192.168.89.3" \
disabled=no interface=ether3-Switch network=192.168.89.3
add address=192.168.91.1/24 comment="LAN - Switch" disabled=no interface=\
ether3-Switch network=192.168.91.0
add address=192.168.0.101/24 disabled=yes interface=vlan-L3 network=\
192.168.0.0
add address=192.168.100.1/24 comment="LAN - L2" disabled=no interface=vlan-L2 \
network=192.168.100.0
add address=192.168.101.1/24 comment="LAN - L4" disabled=no interface=vlan-L4 \
network=192.168.101.0
You do not have the required permissions to view the files attached to this post.
Re: MT 5.2 bridged vlan's dhcp trouble
@reverged
I'm assuming the problem comes from loops being caused in the network if you do not have some sort of filter to prevent traffic entering from one VLAN leaving another. It may not be a noticeable issue with a very small amount of VLANs, but it certainly is a problem if you have several VLANs sharing the same interface all bridged together. Also without some form of filter, either with the horizon option or a bridge filter, you are basically removing the purpose of the VLANs and keeping traffic separate.
It's not always possible to run multiple interfaces to keep traffic separate, that's where VLANs come in. VLANs are primarily a way to have the same hardware set up multiple logical layer2 networks without the need to buy extra hardware. I use them to keep clients isolated from each other and for troubleshooting. On many of my networks, I can tell you what device someone is connected to just by seeing what VLAN they are coming off of. This saves me a lot of time in troubleshooting as I don't need to hunt them down on the network.
@Pada both the 750 and 750G have a switch chip, and I believe they are enabled by default with ether2-5 on the switch group. You can make each Ethernet interface it's own routed interface by removing them from the switch chip. Those models just have a different switch chip from each other.
http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
I'm assuming the problem comes from loops being caused in the network if you do not have some sort of filter to prevent traffic entering from one VLAN leaving another. It may not be a noticeable issue with a very small amount of VLANs, but it certainly is a problem if you have several VLANs sharing the same interface all bridged together. Also without some form of filter, either with the horizon option or a bridge filter, you are basically removing the purpose of the VLANs and keeping traffic separate.
It's not always possible to run multiple interfaces to keep traffic separate, that's where VLANs come in. VLANs are primarily a way to have the same hardware set up multiple logical layer2 networks without the need to buy extra hardware. I use them to keep clients isolated from each other and for troubleshooting. On many of my networks, I can tell you what device someone is connected to just by seeing what VLAN they are coming off of. This saves me a lot of time in troubleshooting as I don't need to hunt them down on the network.
@Pada both the 750 and 750G have a switch chip, and I believe they are enabled by default with ether2-5 on the switch group. You can make each Ethernet interface it's own routed interface by removing them from the switch chip. Those models just have a different switch chip from each other.
http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
Who is online
Users browsing this forum: No registered users and 28 guests