Hi,
I am using mikrotik routers to route our inter-VLANs traffic. All ethernet ports are VLAN trunks, for redundancy I am bonding couple of ethernet ports into one bond interface and then bridging the bonded interfaces using one final bridge to which all the VLANs are attached to (see bellow). This works all great. It means all the ethernet ports carry VLAN tagged traffic as trunk ports. I would now like to have few more ethernet ports that are ‘access’ ports to specific VLANs but I am unable to configurate this.
My current config is following:
Bonding physical interfaces
/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=0ms lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=802.3ad mtu=1500 name=bond1 primary=none slaves=\
ether1,ether2 transmit-hash-policy=layer-2-and-3 up-delay=0ms
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=0ms lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=802.3ad mtu=1500 name=bond2 primary=none slaves=\
ether6,ether7 transmit-hash-policy=layer-2-and-3 up-delay=0ms
Bridging bonded interfaces
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 name=bridge1 priority=0x8000 protocol-mode=rstp \
transmit-hold-count=6
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=bond1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=bond2 path-cost=10 point-to-point=auto priority=0x80
Attaching vlans to the bridge
/interface vlan
add arp=enabled comment=Management disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan128 use-service-tag=no vlan-id=128
add arp=enabled comment=Production disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan129 use-service-tag=no vlan-id=129
add arp=enabled comment=Internet disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan10 use-service-tag=no vlan-id=10
add arp=enabled comment=Development disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan130 use-service-tag=no vlan-id=130
Now to have the extra ethernet port as a VLAN ‘access’ port I would expect something like this (which doesn’t work):
/interface vlan remove [find name=vlan130]
/interface bridge add name=bridge130
/interface bridge port
add bridge=bridge130 interface=ether13
add bridge=bridge130 interface=bridge1
/interface vlan add interface=bridge130 name=vlan130 vlan-id=130
This freezes the whole router so apparently not the right approach.
How can I make the interface ether13 to be an access port in vlan130 while keeping the existing functionality (the router provides the inter-vlan routing for all trunk traffic)?
Thanks, Antony.
efaden
September 30, 2013, 11:04pm
2
antonymayi:
Hi,
I am using mikrotik routers to route our inter-VLANs traffic. All ethernet ports are VLAN trunks, for redundancy I am bonding couple of ethernet ports into one bond interface and then bridging the bonded interfaces using one final bridge to which all the VLANs are attached to (see bellow). This works all great. It means all the ethernet ports carry VLAN tagged traffic as trunk ports. I would now like to have few more ethernet ports that are ‘access’ ports to specific VLANs but I am unable to configurate this.
My current config is following:
Bonding physical interfaces
/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=0ms lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=802.3ad mtu=1500 name=bond1 primary=none slaves=\
ether1,ether2 transmit-hash-policy=layer-2-and-3 up-delay=0ms
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=0ms lacp-rate=30secs link-monitoring=mii-type1 mii-interval=100ms mode=802.3ad mtu=1500 name=bond2 primary=none slaves=\
ether6,ether7 transmit-hash-policy=layer-2-and-3 up-delay=0ms
Bridging bonded interfaces
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 name=bridge1 priority=0x8000 protocol-mode=rstp \
transmit-hold-count=6
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=bond1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none interface=bond2 path-cost=10 point-to-point=auto priority=0x80
Attaching vlans to the bridge
/interface vlan
add arp=enabled comment=Management disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan128 use-service-tag=no vlan-id=128
add arp=enabled comment=Production disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan129 use-service-tag=no vlan-id=129
add arp=enabled comment=Internet disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan10 use-service-tag=no vlan-id=10
add arp=enabled comment=Development disabled=no interface=bridge1 l2mtu=65531 mtu=1500 name=vlan130 use-service-tag=no vlan-id=130
Now to have the extra ethernet port as a VLAN ‘access’ port I would expect something like this (which doesn’t work):
/interface vlan remove [find name=vlan130]
/interface bridge add name=bridge130
/interface bridge port
add bridge=bridge130 interface=ether13
add bridge=bridge130 interface=bridge1
/interface vlan add interface=bridge130 name=vlan130 vlan-id=130
This freezes the whole router so apparently not the right approach.
How can I make the interface ether13 to be an access port in vlan130 while keeping the existing functionality (the router provides the inter-vlan routing for all trunk traffic)?
Thanks, Antony.
I think I am confused about what exactly you want?.. can you post a diagram of your setup? … also post your export from the interfaces section…
-Eric
I think I am confused about what exactly you want?.. can you post a diagram of your setup? … also post your export from the interfaces section…
-Eric
The point is actually very simple - I have router that can route vlan traffic coming from trunk ports (ie. ports are passing tagged traffic). I want to have one (or more) port(s) that are passing untagged traffic of particular vlan (ie. vlan130 in my case). So I can patch myself to that port with my laptop and get connected directly to vlan130 (while rest of the trunk ports are still passing tagged traffic including vlan130).
I am attaching dump of my interfaces.
The diagram would be:
+-----------------------------------------+
| - ether1 |---- ~~ tagged trunk of vlans 128,129,130,200,10
| / |
| - bond0 |
| vlan128 --- \ / \ |
| vlan129 ---- \ / - ether2 |---- ~~ tagged trunk of vlans 128,129,130,200,10
| vlan130 ----- bridge1 |
| vlan200 ---- / \ - ether3 |---- ~~ tagged trunk of vlans 128,129,130,200,10
| vlan10 --- / \ / |
| - bond1 |
| \ |
| - ether4 |---- ~~ tagged trunk of vlans 128,129,130,200,10
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| ???? - ether13 |---- ~~ UNTAGGED vlan 130 ????
| |
+-----------------------------------------+
ifaces.txt (5.24 KB)
efaden
October 2, 2013, 12:07am
4
Pasting your code into a syntax tag… so I can read it… solution to follow…
efaden
October 2, 2013, 12:11am
5
Ok…
/interface bridge port
thanks for hint, I’ve been already trying this approach but this still freezes my router
Any idea what’s wrong?