Best way to use VLAN?

49er · June 28, 2017, 6:22am

Hi,

What is best way to configure VLANs.
I’m struggeling now for a long time with it.
It is not real clear for me.
You can add vlans in /interfaces vlan
Than create bridges (for trunk ports)

You can also create vlans under /internet Ethernet switch vlan

What is best and most stable?
And best performance?
Is there a guide to do it?

It is also not the same on every device.
RB951G-2HnD is different than CRS125 and is different as RB-SXT …

jarda · June 28, 2017, 6:33am

What is best… And for what purpose?

Fastest is to make vlans in the switch and not to bother cpu with it. If you need special features over those provided by switch, you need to involve cpu and make bridges.

49er · June 28, 2017, 8:22am

Jarda,

Thanks for your reply.
I asked this because I have problems with RSTP loops.

If I create vlans on switch, do I need to add /interface vlan add … also?
And when do I need bridges?
I want to use CAPsMAN with local forwarding.
want VLANs for management, smartphones, laptops, desktops and so on
VLAN ID’s:
LAN_MGMT = 9
LAN_DATA = 10 (Desktops
LAN_MFP = 12 (Printers)
WLAN_DATA = 12 (Laptops)
WLAN_GUESTS = 14 (GUESTS)
WLAN_SP =19 (Smartphones)

jarda · June 28, 2017, 8:33am

Rstp is not implemented in mikrotik hardware switches. So if you need to deal with loops, rstp on bridge level is the only option for you so far.

49er · June 28, 2017, 8:40am

Jarda,
Thanks for your reply.

I will explain a little more.
I have a new configuration with several devices but have lots of problems (in the logs I see RSTP loop messages.)
Now I’m so far to see if I need a new design and configuration but don’t know what to do.
The point is that I don’t understand VLANS and Mikrotik.
I’m searching for someone how can help me with it. Mayb review my config and give me tips

jarda · June 28, 2017, 9:36am

If you are mixing versions of ros in the network, note that the rstp implementation was changed recently and is not mutually compatible. If you do not have any real loops, switch the rstp off everywhere. Otherwise update the ros to 6.39.2 everywhere.

49er · June 28, 2017, 11:51am

Jarda,

Thanks again.
All the devices are running the latest version.
I know for sure I don’t have real loops (by cables).
Maybe loop from bad config (Is that possible?)

jarda · July 19, 2017, 9:30am

Yes, it is possible if you put vlan ports into bridges where they shouldn’t be.

jarda · July 19, 2017, 9:34am

Maybe routing to default route takes somewhere place badly. If you have a device reachable by vlan and by Ethernet, and you send a packet to it, it responses via default route back via other interface that could be also detected by a loop. In this case mangle incoming connections and set correct routing for the responses to the same interfaces.