I’ve been trying to get my RB5009 configured properly for many days now and I’m so close but there is still a problem.
I would greatly appreciate any pointers about what to try next.
Configuration:
Bridge with VLAN 20 as my WAN
Bridge Port ether2 belongs to VLAN 20 as untagged
Problem:
Egress on ether2 has the VLAN 20 tag, even though ether2 is displayed as “Currently Untagged” in Bridge VLANs.
Ingress to ether2 does not have a VLAN tag and it is received properly.
If I disable strict VLAN filtering on the next switch connected to ether2 my system works properly.
When the next switch only allows untagged traffic my system does not work.
I enabled Packet Sniffer on ether2 and using Wireshark I can see that all egress packets are VLAN tagged.
Screenshots below.
Bridge, Bridge Port ether2 and Bridge VLAN 20 configuration:
Packet Sniffer on ether2 opened with Wireshark shows egress packet is VLAN tagged:
Untagged response to the previous packet:
Please let me know if there is a setting I’m still missing.
To rule out 7.1.1 bugs, I have also tested on 7.2rc1 and now 7.2rc3.
Both rc releases mention bridges and vlans, but the do not fix my issue.
I have many questions, but to begin with, why your WAN port is inside the Bridge interface ? Maybe your ether2 is your Trunk port ? But you name it as WAN ? If it is your Trunk port why you need to pass untagged traffic and not tagged ? How is the port on the switch where ether2 is connected to configured ?
Maybe if you provide a network diagram would help first understand what the topology is… and then we could see the configuration …
Thank you for trying to understand my problem.
I now see how it is very difficult to understand without a diagram. Here is my network in three situations. My previous network, what I’m trying to achieve with the new router and what works now. I have highlighted the current problem in red.
Thank you.
I reset the configuration and started from scratch. I followed your instructions and used multiple example files from the VLAN thread.
Here are my exact steps. I used the default configuration as a base.
#Change to my subnet and disable DHCP
/ip/address/
add address=10.10.10.4/24 network=10.10.10.0 interface=bridge
remove numbers=0
/ip/dhcp-server/disable defconf
#Add VLANs and assign to bridge
/interface/vlan/
add interface=bridge name=VLAN10_LAN vlan-id=10
add interface=bridge name=VLAN20_WAN vlan-id=20
#Set bridge ports
/interface/bridge/port/
set bridge=bridge interface=ether2 pvid=20 numbers=0
set bridge=bridge interface=ether8 pvid=10 numbers=6
#Set bridge VLANs
/interface/bridge/vlan/
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=20
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10
#Set interface list WAN to VLAN20_WAN
/interface/list/
#This I messed up with command line but fixed in WinBox
add interface=VLAN20_WAN list=WAN
#Change WAN DHCP client from ether1 to VLAN20_WAN
/ip/dhcp-client/
set ether1 interface=VLAN20_WAN
#Enable VLAN filtering on the bridge
/interface/bridge/set bridge vlan-filtering=yes
#Enabled DHCP server for VLAN10_LAN to make packet capture easier
#Configure packet sniffer
/tool/sniffer/
set filter-interface=ether2 streaming-enabled=yes streaming-server=10.10.88.254
start
#Ping public IP and capture in WireShark
/tool/ping 8.8.8.8
Result is same behavior as before. Packets exiting ether2 are tagged with VLAN20, even though bridge VLANs lists ether2 as “Currently Untagged”.
I tried to disable fasttrack in the firewall but it had no effect.
Any idea what the problem could be?
Try to disable hardware offload on all bridge ports. With this you can check you config in software mode.
I have some issues with the switch in RB5009 (still investigating).
Great, disabling hardware offloading did resolve the issue!
I was not able to find this exact issue in the “RouterOS beta and rc versions” forum.
As it looks like I have discovered reproduceable steps for this bug I will post them there.
I will disable hardware offloading until then if it doesn’t affect my performance too much.
Thank you to all for the help!
Check “what i’m trying to achieve” in my diagram. I need to pass on WAN into my proxmox host as a VLAN as I have VMs that need it.
