Bridge vs switch problem

konrado · September 12, 2018, 11:51am

Hi, i have crs212 and i want to catch tagged trafic on sfp1 and send untagged to any other sfp.
I can simply create vlan on sfp1 and bridged with any other sfp. It overload CPU. Or i can config Switch CPU. It works perfect.

Problem is with tis:
I catch tagged trafiic on sfp1(vla257), utagg and send to sfp10. Behind sfp10 is next mikrotik(customer router) which send to me tagged traffic(vlan4). I want untag and send to any other sfp.
I solved this only with bridge. See attachments. It overload cpu.
Is real to solve this with switch cpu???

Sorry for my english

sindy · September 12, 2018, 7:14pm

According to this manual page, everything on earth regarding VLANs is possible using the switch chip, but to find out how to actually set up an access or hybrid port, you have to read the Examples page.

The point is that:

to tag tagless ingress frames on a port, you have to use an ingress VLAN mapping rule translating VLAN ID 0 to the desired one as the condition customer-vid=0 matches also on tagless frames.

/interface ethernet switch ingress-vlan-translation
add ports=ether6 customer-vid=0 new-customer-vid=200 sa-learning=yes

to untag a packet on port, it is enough not to mention it in the list of tagged ports for that VLAN:

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,ether7,ether8 vlan-id=200

So to your particular case:

sfp1 has C-vlan 257 as tagged, no other VLAN present
sfp10 has C-vlan 257 tagless and C-vlan 4 tagged
e.g. sfp9 has C-vlan 4 tagless

The complete configuration would be:

/interface bridge
add name=bridge1 igmp-snooping=no protocol-mode=none

/interface bridge port
add bridge=bridge1 interface=sfp1 hw=yes
add bridge=bridge1 interface=sfp9 hw=yes
add bridge=bridge1 interface=sfp10 hw=yes

/interface ethernet switch vlan
add ports=sfp9,sfp10 vlan-id=4 learn=yes
add ports=sfp1,sfp10 vlan-id=257 learn=yes

/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp10 vlan-id=4
add tagged-ports=sfp1 vlan-id=257

/interface ethernet switch ingress-vlan-translation
add ports=sfp9 customer-vid=0 new-customer-vid=4 sa-learning=yes
add ports=sfp10 customer-vid=0 new-customer-vid=257 sa-learning=yes

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=sfp1,sfp9,sfp10

BEWARE! I have never seen a live CRS, so all the above is how I understand the manual. Try at your own risk. A dej vědět, jak to dopadlo.