Bridges, VLANs & Trunks

jfdon · February 18, 2019, 9:49am

Dear community,

I am having a hard time accomplishing a rather simple task, most likely because I am a bit confused about the Mikrotik approach to VLANs and also because I am not an expert on these matters.
My scenario is quite simple. In the one hand, I get the VLAN 13 in one of my corporate routers (ROUTER-A, CCR-1016, 6.42.x, on premises) through a trunk interface (sfp1) where other VLANS are also configured. On the other hand, I also get the same VLAN 13 in another router (ROUTER-B, CCR-1016, 6.42.x, also on premises) through a dedicated trunk interface (sfp1) where other VLANS are also configured.

I need to close the circuit and propagate the VLAN 13 between ROUTER-A and ROUTER-B, according to the attached picture, using port sfp8 on both routers. My understanding is that given my devices and the RouterOS versions they are running this should be done by implementing a bridge in both routers:

Router-A
/interface bridge
add comment=“My bridge to trunk V13” name=bridge1

/interface bridge port
add bridge=bridge1 comment=“Connection to Router-B” interface=sfp8
add bridge=bridge1 comment=“ISP1 Trunk” interface=sfp1

/interface bridge vlan
add bridge=bridge1 tagged=sfp1,sfp8,bridge1 vlan-ids=13

/interface vlan
add comment=“VLAN 13” interface=sfp1 name=VLAN13-sfp1 vlan-id=13

Router-B
/interface bridge
add comment=“My bridge to trunk V13” name=bridge1

/interface bridge port
add bridge=bridge1 comment=“Connection to Router-A” interface=sfp8
add bridge=bridge1 comment=“ISP2 Trunk” interface=sfp1

/interface bridge vlan
add bridge=bridge1 tagged=sfp1,sfp8,bridge1 vlan-ids=13

/interface vlan
add comment=“VLAN 13” interface=sfp1 name=VLAN13-sfp1 vlan-id=13

I can’t get this to work so I am wondering whether there is any misconception in my approach. The final goal of this setup is that traffic from ISP1 might eventually be routed to ISP2 using VLAN13. What do you think could be the problem?

Thanks!

jfdon

anav · February 19, 2019, 2:12pm

I think this is totally possible but am no expert to give advice.
I do want to ask though which router provides DHCP for the VLAN?
Since only one should provide it.

SFP port on each should be trunk port, single vlan

I would use a different name for bridges for clarity.

For RouterA
I would think about removing this as the ISP traffic should not normally be on the bridge (at least not in any of my configs)
add bridge=bridge1A comment=“ISP1 Trunk” interface=sfp1 ???
This may be perfectly legitimate but as I said I dont put my ISP on any vlans except if the ISP needs one so I can get at the ISP traffic
but this vlan is strictly ISP to router and not to my network.

thus if not needed would change this rule…
/interface bridge vlan
add bridge=bridge1A tagged=bridge1A,sfp8 vlan-ids=13

For me this is the most glaring error
/interface vlan
add comment=“VLAN 13” interface=sfp1 name=VLAN13-sfp1 vlan-id=13

Should be
/interface vlan
add comment=“VLAN 13” interface=bridge1A name=VLAN13-sfp1 vlan-id=13

As for router B - same comments, not sure why you are adding ISP to bridge, I dont think its necessary…

thus
/interface bridge vlan
add bridge=bridge1B tagged=sfp8,bridge1B vlan-ids=13

and finally the big booboo
/interface vlan
add comment=“VLAN 13” interface=sfp1 name=VLAN13-sfp1 vlan-id=13

should be
/interface vlan
add comment=“VLAN 13” interface=bridge1B name=VLAN13-sfp1 vlan-id=13