Bug ? Same mac diff. VID not work

port9nka · April 13, 2016, 12:47am

Hello, got a problem on rb250gs, fw 1.14

Two trunk ports are configured - vlan mode strict, vlan header - add if missing.

It is not working when forwarding same mac address with different 802.1q tags.
Changings one of the macs solves problem, but in my situation it isnt possible.
Could this be solved, using ACL ?
Thanks

port9nka · April 22, 2016, 10:42pm

87 views, but no answer. Well I got a picture for better undestanding. It’s really bug, i cant solve it

jarda · April 23, 2016, 12:46am

The majority of the viewers are probably indexing bots. You cannot expect anything from them.

docmarius · April 23, 2016, 10:01am

If you remove the RB250 and connect the 912uag directly into the D-link switch does it work?

The idea is that “dumb” switches don’t like the same MAC on different ports, because they build a MAC table to be used for L2 switching decisions and don’t care about VLANs, IPs and other higher stuff. This means that such a switch will send data to a specific MAC address to the port on which the MAC address was last heard. If the mac address is not in its table or a timeout occurs (the order of magnitude is minutes), it will sent the data to all ports, up to the moment it will receive a packet with the desired source MAC, when it will again associate that port with the MAC destination.
In your case, the D-link switch will switch the virtual path between the 2 ports, depending on which one the last incoming traffic was heard.
So IMHO it will never work as you expect, if your Dlink is not able to manage VLANs with independent learning.

If the above holds true, the solution is to either deploy a real smart switch or use a single ethernet connection between your WAN router and the Dlink switch. Use bonding if you need a higher bandwidth and your switch supports it (making the agregated connection appear as a single interface to the switch - but in this case it probably supports VLANs and then we talk about a bug in the D-link switch, not in the RB250), or use different MAC addresses for the 2 ports on the WAN router. As a last resort, you could deploy an ethernet hub between your WAN router and the Dlink switch (or instead of it), which is probably not the best solution, because it will allow collisions and limit you to 100Mbps, since AFAIK there are no 1Gbps hubs (and hubs are really hard to get lately).

If the tagging from Dlink is correct and the Dlink does its job correctly, then, of course, the culprit is the RB250. And the first question which comes to mind is: do you use the latest firmware on it (from your screen shots it doesn’t seem that way, if the firmware is functional identical to the RB260, which shows another image on the VLANs tab than the one you posted).

port9nka · April 23, 2016, 4:30pm

docmarius, thanks to your reply.

First of all, dlink switch is DGS-1100-06/me - it is managed l2 and work with vlans well. I thought it is clear because on the picture i use untagged and tagged vlans on it.

If the tagging from Dlink is correct and the Dlink does its job correctly, then, of course, the culprit is the RB250. And the first question which comes to mind is: do you use the latest firmware on it (from your screen shots it doesn’t seem that way, if the firmware is functional identical to the RB260, which shows another image on the VLANs tab than the one you posted).

fw 1.14 - it is the latest.

When I change rb250gs to another vlan-switch, like DGS-3200-10 or Edge-core ecs3510 - everything works correct.
But I cant do this because Rb250gs is unique with possibility to be powered with poe-injector.

The problem is in rb250gs, but i cant understand why it cant work with mikrotik vlans, and cant handle macs from dlink.

Neilson · April 26, 2016, 4:41am

I see Mikrotik have silently posted a new 1.15 version of SwOS.

One of the changelog entries mentions addition of IVL option to VLAN’s.

You may find this is currently using SVL which means like mentioned above the MAC table would hold only one entry for the MAC address and it would apply that to any VLAN seen on.

If you can try installing the new SwOS and try turning on IVL and report back on how that goes.

Regards
Alexander

port9nka · May 5, 2016, 3:49am

Well I got an 1.15 update but there is no IVL feature. I cant understand why - 8316 could support this.

becs · May 5, 2016, 6:46am

IVL feature is supported only on RB260 series switches.

port9nka · May 9, 2016, 2:41am

becs Would it be supported in next swos version ? switch chip and cpu are the same with 260’s

And I can’t understand how rb250gs correctly works with rb912 trunk ? all vlans on 912 have same mac which must be dropped in SVL on rb250, but the forward correctly. How ?
btw, does 260 series support rj-45 sfp ? I’ve test it with rb2011 with but it didn’t work

JimmyNyholm · June 26, 2016, 9:08am

The symptom is due to one of your switches is to old and cheap. It doesn’t handle mac / vlan / table and thus can’t have multi homed connections like that.

use proper gear with modern mac table / vlan
use only one connection and trunk in between of capable and incapable devices. You may create a LAG with two cables going round the problem.

I would offcource throw bad equipment out the door. But you will have to se what can be done in your situation.

andriys · June 26, 2016, 9:52am

The switch chips are different. The 250 has AR8316 while 260 series has AR8327.
Check the following links out:
http://i.mt.lv/routerboard/files/rb250gs.pdf
http://i.mt.lv/routerboard/files/RB260GS-151217112240.pdf

I’m not sure, though, the reason IVL support is only added to 260 is purely technical.