I believe I am trying to do something very simple but cannot for some reason get it to work. I have a MT 532 linked via ether1 to a 802.1Q trunk port on a cisco 2900 switch . I have tried every variant of setting VLAN ID’s on the MT but cannot get the MT to respond to pings on the trunk port. Ideally what I want to do is have the MT bridge the VLANS on the Cisco via the trunk port. Has anyone got this to work and if so please can you share with me how you configured it.
Thanks
Could you post the relevant sections of your RouterOS and your Cisco configuration here, please?
–Tom
Thanks Tom, I have made some progress here as I have now got routing between VLAN’s working but I cannot get them to bridge.
The cisco is straightforwardly configured as an 802.1Q trunk port connected to ether1 on the MT and works fine when routing VLANS. I have two VLAN’s configured on the switch, 101 and 102
I have tried a variety of configurations on the MT and I cannot seem to get any of them to work either bridging packets between the VLAN’s or accessing the MT. I suspect I am making a basic error but can’t find it
I have tried:
assigning an IP address 192.168.1.2 to ether1, creating 2 VLANS 101 and 102 under ether1, creating a bridge, bridge1, and then adding the two vlans to the bridge ports
assigning an IP address 192.168.1.2 to ether1, creating a bridge, bridge1, creating 2 VLAN’s 101 and 102 under the bridge, also tried it with them added and not added as bridge ports
same as 2 but no IP address on ether1 and assigning the IP address to the bridge
I always get the same result can’t access MT management and won’t pass packets.
I have successfully tried adding the VLAN’s to ether1 assigning them IP subnets and routing them
Thanks
Bridging VLANs that reside on the same parent interface is usually a bad idea.
Many devices will get quite confused if they see a packet with a given source MAC address returning on the same physical port they sent it on (even with a different VLAN tag), if those devices keep only a single learn table, as most do.
If what you are trying to do is prevent hosts within the same subnet from communicating, then it can work.
The VLANs will need to be sub-interfaces of the ethernet port, and members of the bridge. You will need to assign the IP address to the bridge interface, and add a bridge firewall rule that drops everything in the forward chain for that bridge. This can produce a reasonable wired ethernet approximation of a “station-isolate” wireless network, or a PtMP ATM cloud.
For example:
/int vlan add name=V101 interface=ether1 disabled=no
/int vlan add name=V102 interface=ether1 disabled=no
/int bridge add name=bridge1 disabled=no
/int bridge filter add chain=forward in-bridge=bridge1 out-bridge=bridge1 action=drop
/int bridge port add interface=V101 bridge=bridge1
/int bridge port add interface=V102 bridge=bridge1
/ip address add address=192.168.1.2/24 interface=bridge1
There are still a number of things that can go wrong however, so be very careful.
Unless the VLANs are created on the physical interface, or the ethernet port is a member of the bridge, there is nothing to associate the VLANs with the physical port. In addition, putting the VLANs on the bridge (assuming that the ethernet port is a member of the bridge) does nothing but abstract the interface back a level. There is rarely a use for a bridge interface with a single member port.
Also, using a VLAN as both a member of a bridge, and as sub-interface of that bridge, will create a recursive interface situation (VLAN->bridge->VLAN->bridge->etc…) which is a very bad thing.
Same problems as number 2, excpet that you got the IP on the right interface.
I would suggest rethinking what you are trying to do here, bridging together VLANs on the same physical interface is an unusual configuration, and will rarely work correctly.
The only reason I have had to use such a setup, is to simulate a “partial mesh”-like network using ethernet, for testing OSPF PtMP mode. It works, but it is weird.
It is much easier to use distinct broadcast domains for each VLAN, with a separate subnet for each, and just route between them.
Good luck,
–Eric
Eric thank you so much for such a comprehensive reply, this is very helpful. I am actually migrating a complex network over to a new VLAN switched based configuration and was considering bridging as an interim step. However I have decided given your input that it will be much simpler to go straight to the final configuration which will involve routing the VLAN’s. Again thank you very much… Nigel
I would like to know how you got the cisco to trunk and the MT to route the trunks ?
Have similar setup but would like to do intervlan routing