Hi,
I’m trying to do basic switch configruation. I will simplify everything so it is more clear. I can’t understand why it is not working.
Here is the setup:
- two CRS switches that are interconnected
- one trunk port between them - tagged packets
- access ports - untagged packets
- MGMT IP for each switch in mgmt VLAN
Here is the picture:
Port 20 - VLAN 60 untagged
Port 21 - VLAN 70 untagged
Port 24 - trunk - VLAN 60, 70 tagged
MGMT IP - VLAN 60
Here is the configuration.
Master port is set to eth 20:
/interface ethernet
/interface ethernet
set [ find default-name=ether1 ] master-port=ether20
set [ find default-name=ether2 ] master-port=ether20
set [ find default-name=ether3 ] master-port=ether20
set [ find default-name=ether4 ] master-port=ether20
set [ find default-name=ether5 ] master-port=ether20
set [ find default-name=ether6 ] master-port=ether20
set [ find default-name=ether7 ] master-port=ether20
set [ find default-name=ether8 ] master-port=ether20
set [ find default-name=ether9 ] master-port=ether20
set [ find default-name=ether10 ] master-port=ether20
set [ find default-name=ether11 ] master-port=ether20
set [ find default-name=ether12 ] master-port=ether20
set [ find default-name=ether13 ] master-port=ether20
set [ find default-name=ether14 ] master-port=ether20
set [ find default-name=ether15 ] master-port=ether20
set [ find default-name=ether16 ] master-port=ether20
set [ find default-name=ether17 ] master-port=ether20
set [ find default-name=ether18 ] master-port=ether20
set [ find default-name=ether19 ] master-port=ether20
set [ find default-name=ether21 ] master-port=ether20
set [ find default-name=ether22 ] master-port=ether20
set [ find default-name=ether23 ] master-port=ether20
set [ find default-name=ether24 ] master-port=ether20
set [ find default-name=sfp1 ] master-port=ether20
Configuration for access (untagged) ports 20 and 21:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=60 ports=ether20
add customer-vid=0 new-customer-vid=70 ports=ether21
/interface ethernet switch egress-vlan-translation
add customer-vid=60 customer-vlan-format=untagged-or-tagged new-customer-vid=
0 ports=ether20 service-vlan-format=untagged-or-tagged
add customer-vid=70 customer-vlan-format=untagged-or-tagged new-customer-vid=
0 ports=ether21 service-vlan-format=untagged-or-tagged
Configuration for trunk port 24 (and added switch chip for mgmt IP):
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24,switch1-cpu vlan-id=60
add tagged-ports=ether24 vlan-id=70
Adding VLAN assignment to ports:
/interface ethernet switch vlan
add ports=ether20,ether24,switch1-cpu vlan-id=60
add ports=ether21,ether24 vlan-id=70
Creating VLAN interface-vlan60-mgmt for mgmt IP on ethernet 20:
/interface vlan
add interface=ether20 name=vlan60-mgmt vlan-id=60
Assigning mgmt IP address to VLAN interface:
/ip address
add address=192.168.88.1/24 interface=vlan60-mgmt network=192.168.88.0
Everything works as it should. Clients in VLAN 60 can see each other and can reach MGMT IP and clietns in VLAN 70 can only see each other.
In the moment when I enable VLAN filtering of invalid VLANs:
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=
ether24,ether23,ether22,ether21,ether20
drop-if-no-vlan-assignment-on-ports=
ether24,ether23,ether22,ether21,ether20
clients in VLAN 60 can only reach MGMT IP on a switch they are connected to and nothing else works.
Why is that? That means something in the VLAN configuration is invalid and packets are being dropped, but I can’t find what could be the reason for that?
Can anyone please suggest what is wrong?