CRS112-8G-4S: problem with Trunk to CCR1016-12G

RouterOS Beginner Basics
1

Hi all,
I’m trying to setup the following (quite simple) network with my Mikrotic CCR1016-12G Router, a Mikrotik CRS112-8G-4S Switch and 2 Synology NAS
Mikrotik.JPG
I configured 3 LACP ‘Trunks’ on the CRS112-8G-4S (with 2 x 1G ethernet ports each) to link with the CCR1016-12G and the (2) Synology NAS
On the CRS112-8G-4S I used the Switch => Ports => Trunk command

  • eth1 + eth2 to connect to NAS 1 <= only tagged VLAN 2
  • eth3 + eth4 to connect to NAS 2 <= only tagged VLAN 2
  • sfp11 + sfp12 to connect to the CCR1016-12G <= tagged VLAN 2/3/4/5/6/88

I used the Switch => VLAN => VLAN / Eg. VLAN Tag / In. VLAN Tran. commands to configure the Tagged Trunks and VLAN Access ports (Switch based VLAN)
CRS112.rsc (11.1 KB)
On the CCR1016-12G I used the Interface => Bonding command with:

  • Mode = balance xor
  • Link Monitoring = mii
  • Transmit Hash Policy = layer 2 and 3
  • LACP Rate = 30 s
  • MII Interval = 100 ms

which should be compatible with the Trunk of the CRS112-8G-4S
For the VLAN’s I used Bridge


I’m currently facing the following situation / problem:

  • The (2) Trunks to the Synology NAS work just fine.
  • The Trunk to the CCR1016-12G however DOES NOT WORK when I connect/use both cables/ports <= when I only use a single cable/port (regardless of which one) the connection works correctly.
  • When I replace the CRS112-8G-4S by a CRS125-24G-1S-RM WITH EXACTLY THE SAME Trunk configuration, the LACP link to the CCR1016-12G works just fine with both cables/ports connected

.
CRS125.rsc (20.5 KB)
In order to fix the problem

  • I tried to configure the Trunk on the CRS112-8G-4S to the CCR1016-12G on other, normal/Cu eth ports (<= iso the sfp ports).
  • I upgraded the CRS112-8G-4S to RoS 7.7

but these didn’t fix the problem…

I did some more testing/troubleshooting:

  • When I connect the 2nd ports/cable and disable the corresponding port on the CRS112-8G-4S the link remains DOWN
  • However, when I disable the corresponding port on the ccr1016-12G the link comes UP again

I had a similar setup with a CRS112-8P-4S connected with an LACP Trunk to my CCR1016-12G and this one also worked just fine
So it looks like the Trunk on the CRS112-8G-4S works differently compared to the CRS112-8P-4S and CRS125-24G-1S-RM. As there are no settings that can be changed on the Trunk of the CRS the only thing could be to change the Bonding on the CCR…

I would appreciate any suggestions / input

Thanks in advance!

2

I’m sorry to see that nobody seems to have an idea of what is wrong here… :frowning:

Anyway, below some configs that DON’T work and DO work:

For ALL of following scenario’s:

  • Port 1 & 2 of the resp. CRS are in “Trunk”
  • Port 1 & 2 of CCR1016-12G are in “Bonding”, with:
  • Mode = balance xor
    • Link Monitoring = mii
    • Transmit Hash Policy = layer 2 and 3
    • LACP Rate = 30 s
    • MII Interval = 100 ms
  • It doesn’t matter which (2) ports are used for the Trunk/Bonding on the CRS112-8G-4S-IN/CCR1016-12G, the results remain the same <= so the possibility that a port is defective can be excluded

Following configs DON’T work:

  • CCR1016-12G connected with both Ethernet cables to CRS112-8G-4S-IN
  • ALL ports enabled
    WORKS 2.JPG
  • CCR1016-12G connected with both Ethernet cables to CRS112-8G-4S-IN
  • Port 2 (or 1) on CRS112-8G-4S-IN DISABLED
    WORKS 1.JPG

Following configs DO work:

  • CCR1016-12G connected with both Ethernet cables to CRS112-8G-4S-IN
  • Port 2 (or 1) on CCR1016-12G DISABLED
    Does NOT work 2.JPG
  • CCR1016-12G connected with only one Ethernet cable to CRS112-8G-4S-IN
  • ALL Ports ENABLED
    Does NOT work 1.JPG
  • CCR1016-12G connected with both Ethernet cables to a CRS112-8P-4S-IN (i.s.o. CRS112-8G-4S-IN)
  • ALL Ports ENABLED
    WORKS 4.JPG
  • CCR1016-12G connected with both Ethernet cables to a CRS125-24G-1S-RM (i.s.o. CRS112-8G-4S-IN)
  • ALL Ports ENABLED
    WORKS 3.JPG
  • CRS112-8G-4S-IN connected with both Ethernet cables to a CRS125-24G-1S-RM (i.s.o. CCR1016-12G)
  • ALL Ports ENABLED
    WORKS 5.JPG

I would appreciate any suggestion…

Thanks in advance!

3

CRS1xx/CRS2xx series do not support hardware acceleration for typical bonding interface neither bridge vlan filtering

Bonding configuration on CRS 1xx 2xx uses some kind of chip propietary mode which is not guarantee to be fully compatible with a different device, only guarantee work between 1xx/2xx devices

Vlan configuration is somewhat complicated and a few people work with it today, on newer CRS 3xx and 5xx that way if config was “deprecated” and now all is done by bridge vlan filtering

so your switch config falls into a very limited niche

Because of that some people uses CRS 1xx/2xx as plain switches without VLANs

4

I understand correctly, that all these devices have the same ROS and firmware version?

You have almost a classic scheme for this switch. As in the example.

It is not clear, why everything works fine for you with CRS112-8P-4S and does not work with CRS112-8G-4S. I have CRS112-8P-4S and it copes with VLAN quite normally.

5

Thanks for your input chechito!

Yes, I know, that’s why I use the Switch Chip based Trunk function on the CRS 1xx/2xx i.s.o. Bridge based Bonding (that I use on my CCR routers). It works fine with the CCRs on my CRS112-8P-4S-IN AND my CRS125-24G-1S-MN, just not with the CRS112-8G-4S-IN <= I would presume the CRS112-8G-4S-IN uses the same switch h/w as the CRS112-8P-IN, but from what I see I’m beginning to doubt that…
Configuring VLANs on the CRS 1xx/2xx is also Switch based (i.s.o. Bridge based) and indeed somewhat more complicated, but works just fine once you understand how to do it.

Well, if my config falls in a “very limited niche” it’s not impossible I’m confronted with a ROS bug that hasn’t been identified yet… I hope someone from MikroTik is reading this case and simulates it in their lab such that they can maybe identify the cause and fix it in a next release.

From my side I will try a config w/o VLANs and just keep the Trunk to see if the problem persists. However, even if this would fix the Trunk problem than it wouldn’t be a solution for me as I absolutely need VLANs to segregate my trusted traffic (admin) from my untrusted traffic (WiFi Guest / Family / …). I’m active in the Cyber Security business so I know why I absolutely need this on my network.

6

Hi Bratelo! Thanks for your input.

Yes, all devices use the same ROS/Firmware: 7.7 <= Actually, I first used the last 6.xx, but as I encountered the described problem, I upgraded everything to 7.7, hoping that it was a bug that was fixed in the 7.x release. Guess not…

VLANs are not the problem, Trunking/Bonding is. I had a CRS112-8P-4S before, but I had to ‘abandon’ it in my house after a divorce and I wanted to replace it with a CRS112-8G-4S.

7

Six years ago Mikrotik told us that “802.3ad compatible mode is currently not supported” http://forum.mikrotik.com/t/does-crs112-8g-4s-in-support-lacp-802-3ad/95777/8
This to me implies that LACP support could have been implemented, but for some reason never did.

8

Yes, I know… That’s why I use “balance xor” i.s.o. 802.3ad on the CCR <= you actually can’t configure the mode on the CRS 1xx/2xx, I presume they’re ‘hard coded’ in “balance xor mode”. I tried other modes on the CCR, but that didn’t fix the problem either…

Thanks for your contribution though!