Hi,
I am still struggling with my CRS125, VLANs, and routing… didn’t find anything about my problem, maybe someone can help.
Very short version:
Inter-VLAN routing doesn’t work if “Allow Fast Path” is enabled for my main bridge.
Is this intended behavior?
See more below for details…
Thanks,
steginger
Short version:
I configured 2 VLANs (Home and Guest) on switch level (not in bridge using VLAN filtering to keep HW offloading).
CRS125 has an IP in each VLAN on an VLAN interface. DHCP is providing IPs for clients in each VLAN.
From switching point of view everything is working fine.
Consider following setup:
H (a.b.0.x) === (a.b.0.110) CRS-H | CRS-G (a.b.10.110) === G (a.b.10.y)
H and G are two PCs connected to ports of each VLAN.
CRS-H/G denote the CRS125 interfaces in each VLAN.
CRS-H is default GW for H, CRS-G is default GW for G.
CRS125 has correct routes for both networks to each VLAN interface.
I can access CRS125 web-interface from both H and G.
With “Bridge => Settings => Allow Fast Path = yes” H is able to ping CRS-H and CRS-G, but not G.
Same the other way round, G can ping CRS-G and CRS-H, but not H.
With “Bridge => Settings => Allow Fast Path = no” H can ping G and the other way round.
That’s routing-wise how I thought it is supposed to work.
With a running ping from H => G (or the other way round) I can easily see that it immediately breaks when I turn on FastPath and works again when I turn it off.
Long version:
Bridge is configured as follows (I omitted some interfaces for brevity):
/interface bridge
add admin-mac=B8:69:F4:53:FE:29 auto-mac=no name=bridge protocol-mode=none
/interface bridge port
add bridge=bridge interface=GUEST
add bridge=bridge interface=TRUNK
add bridge=bridge interface=LAN
/interface list member
add interface=ether17 list=TRUNK
add interface=ether19 list=TRUNK
add interface=ether21 list=TRUNK
add interface=ether18 list=GUEST
add interface=ether20 list=GUEST
add interface=ether22 list=GUEST
add interface=ether23 list=LAN
VLAN interfaces and IP addresses:
/interface vlan
add interface=bridge name=vlan-guest vlan-id=110
add interface=bridge name=vlan-home vlan-id=100
/ip address
add address=192.168.0.110/24 interface=vlan-home network=192.168.0.0
add address=192.168.10.110/24 interface=vlan-guest network=192.168.10.0
Switch configuration:
/interface ethernet switch egress-vlan-tag
add comment="Trunk Home VLAN" tagged-ports=ether17,ether19,ether21,switch1-cpu vlan-id=100
add comment="Trunk Guest VLAN" tagged-ports=ether17,ether19,ether21,switch1-cpu vlan-id=110
/interface ethernet switch ingress-vlan-translation
add comment="Ports Home VLAN" customer-vid=0 new-customer-vid=100 ports=ether23
add comment="Ports Guest VLAN" customer-vid=0 new-customer-vid=110 ports=ether18,ether20,ether22
/interface ethernet switch vlan
add comment="Home VLAN" ports=ether17,ether19,ether21,ether23,switch1-cpu vlan-id=100
add comment="Guest VLAN" ports=ether17,ether18,ether19,ether20,ether21,ether22,switch1-cpu vlan-id=110
/interface ethernet switch
set forward-unknown-vlan=no
Routing table:
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
1 ADC 192.168.0.0/24 192.168.0.110 vlan-home 0
2 ADC 192.168.10.0/24 192.168.10.110 vlan-guest 0