Dear All,
Can you please help with issue I have with CRS125 and simple VLAN scenario where ethernet-1 is a trunk port with vlans 1,100 and port8 should be access port for vlan 1 and port16 access port for vlan100.
Unfortunately I cannot make a port as an ACCESS port on this switch, when I mirror the traffic leaving the eth6 and eth16, i can see all the traffic from eth1 with all the tagging.
I believe this is due to dynamically created vlans I have found on the switch but I cannot delete them .
An answers for the following questions would be very appreciated :
1.Why I see these dynamically created vlans [4095,4089]on CRS and how can I get rid of them
2.How can I strip the VLAN tag as the traffic leaving the access port
(on a mikrotik router I can see vlan-mode and VLAN-HEADER [leave,strip,add if missing] options under the switching)
3.What doest the Egress VLAN mode and VLAN type do under switch ports ? As if I change it between [unmodified/untagged] I cannot see any difference and the access ports are still egressing all vlans and all tagged.
/interface ethernet switch egress-vlan-tag print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID TAGGED-PORTS
0 D 4095
1 D 4089
2 1 ether1-gateway
switch1-cpu
3 100 ether1-gateway
/interface ethernet switch vlan print
Flags: X - disabled, I - invalid, D - dynamic
# VLAN-ID PORTS SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP
0 D 4095 ether23-slave-local no no no no none
ether24
sfp1-gateway
switch1-cpu
1 X 666 ether23-slave-local no yes yes no none
ether24
2 X 900 ether18-master no yes no no none
ether23-slave-local
3 D 4089 ether1-gateway no yes no no none
ether2-master-local
ether3-slave-local
ether4-slave-local
ether5-slave-local
ether6-slave-local
ether7-slave-local
ether8-slave-local
ether9-slave-local
ether10-slave-local
ether11-slave-local
ether12-slave-local
ether13-slave-local
ether14-slave-local
ether15-slave-local
ether16-slave-local
ether17-master
ether18-master
ether19-slave-local
ether20-slave-local
ether21-slave-local
ether22-slave-local
switch1-cpu
4 1 ether1-gateway no yes no no none
ether8-slave-local
switch1-cpu
5 100 ether1-gateway no yes no no none
ether16-slave-local
6 2 ether2-master-local no yes no no none
ether4-slave-local
/interface ethernet switch ingress-vlan-translation print
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether8-slave-local service-vlan-format=any customer-vlan-format=any customer-vid=0 new-customer-vid=1 pcp-propagation=no sa-learning=yes
1 ports=ether16-slave-local service-vlan-format=any customer-vlan-format=any new-customer-vid=100 pcp-propagation=no sa-learning=yes
2 D ports=ether1-gateway,ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local,ether11-
slave-local,ether12-slave-local,ether13-slave-local,ether14-slave-local,ether15-slave-local,ether16-slave-local,ether17-master,ether18-master,ether19-slave-local,ether20-slave-local,ether21-slave-local,
ether22-slave-local
service-vlan-format=any customer-vlan-format=any new-customer-vid=4089 pcp-propagation=no sa-learning=yes
3 D ports=ether23-slave-local,ether24,sfp1-gateway service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 pcp-propagation=no sa-learning=no
/interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ;;; Mikrotik 260G - port 2
ether1-gateway 1500 4C:5E:0C:97:A2:57 enabled none switch1
1 RS ;;; NZXT - USB 2
ether2-master-local 1500 4C:5E:0C:97:A2:58 enabled ether1-gateway switch1
2 XS ether3-slave-local 1500 4C:5E:0C:97:A2:59 enabled ether1-gateway switch1
3 XS ;;; ADVA_Management
ether4-slave-local 1500 4C:5E:0C:97:A2:5A enabled ether1-gateway switch1
4 XS ether5-slave-local 1500 4C:5E:0C:97:A2:5B enabled ether1-gateway switch1
5 XS ether6-slave-local 1500 4C:5E:0C:97:A2:5C enabled ether1-gateway switch1
6 XS ;;; Mikrotik 751G - port 1
ether7-slave-local 1500 4C:5E:0C:97:A2:5D enabled ether1-gateway switch1
7 XS ;;; Mikrotik 751G - port 2
ether8-slave-local 1500 4C:5E:0C:97:A2:5E enabled ether1-gateway switch1
8 XS ;;; SRX_2 [fe-0/0/0]
ether9-slave-local 1500 4C:5E:0C:97:A2:5F enabled ether1-gateway switch1
9 XS ;;; SRX_1 [fe-0/0/0]
ether10-slave-local 1500 4C:5E:0C:97:A2:60 enabled ether1-gateway switch1
10 XS ;;; SRX_2 [fe-0/0/1]
ether11-slave-local 1500 4C:5E:0C:97:A2:61 enabled ether1-gateway switch1
11 XS ;;; SRX_1 [fe-0/0/1]
ether12-slave-local 1500 4C:5E:0C:97:A2:62 enabled ether1-gateway switch1
12 XS ;;; SRX_2 [fe-0/0/2]
ether13-slave-local 1500 4C:5E:0C:97:A2:63 enabled ether1-gateway switch1
13 XS ;;; SRX_1 [fe-0/0/2]
ether14-slave-local 1500 4C:5E:0C:97:A2:64 enabled ether1-gateway switch1
14 XS ;;; SRX_2 [fe-0/0/3]
ether15-slave-local 1500 4C:5E:0C:97:A2:65 enabled ether1-gateway switch1
15 XS ;;; SRX_1 [fe-0/0/3]
ether16-slave-local 1500 4C:5E:0C:97:A2:66 enabled ether1-gateway switch1
16 XS ;;; ADVA-port2
ether17-master 1500 4C:5E:0C:97:A2:67 enabled ether1-gateway switch1
17 XS ;;; ADVA-port1 - NETWORK_PORT
ether18-master 1500 4C:5E:0C:97:A2:68 enabled ether1-gateway switch1
18 XS ether19-slave-local 1500 4C:5E:0C:97:A2:69 enabled ether1-gateway switch1
19 XS ether20-slave-local 1500 4C:5E:0C:97:A2:6A enabled ether1-gateway switch1
20 XS ether21-slave-local 1500 4C:5E:0C:97:A2:6B enabled ether1-gateway switch1
21 XS ether22-slave-local 1500 4C:5E:0C:97:A2:6C enabled ether1-gateway switch1
22 R ;;; NZXT - USB 1 [captures]
ether23-slave-local 1500 4C:5E:0C:97:A2:6D enabled none switch1
23 X ether24 1500 4C:5E:0C:97:A2:6E enabled none switch1
24 X sfp1-gateway 1500 4C:5E:0C:97:A2:6F enabled none switch1
I was trying to follow the simple port-based vlans scenario from the wiki but still cannot achieve vlan isolation and a basic access port functionality.
I have disabled majority of the ports for testing and assign them to a single master port but still cannot remove the dynamic vlans.
I don’t usually struggle with such a simple task as configuring vlan trunk and access port but on CRS this is very confusion.
Thank you very much in advance.