CRS125 - vlans and DHCP not working

levak · August 12, 2014, 2:29pm

Hello!

I’m having some troubles configuring my CRS125 switches.

My network is quite simple:

PPPoE WAN link
2 VLANs
Ports 1-8 are part of VLAN10
Ports 9-16 are part of VLAN20
DHCP server on each VLAN
no VLAN tagging on ports (they are access ports)

I have everything set up according to howtos, and VLAN10 is working, but I don’t get IP from DHCP server and I can’t access LAN even if I set up static IP.

If I look at Switch->VLAN table, I see dynamic VLAN assigned to ports 9-16 and I guess that’s what causing me troubles:

Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID PORTS                                           SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP                                         
 0        20 ether9                                          no  yes   no    no             none                                              
             ether10-m9                                     
             ether11-m9                                     
             ether12-m9                                     
             ether13-m9                                     
             ether14-m9                                     
             ether15-m9                                     
             ether16-m9                                     
             switch1-cpu                  
3 D    4091 ether9                                          no  yes   no    no             n
             ether10-m9                                     
             ether11-m9                                     
             ether12-m9                                     
             ether13-m9                                     
             ether14-m9                                     
             ether15-m9                                     
             ether16-m9                                     
             switch1-cpu

Thingy are the same in Ingress VLAN translation:

[admin@router] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether9,ether10-m9,ether11-m9,ether12-m9,ether13-m9,ether14-m9,ether15-m9,ether16-m9 service-vlan-format=untagged-or-tagged 
     customer-vlan-format=untagged-or-tagged customer-vid=0 new-customer-vid=20 pcp-propagation=no sa-learning=yes 

 1   ports=ether1,ether2-m1,ether3-m1,ether4-m1,ether5-m1,ether6-m1,ether7-m1,ether8-m1 service-vlan-format=untagged-or-tagged 
     customer-vlan-format=untagged-or-tagged customer-vid=0 new-customer-vid=10 pcp-propagation=no sa-learning=yes 

 2 D ports=ether9,ether10-m9,ether11-m9,ether12-m9,ether13-m9,ether14-m9,ether15-m9,ether16-m9 service-vlan-format=any 
     customer-vlan-format=any new-customer-vid=4091 pcp-propagation=no sa-learning=yes 

 3 D ports=ether17,ether18,ether19,ether20,ether21,ether22,ether23-mgmt,ether24-WAN,sfp1-gateway service-vlan-format=any 
     customer-vlan-format=any new-customer-vid=4095 pcp-propagation=no sa-learning=no

As you can see, ports 9-16 are in VLAN20 and also in dynamic VLAN 4091. Why is that and why is that dynamic vlan there?
How can I remove it? IF I try to delete it, it says I can’t delete it since it’d dynamic:

I’m guessing packages come from the LAN and go to dynamic VLAN instead of VLAN20, hence DHCP doesn’t see the request and can’t assign IP.

Ideas?

Thanks for help, Matej

levak · August 12, 2014, 3:37pm

As far as I can see, when I plug in my PC to port 9-16, PC sends a DHCP request, router answers but then there is no reply.

17:30:56 dhcp,debug,packet DHCP: DHCP-Bralci received discover with id 1387401109 from 0.0.0.0 
17:30:56 dhcp,debug,packet DHCP:     ciaddr = 0.0.0.0 
17:30:56 dhcp,debug,packet DHCP:     chaddr = 00:04:61:17:1E:25 
17:30:56 dhcp,debug,packet DHCP:     Msg-Type = discover 
17:30:56 dhcp,debug,packet DHCP:     Unknown(116) = 01 
17:30:56 dhcp,debug,packet DHCP:     Client-Id = 01-00-04-61-17-1E-25 
17:30:56 dhcp,debug,packet DHCP:     Address-Request = 169.254.29.116 
17:30:56 dhcp,debug,packet DHCP:     Host-Name = "pc-poljane" 
17:30:56 dhcp,debug,packet DHCP:     Class-Id = "MSFT 5.0" 
17:30:56 dhcp,debug,packet DHCP:     Parameter-List = Subnet-Mask,Domain-Name,Router,Domain-Server,NETBIOS-Name-Server,Unknown(46),Unknown(47),Unknown(31),Static-Route,M
S-Classless-Route,Vendor-Specific 
17:30:56 dhcp,debug,packet DHCP:     Vendor-Specific = DC-00 
17:30:57 dhcp,debug,packet DHCP: DHCP-Bralci sending offer with id 1387401109 to 192.168.31.198 
17:30:57 dhcp,debug,packet DHCP:     ciaddr = 0.0.0.0 
17:30:57 dhcp,debug,packet DHCP:     yiaddr = 192.168.31.198 
17:30:57 dhcp,debug,packet DHCP:     siaddr = 192.168.31.1 
17:30:57 dhcp,debug,packet DHCP:     chaddr = 00:04:61:17:1E:25 
17:30:57 dhcp,debug,packet DHCP:     Msg-Type = offer 
17:30:57 dhcp,debug,packet DHCP:     Server-Id = 192.168.31.1 
17:30:57 dhcp,debug,packet DHCP:     Address-Time = 86400 
17:30:57 dhcp,debug,packet DHCP:     Subnet-Mask = 255.255.255.0 
17:30:57 dhcp,debug,packet DHCP:     Router = 192.168.31.1 
17:30:57 dhcp,debug,packet DHCP:     Domain-Server = 192.168.31.1

DHCP config:

/ip dhcp-server
add address-pool=Pool-Zaposleni authoritative=yes disabled=no interface=vlan10-zaposleni lease-time=1d name=DHCP-Zaposleni
add address-pool=Pool-Bralci authoritative=yes disabled=no interface=vlan20-bralci lease-time=1d name=DHCP-Bralci
/ip dhcp-server network
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1 ntp-server=192.168.30.1
add address=192.168.31.0/24 dns-server=192.168.31.1 gateway=192.168.31.1 ntp-server=192.168.31.1

IP->Addresses:

/ip address
add address=192.168.30.1/24 comment=Zaposleni interface=vlan10-zaposleni network=192.168.30.0
add address=192.168.31.1/24 comment=Bralci interface=vlan20-bralci network=192.168.31.0

Interfaces->VLAN:

/interface vlan
add interface=ether1 l2mtu=1584 name=vlan10-zaposleni vlan-id=10
add interface=ether9 l2mtu=1584 name=vlan20-bralci vlan-id=20

Switch-VLAN:

/interface ethernet switch
set forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=10
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=20 ports=\
    ether9,ether10-m9,ether11-m9,ether12-m9,ether13-m9,ether14-m9,ether15-m9,ether16-m9 sa-learning=yes service-vlan-format=untagged-or-tagged
add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=10 ports=ether1,ether2-m1,ether3-m1,ether4-m1,ether5-m1,ether6-m1,ether7-m1,ether8-m1 \
    sa-learning=yes service-vlan-format=untagged-or-tagged
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no qos-scheme-precedence=pcp-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch vlan
add ports=ether9,ether10-m9,ether11-m9,ether12-m9,ether13-m9,ether14-m9,ether15-m9,ether16-m9,switch1-cpu vlan-id=20
add ports=ether1,ether2-m1,ether3-m1,ether4-m1,ether5-m1,ether6-m1,ether7-m1,ether8-m1,switch1-cpu vlan-id=10
add ports=ether24-WAN,switch1-cpu vlan-id=0

So, VLAN10 is working, but VLAN20 is not. Config seems the same, apart from dynamic vlans on ports 9-16.

Matej

levak · August 12, 2014, 6:37pm

I figured something out:

Windows 7 or Windows 8 clients can connect to VLAN20 and they get IP from DHCP.
Windows XP, network printers and one linux machine won’t work on VLAN20 no matter what.

Matej

levak · August 15, 2014, 8:56am

Bump!

No one is having such problems?
Any help would be appreciated, because I don’t know how to solve this problem and I’m deploying 10 switches next week…

Matej

becs · August 15, 2014, 12:34pm

Multiple master-port configuration was designed as fast and simple port isolation solution, but it limits part of VLAN functionality supported by CRS switch-chip.
For advanced configurations use one master-port within CRS switch chip for all ports, configure VLANs and isolate port groups with port isolation profile configuration.
http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Port-level_Isolation

levak · August 15, 2014, 2:12pm

Hey!

Thanks for reply and useful informations…

So if I understand what you are saying correctly I have do the following things:

set ether1 as master port
set all other ports as slave to ether1
set vlans and ingres vlan translations in Switch->VLAN
set switch port:

set isolation-leakage-profile-override=2 for ports 1-8 (VLAN10)
set isolation-leakage-profile-override=3 for ports 9-16 (VLAN10)
set isolation-leakage-profile-override=1 for port 24 (WAN link)
set isolation-leakage-profile-override=0 for switch-cpu (so all VLANS and WAN uplink can communicate with main cpu)

set switch port isolation

add each port group to it’s own port-profie

Does that sound correctly?

Follow up:
I’m having some troubles with my WAN port, because it doesn’t get the IP over DHCP until I remove it as a slave device. If I set master-port to none, I get the IP, but not if it’s set as slave to ether1.
How should I configure WAN port? As a standalone port oz part of switched ports?
What is the “uplink” from switch in my case? switch1-cpu?

Matej

webpagetech · August 29, 2014, 12:18am

What is you wan setup?
PPPoE or DHCP client?
If you receiving the PPPoE connection over a VLan then you should create that VLan on you wan interface and set the PPPoE client up on that VLan.

If the PPPoE server is not communicating over a VLan than you should have your wan’s master port set to none.

If you are using DHCP than you should have your wan’s master port set to none.