CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Hello, we recently purchased at the distribution level, CRS326-24 S+2 Q+.
I thought I could handle the task of configuring Mikrotik, but unfortunately I didn't succeed.

The thing is, all vlans are created on Cisco. And are forwarded via the Port-channel (2 interface).
Cisco

int Port-channel4
switchport trunk allowed vlan 1,5,11-13,21-23,31-33,41-43,172,200,300
switchport mode trunk

All interfaces are in up.

In Mikrotik, I only learned that it is necessary to connect 2 interfaces via Bonding. With the settings: in Figure 1.
The connection appears and works.
But then I couldn't make friends with Mikrotik and set up interface forwarding through the rest of the interfaces, I need them all to be in trunk.
And so that traffic goes to D-Link.

It might be worth switching to SwOS, but I couldn't set up work there either.
HELP!

2.png1445×882 71.2 KB

3.png878×409 30.8 KB

4.png748×667 36.6 KB

5.png724×768 41 KB

6.png601×932 62.5 KB

1.png494×900 25.6 KB

Suggest you move to the latest stable 6.X firmware as 6.47 is getting a bit stale.

Take a look at this excellent reference. Post number two describes a switch file.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

Rules of thumb,
All smart devices should be given IPs on trusted vlan subnet.
For the MT device, the trusted vlan is part of the trunk traffic, even if just to carry that to the next smart device.

Seems easy peasy, one bridge
identify all the vlans passing through with interface bridge
two trunk ports in use
not much else…

Thank you for your answer, I don’t know English well, so I’m sorry if I misunderstood something.

Based on your recommendation, I have updated Mikrotik to version 6.49.2.
I will attach 1 more file for clarity.
Now my interfaces are turned off because they block dgs-1510.

I need to create vlan interfaces for all vlans and assign them ip addresses on the bridge-trunk?
Next, in the VLANs tab, you need to enable all interfaces and vlans in tagged?
And enable filtering vlan on bridge-trunk?

And in DGS-1510 I need to change the gateways for each vlan to ip Mikrotik.

I can help with both types of setups…
The first will be bridge vlan filtering… the second swos.

First I have to understand you have TWO connections from the cisco side to the MT side and they are supposed to be bonded?
This is a trunk port where multiple vlans are coming through the bonded port correct?
What is the standard of bonding used (as I understand the settings have to be the same on each equipment)?

For the connection(s) to the DLINK switch, bit confusing was your intention to use ONE port from the MT switch to the DLINK switch carrying all the vlans?
OR
Port based vlan on the dlink where each port is VLAN specific and thus a one to one mapping of MT switch port to Dlink switch port… ??.

Thank you, it would be great if you could help, because I have already tried many ways and could not solve my problem.

I think it’s best to use SwOS, since it will be easier to understand what and how, especially since Mikrotik in this case I need only to distribute 10GB over D-Link.

Yes, I have 2 cisco in stack and each with an spf in Mikrotik.
The picture shows the Cisco trunk configuration.

And come on SFP-SFP plus 23 and SFP-SFP plus 24 ports.
Related bonding with settings:

On such settings, I can connect to vlan1 Mikrotik to ip 10.50.50.253, but further on, for example, on D-Link with ip 10.50.50.70 or any other, I cannot reach.

Due to the fact that you are thinking about connecting to 1 interface Mikrotik all D-Link, sorry, I have so briefly listed 9 spf interfaces. Of course I connected them to different interfaces.

And the ports that are connected from Mikrotik to D-link must also be trunk with the same vlan as on cisco.

Sorry, maybe I may have a bad English translation.

I will be glad if you and I get to the end and overcome this problem, and I will learn more new things.

The issue is I dont put any data on vlan1
It is the default vlanid that should be left alone (it works behind the scenes as a sort of glue)
If and when you want to move the subnet to a different vlan then I can be of help.

Otherwise someone else will have to help.

Also do you have a management or trusted vlan which all devices get their lanip from ??

At the Cisco end you should be using LACP, this is controlled by the channel-group line on the member interface for example ..

interface GigabitEthernet1/0/16
 description *** Member of Interface Port Channel 4 ***
 channel-protocol lacp
 channel-group 4 mode active

Obviously configure Mikrotik to match.

I changed it in Cisco to lacp, and tried to connect it, but it didn’t help, so far I left it like that.

Regarding the question about vlan 1, yes, I would also like to get rid of it, but I can’t configure it so that I can go to the equipment or something else on D-Link.

Vlan 1, I use only for MGMT.

I will be glad if you help me get rid of it.

Vlan 1 is MGMT. Only for me, and the rest of the subnets in the screenshots above are all users, with the exception of vlan5, this is an administrative vlan.

Okay so vlan 1 carries no data, thats good!
So create another vlan like 99 if you want to use it for managment
OR
A trusted vlan, that your computer or your trusted computer if on another vlan, that you use all the time CAN be your management vlan.

Plus did you ever answer the question between the MT switch and the dlink, is it port mapping or vlans.
In other words is there one trunk port between them as it should, but not clear as your diagram is confusing.

Sorry for the misunderstanding, all the connections shown in the diagram are physical and they should have a trunk with all the vlans specified above.
If I understood correctly what is “port mapping”.

I have created vlan 60 for MNGM. I configured it everywhere and moved Mikrotik and D-Link to this vlan.

I tried to turn on the link again, but it still doesn’t work =(, I don’t understand what can interfere

Assumptions: Vlan1 is no longer carrying data so vlan 60 is now associated with 10.50.50.253

Sfp1-9 are going to SFP51-59 on the DLINK
Each SFP will carry one or more vlans.

PORTS
NAMES
spf23 - FROM CISCO MAIN
spf24 - FROM CISCO 2
SFP1 - TO DLINK SFP51
SFP2 - TO DLINK SFP52
SFP3 - TO DLINK SFP53
etc…

VLAN
ALL PORTS ARE TRUNK PORTS… ( valid for 1-9 and 23,24 )
VLAN MODE - ENABLED
VLAN RECEIVE - ANY
DEFAULT VLAN ID - 1
EGRESS - Leave as is.

VLANS
PER ID
Vlan1 - LEAVE AS IS all ports
Vlan 66 - LEAVE AS IS TO SPF51 Not a member for rest… (management vlan)
VLAN5 - LEAVE AS IS to SPF52 Not a member for rest
VLANS11-13 - Leave as is for SPF53 Not a member for rest…
etc…


LAG Setting, never used it before so this is the tricky part for me,
Assuming using the same standard as CISCO?
Try setting both to active on the MT, if that doesn work make one active and the other passive etc…
Your guess is as good as mine here…

Good luck…

DLINK…
802.1q VLAN
Need to define vlans 5,11-13, etc. and dont forget 60!
(Note: vlan1 is there by default)

VLAN INTERFACE
Etherports spf51-59 apply
ALL TRUNKS
ALL INGRESS CHECKING enabled
Acceptable frame types - ADMIT ALL (safer for now, should work with only tagged)
Later test if works if change type to admit tagged only for ONE of the ports and if okay make change to all ports…

VLAN DETAIL
Etherport sfp51
Vlan mode - Trunk
Native VLAN - 1
trunk Allowed Vlans - 66
ingress checking enabled
Acceptable frame type - admit all

Etherport spf52 - same as above except
trunk allowed vlans - 5

Etherport spf53 - same as above except
trunk allowed vlans - 11,12,13

etc…

Thank you for your answer, let’s start with the fact that I already have it set up, sorry I didn’t tell you about it right away.

Firstly, from Cisco to Mikrotik, as I understand it, there is full access to all vlans, the connection is fully working, because I can log on to Mikrotik over the network.

Next, I would like to correct you a little, I use interfaces a little differently:

Mikrotik-spf-01 → D-Link-01-spf54 | trunk
Mikrotik-spf-02 → D-Link-02-spf54 | trunk
Mikrotik-spf-03 → D-Link-03-spf54 | trunk
Mikrotik-spf-04 → D-Link-04-spf54 | trunk
Mikrotik-spf-05 → D-Link-05-spf54 | trunk
Mikrotik-spf-06 → D-Link-06-spf54 | trunk
Mikrotik-spf-07 → D-Link-07-spf54 | trunk
Mikrotik-spf-08 → D-Link-08-spf54 | trunk
Mikrotik-spf-09 → D-Link-09-spf54 | trunk

Something like that.
And the same vlans must pass through these connections 1,5,11-13,21-23,31-33,41-43,60,172,200,300
First I will attach screenshots from the Mikrotik development:

settings bridge

settings vlan

settings-bonding

settings-ports

settings-vlans-bridge

settings-msti

interface mikrotik

I use MSTI for VLAN. Since in college conditions it is necessary to use more than 2000 VLANs.

Next, D-Link, there I also configured MMS, configured the vlan 60 network interface, made a standard gateway (0.0.0.0)

I configured the interface to trunk, skipping all packets, and also allowed all vlans.

settings-vlan-D-link

settings-port-trunk D-link

settings-mstp-d-link

settings-msti-vid D-link

settings-int-vlan60-ip D-link

default-gateway D-link

route D-link

mtu D-link

If I didn’t notice something, please unsubscribe, I just work mainly with Cisco, everything seems easier there somehow.
I remind you that my interfaces are now turned off because they block access.

Why does the switch have 18 different /interface vlans? Does it really need to have an IP address on all 18 VLANs? Normally a switch used in a layer 2 scenario will only need an IP on one VLAN. It is the same as vlan interfaces on Cisco, where you define vlans for all VLANs that will carry traffic but only define a VLAN interface for those VLANs that the switch itself needs to have an IP on.

Sorry, WAY WAY over my head, not a beginner thread LOL.

Under bridge->VLANs the normal configuration is to have a separate entry for each VLAN and not have all VLANs crammed into one entry like that. Putting all VLANs into one single entry can work but it doesn’t give you any control over which VLANs get passed to which ports, you are stuck dealing with all VLANs as a single unit. It also doesn’t give you control over which VLANs are tagged or untagged - everything is either tagged or everything is not tagged. In your case you’ve told it to tag all VLANs including VLAN 1.

Also on the D-Link you seem to have VLAN 1 configured as native VLAN so it is untagged, but on the MikroTik you have configured VLAN 1 to be tagged on all ports? This seems a little strange - it is unusual to have VLAN 1 tagged as many switches expect VLAN 1 to be always untagged, especially if it is set as the native VLAN.

I only use vlan 60 on D-link with an ip address, sorry for the Russian interface.

I wrote in this post above that I changed MGMT VLAN 1 to VLAN 60.

I understand that I can split VLANs into different bridges, but I don’t need it right now and the problem is that I can’t push traffic from cisco to D-Link, via Mikrotik. Even with such a simple and open setup. I do this on purpose because I don’t see the point in configuring further if I can’t link 3 switches to each other. And this makes me very sad. I really don’t understand why traffic just isn’t shifted to Mikrotik interfaces, and when I log on to Mikrotik, it sees vlans and hosts from other switches.

No, no no. You are completely misunderstanding me. You should never have more than one bridge on a MikroTik switch as only the first bridge will be hardware offloaded.

I think you wanted to define 18 different VLANs. Instead what you have done is created a single VLAN that has 18 different VLAN IDs. This is an oversimplification, but I do not think you would understand the more complex answer given that you have not understood anything I have said so far.

Under bridge->VLANs you should have 18 different entries, one for each of your VLANs. Instead you have just one. It can work but you lose all control over what VLANs are allowed to which ports and also you are forced to connect all VLANs to the router CPU.