Getting Vlans Talking...

RouterOS General
1

Hi guys, I’ve just setup two 24 port CoudCore Routers as below, When I plug in to the ethernet locally they work fine but I can’t seem to connect to the routers over the fibre! Any ideas would be much appreciated.

Basically each has multiple Vlans and Interfaces with a bridge for each. I can connect to each routers local 10.0.4.0 addresses when plugged into Ether1 but I cannot hit the remote router!

Router 1:

/interface bridge
add name="bridge1(default)"
add name="bridge2(Internet)"
add name="bridge3(Management)"
add name="bridge4(Main)"

/interface ethernet
set [ find default-name=ether24 ] name=ether24-Config

/interface vlan
add interface=sfp1 l2mtu=1584 name="vlan1(Default)" vlan-id=1
add interface=sfp1 l2mtu=1584 name="vlan2(Internet)" vlan-id=2
add interface=sfp1 l2mtu=1584 name="vlan3(Management)" vlan-id=3
add interface=sfp1 l2mtu=1584 name="vlan4(Main)" vlan-id=4

/interface bridge port
add bridge="bridge2(Internet)" interface="vlan2(Internet)"
add bridge="bridge1(default)" interface="vlan1(Default)"
add bridge="bridge3(Management)" interface="vlan3(Management)"
add bridge="bridge3(Management)" interface=ether24-Config
add bridge="bridge4(Main)" interface="vlan4(Main)"
add bridge="bridge4(Main)" interface=ether1

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
    use-ip-firewall-for-vlan=yes

/ip address
add address=10.1.4.10/24 interface="bridge3(Management)" network=10.1.4.0
add address=10.0.4.10/24 interface="bridge4(Main)" network=10.0.4.0

/ip route
add distance=1 gateway=10.0.4.9

/system identity
set name="Switch 1 (computer room)"

/system package update
set channel=current

/system routerboard settings
set protected-routerboot=disabled

/tool romon port
add




Router 2:

/interface bridge
add name="bridge1(default)"
add name="bridge2(Internet)"
add name="bridge3(Management)"
add name="bridge4(Main)"

/interface ethernet
set [ find default-name=ether24 ] name=ether24-Config

/interface vlan
add interface=sfp1 l2mtu=1584 name="vlan1(Default)" vlan-id=1
add interface=sfp1 l2mtu=1584 name="vlan2(Internet)" vlan-id=2
add interface=sfp1 l2mtu=1584 name="vlan3(Management)" vlan-id=3
add interface=sfp1 l2mtu=1584 name="vlan4(Main)" vlan-id=4

/interface bridge port
add bridge="bridge2(Internet)" interface="vlan2(Internet)"
add bridge="bridge1(default)" interface="vlan1(Default)"
add bridge="bridge3(Management)" interface="vlan3(Management)"
add bridge="bridge3(Management)" interface=ether24-Config
add bridge="bridge4(Main)" interface="vlan4(Main)"
add bridge="bridge4(Main)" interface=ether1

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
    use-ip-firewall-for-vlan=yes

/ip address
add address=10.1.4.11/24 interface="bridge3(Management)" network=10.1.4.0
add address=10.0.4.11/24 interface="bridge4(Main)" network=10.0.4.0

/ip route
add distance=1 gateway=10.0.4.9

/system identity
set name="Switch 2 (comms room)"

/system package update
set channel=current

/system routerboard settings
set protected-routerboot=disabled

/tool romon port
add

Based on this post: http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment

2

I should note that I can connect using winbox using mac addresses over the network just not using IPs

3

Have you tried putting an IP directly on SFP1 on each side to see if you can pass traffic without VLAN tags?

4

Ou good shout!

Have just tried that and they are responding to pings using tools>ping so they are definitely talking to eachother but the VLANS are not working

5

Are the two CRS switches connected locally via fiber or are you connecting to a private fiber circuit?

6

Locally via fibre.

Currently next to each other on a long patch lead for testing.

I have also tried disconnecting the fibre and linking them using Eth23 with Vlan4 attached and they behave the same, I can configure them both by mac address but only the local one via IP

7

Take a look at example one in the link below…the config on ether2 is probably what you’re looking for. Bridging is not the best way to use VLANs in a CRS. Set that up on each side of the CRS on SFP1 and then do the step below as well.

http://wiki.mikrotik.com/wiki/Manual:CRS_examples

Set the SFP1 port as the master and all other ports as slaves of sfp1 and then build a VLAN interface under SFP1 for each VLAN you need to put an IP on.

Also, don’t forget to tag each VLAN you need an IP on to the CPU so it can communicate with the switched ports like this:

/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=111
8

You sir are utterly excellent! thank you I now have Vlans talking across switches I was just going entirely the wrong way about it.

The only thing I can’t seem to do is assign the CCR an IP on one of the Vlans, do you know if that is possible or do I have to configure them from Vlan0 ports?

i.e I have ether1 as an untagged Vlan3 port and an IP assigned to ether1 but I cannot hit that IP with winbox from ether1 or any of the other vlan3 ports!