how to get switch working with vlan

pe1chl · January 22, 2016, 5:43pm

I have an existing RB2011UAS-RM config with two vlan ID’s on LAN and with bridging.
on ether2 two VLAN interfaces were created: ether2.vlan44 and ether2.vlan58
on ether3 the same two VLAN interfaces: ether3.vlan44 and ether3.vlan58
ether2.vlan44 and ether3.vlan44 are in a bridge
ether2.vlan58, ether3.vlan58, ether4 and ether5 are in another bridge
(so vlan58 is tagged on ether2 and ether3 and untagged on ether4 and ether5)

Now I want to start using the switch between those ports ether2…ether5 instead of the bridges.
So I removed the ports from the bridges, disabled ether3.vlan44 and ether3.vlan58,
made ether 3, 4 and 5 slave ports of ether2, and setup this switch config:

/interface ethernet switch port
set 4 default-vlan-id=58 vlan-header=always-strip
set 5 default-vlan-id=58 vlan-header=always-strip
/interface ethernet switch vlan
add independent-learning=no ports=ether2,ether3 switch=switch1 vlan-id=44
add independent-learning=no ports=ether2,ether3,ether4,ether5 switch=switch1 vlan-id=58

I assumed that I can now communicate across ether2.vlan44 and ether2.vlan58, and the
traffic will go to ether2 and ether3 tagged, and traffic to ether2.vlan58 will also go to
ether4 and ether5 but will be untagged on those ports.

It does not work…
What am I doing wrong?

pe1chl · January 22, 2016, 5:59pm

I should add that I also tried changing the vlan mode to vlan-mode=secure and vlan-mode=fallback on all the ports,
but no difference. Once I try switched mode I cannot reach ports 3,4,5 anymore…
I find the switch vlan documentation very confusing… especially the part where a master port like ether2 is used
both as an external port and a link to the router itself.

ZeroByte · January 22, 2016, 7:04pm

This is exactly why I never bothered to learn this for Mikrotik.

In cisco, you could die of boredom while typing “switchport access vlan 10” or “switchport trunk allowed vlan 10,20,30” because it’s so simple.

Or - many switches use a grid interface where you have interfaces and vlans, and at the intersection of each, there’s a selection: tagged/untagged/blocked"

Wouldn’t THAT be hard to understand for newbies?
form.png

pe1chl · January 22, 2016, 7:06pm

Never mind, after a lot of tinkering I got it working…

/interface ethernet switch port
set 2 vlan-mode=secure
set 3 vlan-mode=secure
set 4 default-vlan-id=58 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=58 vlan-header=always-strip vlan-mode=secure
set 11 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=no ports=switch1-cpu,ether2,ether3 switch=switch1 vlan-id=44
add independent-learning=no ports=switch1-cpu,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=58

pe1chl · January 22, 2016, 7:07pm

I agree!!
But in this case I require gigabit performance between ports 2 and 3, so I had to fight with it.
Normally bridge is fine and much more flexible…

ZeroByte · January 22, 2016, 7:13pm

hqdefault.jpg