IP configuration problem

jowe · June 20, 2025, 10:56am

Hello,

I have a problem with VLAN IP configuration:

Why does a remote ping of 172.23.129.32 (in VLAN99) only work with an additional configured line:

add address=172.23.128.32/24 interface=br_lan network=172.23.128.0

This is the main config:

/interface bridge
add name=br_lan vlan-filtering=yes
/interface vlan
add interface=br_lan name=vlan99 vlan-id=99
/interface bonding
add lacp-rate=1sec mlag-id=11 mode=802.3ad name=mlag-combo1 slaves=combo1 transmit-hash-policy=layer-3-and-4
add lacp-rate=1sec mlag-id=12 mode=802.3ad name=mlag-combo2 slaves=combo2 transmit-hash-policy=layer-3-and-4
/interface bridge mlag
set bridge=br_lan peer-port=sfp-sfpplus1
/interface bridge port
add bridge=br_lan interface=combo3
add bridge=br_lan interface=combo4
add bridge=br_lan interface=sfp-sfpplus3
add bridge=br_lan interface=sfp-sfpplus4
add bridge=br_lan interface=sfp1
add bridge=br_lan interface=sfp2
add bridge=br_lan interface=sfp3
add bridge=br_lan interface=sfp4
add bridge=br_lan comment="peer port" frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1 pvid=98
add bridge=br_lan comment=uplink interface=mlag-combo1
add bridge=br_lan interface=mlag-combo2
/interface bridge vlan
add bridge=br_lan tagged=sfp-sfpplus1 vlan-ids=1
add bridge=br_lan tagged=sfp-sfpplus1,mlag-combo1,mlag-combo2 vlan-ids=40
add bridge=br_lan tagged=sfp-sfpplus1,mlag-combo1,mlag-combo2 vlan-ids=60
add bridge=br_lan tagged=sfp-sfpplus1,mlag-combo1 vlan-ids=20
add bridge=br_lan tagged=sfp-sfpplus1,mlag-combo1 vlan-ids=99
/ip address
add address=172.23.129.32/24 interface=vlan99 network=172.23.129.0
add address=172.23.128.32/24 interface=br_lan network=172.23.128.0

For me this looks like a bug, how can setting an IP of the default net make a VLAN IP responding?

Thanks for any advise.

kr

Josef

loloski · June 20, 2025, 11:18am

It’s not a bug you should include your bridge as part of the tagged and it will work

e.g

interface/bridge/vlan/add  bridge=br_lan tagged=br_lan,sfp-sfpplus1 untagged=sfp-sfpplus2 vlan_ids=99

jowe · June 24, 2025, 12:55pm

Thank you very much for your quick response however ping doesnt work either.
Isn´t the bridge included dynamically by interface vlan settings, why do I have to add the bridge explicitly?

Anyway ping for vlan99 works only after enabling ip for interface br_lan.

anserk · June 24, 2025, 7:17pm

Why do you have PVID 98 on sfp-sfpplus1? Also, I’m not sure tagging VLAN 1 is a good idea.

Where are you pinging 172.23.129.32 from, what network?

jowe · June 25, 2025, 7:19am

sfp-sfpplus1 is the mlag peer, so pvid set on both sides to VLAN98.
what I know and tested is that all vlans must be tagged on the peer ports, even 1. also it might be better not to use 1 in an environment like this.

good point. i tested from 172.23.128.0/24. a ping from the second mlag switch works.

anserk · June 25, 2025, 6:15pm

And which VLAN is that? Not shown in the configuration. If ping works only after enabling IP address, this sounds like a routing issue.

I’m not experienced with MLAG, but it’s weird to see PVID configured (ingress) yet no VLAN 98 defined to tag egress.