junos to mikrotik trunk does not function

psycholomo · October 12, 2015, 7:41am

Hey guys,

First time poster here but I feel like I am at the end of my rope after spending a day and a half trying to figure this issue out I figured the mikrotik forums would be the best place to ask a question like this.

Ultimately the problem that I am having is that I cannot get my mikrotik RB2011UiAS to talk to my srx-110 in any shape or form as far as tell. I know that it is layer 2 as I cannot even get arp requests to resolve between these two boxes. When I torch the interface as well as doing a packet dump with wireshark I see that broadcasts are going out but they are unable to discover each other. Maybe one have you have ran into this problem before and Im hoping that it is just something with my configuration but I am not sure. I have scoured the internet and the latest post was from 2010 about junos and mikrotik so it does not instill much confidence. Maybe there is something more up to date out there? When I connect a cisco 2960 to the srx I have no issues with trunking. The mikrotik is a completely different story and I’m not sure what is going on.

My configuration for the srx and the mikrotik are pasted below. Currently ether-6-master-local is connected to the junos box on fe-0/0/7

Junos config:

vlan {
unit 0 {
family inet {
address 172.16.32.1/24;
}

fe-0/0/7 {
fastether-options {
no-auto-negotiation;
}
interfaces {
vlan.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vlan0 production ];
}
native-vlan-id vlan0;
}
}
}
vlan0 {
vlan-id 2;
l3-interface vlan.0;
}
}

Mikrotik Config:

/export hide-sensitive

jan/02/1970 01:35:59 by RouterOS 6.32.2

software id = XVIF-CX9G

/interface bridge
add admin-mac=E4:8D:8C:23:6B:1A auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-236B23 wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=bridge-local l2mtu=1582 name=vlan0 use-service-tag=yes vlan-id=2
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=vlan0
/ip address
add address=192.168.88.1/24 comment=“default configuration” interface=bridge-local network=192.168.88.0
add address=172.16.32.2/24 interface=bridge-local network=172.16.32.0
add address=172.16.32.3/24 interface=vlan0 network=172.16.32.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment=“default configuration” gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment=“default configuration” protocol=icmp
add chain=input comment=“default configuration” connection-state=established,related
add action=drop chain=input comment=“default configuration” in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment=“default configuration” connection-state=established,related
add chain=forward comment=“default configuration” connection-state=established,related
add action=drop chain=forward comment=“default configuration” connection-state=invalid
add action=drop chain=forward comment=“default configuration” connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment=“default configuration” out-interface=ether1-gateway
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local

mrz · October 12, 2015, 11:06am

Try to set service-tag=no

psycholomo · October 12, 2015, 3:37pm

Thanks for the suggestion. I went ahead and did this but it is still not functioning. Just for a test I connected other devices to the mikrotik and anything directly connected to it resolves arp properly. Only other smart devices are not being recognized.

onnoossendrijver · October 13, 2015, 7:10am

Can you put your juniper config in a

block. Right now it is missing large parts of configuration.

cegner · October 13, 2015, 8:03am

Don’t put the native vlan to the members list.

unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ production ];
}
native-vlan-id vlan0;
}
}
}

psycholomo · October 20, 2015, 5:28pm

I have finally figured out my issue with Mikrotik. I had to not only tag the switches with vlans but had to do port based Vlanning instead of bridged based vlanning. By marking my uplink with the junos switch with a specific ip and tagging it with the right vlan and the bridging that vlan across the switch I was able to get full connectivity.

I am still not entirely sure why this worked when only pure bridged vlanning did not but thanks for the suggestions guys.