I’m having trouble implementing multiple vlans from Mikrotik router thru a UniFi Switch (USW). I’m used multiple vlans with Mikrotik routers & AirMax equipment, or thru ToughSwitches with success before, but this is my first time using a USW.
Everything works as it should until I try to add a “Corporate” subnet with tagged & untagged ports on the Mikrotik. (see diagram below) As soon as I put the “Corporate” vlan into a bridge on the Mikrotik I lose contact with the UniFi Switch & UAPs behind it, and all traffic thru the UniFi Switch & UAPs stop as well.
Mikrotik CCR1009-1S-1S+ with v6.32.2
UniFi Switch 48 POE-500W with v3.3.10.3824
UniFi Controller v4.7.5 (hosted at my office; L3 adoption for all UniFi devices)
Network Schematic.png
The Mikrotik port (Eth6), which goes to the USW, has 6 tagged vlans and “Management” subnet untagged. The USW has “All” networks/vlans on Port 1 (the link to the Mikrotik). Then the ports for the UAP have one of the following:
• “HotelGuest” vlan tagged with “Management” untagged
• one of the “Conference” vlans tagged with “Management” untagged
• “HotelGuest” vlan tagged & the “Corporate” vlan tagged with “Management” untagged
• There are a couple USW ports that are access ports (untagged) for one of the “Conference” vlans without UAPs.
The UAPs are using the corresponding vlan tag for whichever SSID(s) they are broadcasting.
Another port from the Mikrotik goes to a ToughSwitch 8-port with a similar setup. (see diagram)
In the Mikrotik:
Eth1 – Eth3 are in “Bridge-Corp”
Eth5 – has vlans listed on diagram / in “Bridge-Management”
Eth6 – has vlans listed on diagram / in “Bridge-Management”
When I’ve have it setup just like this it works. But when I try to create some access ports (untagged) on the Mikrotik itself everything in the USW stops working. But everything coming off the ToughSwitch continues to work.
To create access port on the Mikrotik I add vlan260-Corporate to the “Bridge-Corp”. Then it’s like a loop is created? Or having the vlan in the bridge floods Eth6 with broadcast traffic?
I can make this setup work in the lab with a different model Mikrotik and a ToughSwitch, so I’m trying to figure out if it’s a Mikrotik issue or USW issue. I have a feeling it’s a USW issue.
Any thoughts or insights? I have also posted this on the Ubiquiti forum.
first of all you have to know if its a switch problem or router problem
of course with the web gui of unifi switches can be a little difficult
try using only eth 5-8 on ccr1009 this ports are direct to the cpu to discard integrated switch (eth1-eth4) fault
off course be sure of use at least 6.30.4 ros and latest firmware 3.27
then if this not correct the situation use the switched ports on mikrotik again to take advantage of switch host list to see if you lost layer 2 connectivity
I have some experience with cheap switches, and some are really weird.
Maybe the same for your switch.
I have setup many other switches (3com, cisco, HP) with complicated VLAN without problem, but on the low-end market it appears that the people writing the firmware do not understand the VLAN concept and/or stay close to how the chips need to be programmed.
E.g. when you want to have untagged ports, it is not uncommon that you have to program the “remove tag on output” and “add tag on input” separately for each port, and when you don’t yet know that it will be impossible to get it working.
This is the reason I returned my Unifi switch and used an Edgeswitch instead.
The problem is I never managed to set up a trunk port on the Unifi switch (never found such an option), and I suppose it needs an Unifi router to allow such setup.
Maybe as a hint and a good luck wish: For the Edgeswitch, which had the same initial behavior, I had to disable STP on the switch which seems to be the culprit. After that, all was working OK (with a proper VLAN setup, of course).
Docmarius, Ubnt has just release a firmware that allows you to have management of the USW on a VLAN, thus creating a trunk port. But I think you have to have untagged DHCP on first to associate it to the Controller software and then you can change it to the management vlan.
But to get it to work I had to change Bridge-Corp on the Mikrotik to STP (not the default RSTP). Then everything came up. Bridge-Management is still RSTP. No way to change these settings on the UniFi Switch.
Ty to both of you - 8 Hours of complete RAGE - then giving up to look at another day, and find this. My exact problem appears to be that the Unifi Switch doesn’t appear to handle anything apart from one Network (VLAN or Not) when RSTP is enabled on the Bridges.
NO VLAN in Unifi Controller - Network up but VLAN no go.
VLAN On in Unifi - ALL Traffic runs through the VLAN - had to put the VLAN that was on the LAN Bridge into the LAN Bridge to even get access back while troubleshooting (lucky it didn’t loop and die ).
was Messy, but i Will Confirm that RSTP cannot be enable at this stage with Unifi Switch and Mikrotik (from my experience andywho)
).