Q-IN-Q Help

RouterOS General
1

Hi.

I’m hoping someone can shed some light on this for me

Suppose I have the follow


What I want to achieve, I was to q-in-q the vlans over VLAN2000 to the second switch.

As you can see, in the switch I have 2 clients (untagged/access) in VLAN 10, then because the switch cannot do q-in-q by itself, I want the HEX to do it.

So the clients come into the HEX on directly on the bridge interface.

On the hex I then create a vlan-10 interface that uses vlan-2000 as its master (to create the q-in-q) then I add vlan10 to the bridge.

Is that the correct way to do it?

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether1-gateway
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local




/interface vlan
add interface=vlan2000-uplink l2mtu=1596 name=vlan10-qinq vlan-id=10
add interface=bridge-local l2mtu=1596 name=vlan2000-uplink vlan-id=2000

The problem is that the moment I bridge the VLAN’s I can no longer ping across the q-in-q link (before bridging, traffic passes normally via the q-in-q vlan)

/interface bridge port
add bridge=bridge-local interface=vlan10-qinq
2

If bridge-local is base interface, on top of that is vlan2000-uplink and on top of that vlan10-qinq, then bridging vlan10-qinq down to bridge-local looks a little “loopy” to me.

Can you use two ports on hEX?

/interface vlan
add interface=ether1 name=vlan2000-uplink vlan-id=2000
add interface=vlan2000-uplink name=vlan10-qinq vlan-id=10
/interface bridge port
add bridge=bridge-local interface=vlan10-qinq
add bridge=bridge-local interface=ether2

Where ether1 would be connected to port with tagged vlan 2000 on switch and ether2 would go to port with untagged vlan10. Or maybe it could be possible with just one port using some bridge filters. Because currently RouterOS does not allow to pick only untagged traffic from interface and bridge it.

3

Thanks.

Ye it looked loopy to me too :slight_smile:

I ended up just tagging the traffic up to the hex the bridign on the vlan.

Next step was two cables, but this works.