RB3011 - switching does not work

RouterOS Beginner Basics
1

Hello experts,

since many years I’m running an RB3011 uias-rm in my home network.
What I have configured during all this time was a WAN router on ether1 and a trunk on ether5 which is connected to a
Ubiquiti USW-16 PoE Gen2 switch where all my equipment and wireless access points are connected to.

I have several VLANS

/interface vlan
add interface=bridge1 name=vlan_17_server vlan-id=17
add interface=bridge1 name=vlan_18_client vlan-id=18
add interface=bridge1 name=vlan_19_homeoffice vlan-id=19
add interface=bridge1 name=vlan_20_media vlan-id=20
add interface=bridge1 name=vlan_21_client_wifi vlan-id=21
add interface=bridge1 name=vlan_22_sonos_wifi vlan-id=22
add interface=bridge1 name=vlan_23_smarthome vlan-id=23
add interface=bridge1 name=vlan_24_guestwifi vlan-id=24
add interface=bridge1 name=vlan_99_mgmt vlan-id=99




/ip address
add address=192.168.99.1/24 comment="Management IP" interface=vlan_99_mgmt network=192.168.99.0
add address=192.168.20.1/24 comment="Gateway Multimedia" interface=vlan_20_media network=192.168.20.0
add address=192.168.10.254/24 comment="Gateway Interface fuer FritzBox" interface=ether1 network=192.168.10.0
add address=192.168.18.1/24 comment="Gateway Client Netzwerk" interface=vlan_18_client network=192.168.18.0
add address=192.168.17.1/24 comment="Gateway Server" interface=vlan_17_server network=192.168.17.0
add address=192.168.19.1/24 comment="Gateway Homeoffice, ueber WAN2 Routen" interface=vlan_19_homeoffice network=192.168.19.0
add address=192.168.21.1/24 comment="Gateway Client WiFi" interface=vlan_21_client_wifi network=192.168.21.0
add address=192.168.22.1/24 comment="Gateway SONOS WiFi" interface=vlan_22_sonos_wifi network=192.168.22.0
add address=192.168.23.1/24 comment="Gateway Smarthome" interface=vlan_23_smarthome network=192.168.23.0
add address=192.168.24.1/24 comment="Gateway Guest Wifi" interface=vlan_24_guestwifi network=192.168.24.0

Now I want to connect my raspberry pi cluster, or at least the first node to ether3 - but stupid me, I’m not able to get it working.
My dedicated server VLAN is 17, which is a class-c network of 192.168.17.0/24. The PIs fixed IP is 192.168.17.200

Here is my interface,bridge, switch config:

/interface bridge
add dhcp-snooping=yes igmp-snooping=yes multicast-querier=yes name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment="WAN1 FritzBox"
/interface vlan
add interface=bridge1 name=vlan_17_server vlan-id=17
add interface=bridge1 name=vlan_18_client vlan-id=18
add interface=bridge1 name=vlan_19_homeoffice vlan-id=19
add interface=bridge1 name=vlan_20_media vlan-id=20
add interface=bridge1 name=vlan_21_client_wifi vlan-id=21
add interface=bridge1 name=vlan_22_sonos_wifi vlan-id=22
add interface=bridge1 name=vlan_23_smarthome vlan-id=23
add interface=bridge1 name=vlan_24_guestwifi vlan-id=24
add interface=bridge1 name=vlan_99_mgmt vlan-id=99
/interface ethernet switch port
set 2 default-vlan-id=17 vlan-header=always-strip
set 3 vlan-mode=secure
set 4 vlan-mode=secure
set 5 default-vlan-id=17 vlan-mode=secure
/interface list
add include=all name=allWifi
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether6 pvid=17
add bridge=bridge1 interface=ether3 pvid=17
/interface ethernet switch vlan
add independent-learning=yes ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=no ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=99
add independent-learning=no ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=18
add independent-learning=no ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=19
add independent-learning=yes ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=21
add independent-learning=yes ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=22
add independent-learning=yes ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=23
add independent-learning=no ports=ether5,ether4,switch1-cpu,ether3 switch=switch1 vlan-id=17
add independent-learning=no ports=ether5,ether4,switch1-cpu switch=switch1 vlan-id=24
/interface list member
add interface=vlan_21_client_wifi list=allWifi
add interface=vlan_22_sonos_wifi list=allWifi
add interface=vlan_23_smarthome list=allWifi

I’m very happy if someone can shed some light on my problem. It’s frustrating me since a long time. But until now, I had no time to write an forums post.

Thank you all in advance.
Richard

2

You must set vlan-mode to something other than default (which is “disabled” IIRC, it might be “check” as well) in order for switch chip to manipulate VLAN headers. E.g.:

/interface ethernet switch port
set 2 default-vlan-id=17 vlan-header=always-strip mode=secure
3

Okay, I finally found my problem:

  1. I need to configure the VLANs in the bridge
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether5_POE_SW untagged=ether3_k8s_w1,ether4_k8s_w2 vlan-ids=17
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=1
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=18
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=21
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=22
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=23
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=19
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether5_POE_SW vlan-ids=99
  1. and finally need to activate VLAN filtering
/interface bridge
add dhcp-snooping=yes igmp-snooping=yes multicast-querier=yes name=bridge1 protocol-mode=none vlan-filtering=yes
4

Actually you didn’t find the problem/solution.

There are two distinct ways of configuring VLANs on MT devices:

  1. VLAN-aware bridge
    Everything is configured under /interface/bridge sub-tree.
    This is the preferred method and is available since ROS 6.42. It is supported by all devices (regardless actual hardware present). Functions may be offloaded to underlying hardware in which case traffic bypasses CPU and generally it means wirespeed operation. If functions are not offloaded, then traffic passes CPU and in case of weak CPU this may mean bottleneck.
  2. on switch chip
    Everything is configured under /interface/ethernet/switch subtree.
    This is method available since the big bang on devices which expose switch chip configuration API. Commands available are depending on actual hardware present. Traffic is handled by underlying hardware.

One should not mix both options on same device … while ROS accepts config, it may misbehave in some random ways.

Your device supports option #2 (and most config from post #1 is done accordingly). It also supports option #1 but without HW offload. And is the way you went with config in your last post. I difn’t check it thoroughly, if xou say it works then fine. But consideration about performance is valid very much.