RB750GL Vlan issues

ryanww · May 21, 2012, 10:15pm

I have a few RG750GL’s (with the 8327 chips) and I am not getting any love for adding vlan interfaces.

Basically I am adding a second SSID/Network to an existing UBNT Unifi AP. So one untagged connected to one bridge and a tagged vlan connected to a 2nd bridge. I’ve bridged other ports in with that bridge and been able to get an IP & connect. But on the port I have added a vlan to, only the normal untagged interface works. The vlan interface does nothing. I have tested with multiple 750’s, multiple switches, ap’s and my mac book pro. Nothing is seeming to work.

Here is an export with the last test I’ve done. Any help on this as I can’t seem to find any other hints on the forums with vlans and the 750gl.

[admin@MikroTik] /interface> export
# jan/02/1970 01:49:20 by RouterOS 5.16
# software id = NTJJ-JRZ8
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s \
    mtu=1500 name="lan bridge" priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s \
    mtu=1500 name="glen net" priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    00:0C:42:FF:65:86 master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    00:0C:42:FF:65:87 master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    00:0C:42:FF:65:88 master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    00:0C:42:FF:65:89 master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    00:0C:42:FF:65:8A master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface vlan
add arp=enabled disabled=no interface=ether5 l2mtu=1594 mtu=1500 name=vlan1 use-service-tag=no vlan-id=60
add arp=enabled disabled=no interface=ether2 l2mtu=1594 mtu=1500 name=vlan2 use-service-tag=no vlan-id=60
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface bridge port
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=ether4 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether5 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=vlan1 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=vlan2 path-cost=10 point-to-point=auto \
    priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=\
    FE:66:8E:25:9D:91 max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 \
    mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 \
    max-mtu=1500 mrru=disabled port=443 verify-client-certificate=no

[admin@MikroTik] /interface> /ip export
# jan/02/1970 01:50:01 by RouterOS 5.16
# software id = NTJJ-JRZ8
#
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
    login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=\
    no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254
add name=dhcp_pool2 ranges=10.0.5.2-10.0.5.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface="lan bridge" lease-time=3d \
    name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static disabled=no interface="glen net" lease-time=3d name=\
    dhcp2
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.1.1/24 disabled=no interface="lan bridge" network=10.0.1.0
add address=10.0.5.1/24 disabled=no interface="glen net" network=10.0.5.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.0.1.0/24 dhcp-option="" dns-server=10.0.1.1 gateway=10.0.1.1 ntp-server="" wins-server=""
add address=10.0.5.0/24 dhcp-option="" dns-server=10.0.5.1 gateway=10.0.5.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=4096 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set vlan1 disabled=yes
set "lan bridge" disabled=no
set "glen net" disabled=no
set vlan2 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none \
    max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 \
    serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes

cbrown · May 22, 2012, 11:39am

You need to put the tagged VLAN on the bridge interface, not on the interface that is in the bridge.

ryanww · May 22, 2012, 7:49pm

Kind of confused by what you mean.

There are two bridges. The lan bridge contains a port with the normal interface of ethernet 5. The 2nd bridge, glen bridge, has the vlan 1 from ethernet 5 in it. 2 separate networks.

So are you saying that I should join the ethernet 5 into the lag bridge, then make a vlan interface from the bridge interface and that can be connected into the 2nd bridge?

Ryan

JJCinAZ · May 23, 2012, 4:04pm

He means you need to do this:

/interface vlan
add arp=enabled disabled=no interface="lan bridge" l2mtu=1594 mtu=1500 name=vlan1 use-service-tag=no vlan-id=60
/interface bridge port
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=ether4 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether5 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=vlan1 path-cost=10 point-to-point=auto \
    priority=0x80

Notice that once an interface is “captured” by a bridge, then the VLAN’s must be manually moved to the bridge instead of the interface. This is because in the networking code, the packets “arrive” on the bridge instead of the actual interface and this is there the code starts looking at the Ethernet packet type to determine if a VLAN tag is present.

ryanww · May 25, 2012, 7:24am

JJCinAZ:

He means you need to do this:
/interface vlan
add arp=enabled disabled=no interface="lan bridge" l2mtu=1594 mtu=1500 name=vlan1 use-service-tag=no vlan-id=60
/interface bridge port
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether2 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether3 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=ether4 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="lan bridge" disabled=no edge=auto external-fdb=auto horizon=none interface=ether5 path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="glen net" disabled=no edge=auto external-fdb=auto horizon=none interface=vlan1 path-cost=10 point-to-point=auto \
    priority=0x80
Notice that once an interface is “captured” by a bridge, then the VLAN’s must be manually moved to the bridge instead of the interface. This is because in the networking code, the packets “arrive” on the bridge instead of the actual interface and this is there the code starts looking at the Ethernet packet type to determine if a VLAN tag is present.

Thanks! I will do this when i get back in front of this. I guess every other time I’ve tried this, I didn’t have the port in a bridge. Didn’t realize that it would entirely capture it like that. Good to know!

Ryan