strange vlan setup

michelepetrazzo · September 7, 2010, 7:23am

Hi all,
I have a RB750G board and I’m trying to create a “strange” vlan setup:

on a port, say eth1, the RB can receive traffic that have and haven’t vlan tag
always on eth1 the tagged data, if has the right tag (say vlan 10) have to pass through the RB
always on eth1 the untagged data must be tagged by the RB with a tag, say 5
both traffic above will go out to another port, say eth2, where all the traffic must be tagged (5, 10)
of course, out of eth2 there is an appliance that understand the tags and reply with them
traffic incoming from eth2 have to be forwarded to eth1 with tag 10 and without it (untagged 5)

I know that is strange, but there is a possibility to achieve this setup?
Squeeze my head I think that, for example with a switch like ios, I can’t, but could be that with RouteOs I can!

Thanks,
Michele

blake · September 7, 2010, 8:05am

/interface ethernet switch rule
add switch=switch1 ports=ether1 vlan-id=10 new-dst-ports=ether2
add switch=switch1 ports=ether1 vlan-header=not-present new-vlan-id=5 new-dst-ports=ether2
add switch=switch1 ports=ether2 vlan-id=10 new-dst-ports=ether1
add switch=switch1 ports=ether2 vlan-id=5 new-vlan-id=1 new-dst-ports=ether1

I’m not sure if the last rule will work, although it would make sense to tag the traffic with the native VLAN ID in order to ‘remove’ the VLAN.

Let me know how this works.

michelepetrazzo · September 24, 2010, 3:00pm

blake:

/interface ethernet switch rule
add switch=switch1 ports=ether1 vlan-id=10 new-dst-ports=ether2
add switch=switch1 ports=ether2 vlan-id=10 new-dst-ports=ether1

add switch=switch1 ports=ether1 vlan-header=not-present new-vlan-id=5 new-dst-ports=ether2

Let me know how this works.

First of all, thanks and sorry for the late reply.

For test, I setup two pcs (both with debian). One, connected on RB eth1, with two interfaces, no vlan (192.168.20.2) and vlan 10 (192.168.10.2). The second on RB eth2 with two interfaces: vlan 5 (192.168.20.1) and vlan 10 (192.168.10.1).

After some test, firsts two rule work and traffic from and to vlan 10 are correctly forward from and to RB eth1/2:

(tcpdump on pc connected on RB eth2)
16:38:32.672484 vlan 10, p 0, arp who-has 192.168.10.1 tell 192.168.10.2
16:38:32.672551 vlan 10, p 0, arp reply 192.168.10.1 is-at 00:80:c8:39:1f:24

16:42:34.862459 vlan 10, p 0, IP 192.168.10.2 > 192.168.10.1: ICMP echo request, id 7426, seq 10, length 64
16:42:34.862628 vlan 10, p 0, IP 192.168.10.1 > 192.168.10.2: ICMP echo reply, id 7426, seq 10, length 64

but the last not:
(tcpdump on pc connected on RB eth2)

16:51:54.483289 arp who-has 192.168.20.1 tell 192.168.20.2

so, seem that the rule that have to tag the traffic, doesn’t!

I’m in wrong or there are something other?

Thanks,
Michele