Switch VLAN Trunks - Can't get it to work

kwagga · May 5, 2020, 12:38pm

Hi Guys,

I’m trying to get VLAN switching the “new” way to work, and also to use best practices (by using the built-in switch chip, instead of using CPU) - it’s been a while since I worked on ROS.

I’m trying to trunk a RB2011 to a Ubiquiti Edgemax Router.

ETH1 - Trunk to Router
ETH2 - Trunk to DISC5, with more devices beyond it, also not sure how to trunk those ports…
ETH3-10 access/hybrid

The RB2011 does not get an IP address via DHCP on either VLAN 1 native, or the MGMT VLAN 100.

[admin@MikroTik] > export compact 
# jan/02/1970 00:05:03 by RouterOS 6.46.6
# model = 2011UAS-2HnD

/interface bridge
add name=bridge1

/interface vlan
add interface=bridge1 name=VLAN100-MGMT vlan-id=100

/interface ethernet switch port
set 1 vlan-mode=secure
set 2 vlan-mode=secure
set 3 default-vlan-id=1 vlan-mode=secure
set 4 default-vlan-id=1 vlan-mode=secure
set 5 default-vlan-id=1 vlan-mode=secure

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether1

/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=100
add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=101
add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=50
add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=51
add independent-learning=yes ports=ether1,ether2 switch=switch1 vlan-id=1
add ports=ether6,ether7,ether8,ether9 switch=switch2 vlan-id=1

/ip dhcp-client
add default-route-distance=2 disabled=no interface=VLAN100-MGMT

The above code is almost exactly copied from https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Setup_Examples only with additional config for the downstream trunk (ETH2) etc.

EdgeOS VLAN info:

I’m sure I’m doing something stupidly wrong, please can someone point me in the right direction?

Thanks in advance, much appreciated.

Regards,
Werner
code used.txt (1.54 KB)

tdw · May 5, 2020, 2:00pm

You have not included the CPU port in the switch VLAN configuration, see https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Management_access_configuration
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=100
…

Be aware that traffic between the two switch chips has to travel via the CPU ports, Mikrotik actually recommend sacrificing two switch ports to link them together externally as an option https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_filtering_with_multiple_switch_chips

Also be aware that the fast ethernet switch chip on ether6-10 does not support hardware hybrid ports, only access or trunk.

kwagga · May 6, 2020, 10:41am

Thanks tdw! That was the missing ingredient.

I see what you mean by using L1 bridging to avoid using up the CPU, luckily for me, in this specific use case, eth6-10 is for low bandwidth applications (<10mbps).

I am observing some weird behavior, my desktop gets IP information on switch 2’s ports, but other devices like Philips Hue, doesn’t Any ideas?

sindy · May 6, 2020, 11:08am

Most Microsoft Windows network drivers silently strip VLAN tags if they receive tagged frames. Could this be the reason?

kwagga · May 6, 2020, 11:33am

sindy, you’re right, stripping vlans before exiting port fixes it…

but as per this:

I left it as “leave as is”…

sindy · May 6, 2020, 11:45am

Correct, but switch2 (ether6 to ether10) is an 8227, not 8327, so it has a different behaviour. This is exactly the reason why you cannot configure hybrid ports on it (except a very special case).

kwagga · May 6, 2020, 12:18pm

Thanks sindy!

kwagga · May 6, 2020, 2:23pm

..alright… so all is not well, after getting everything working, I still had issues with PTP SXT’s down the line (ETH2)… at the same time, I began to notice my Winbox sessions would disconnects accross both computers I’m using, they’re connecting via IP - I would then need to reset the NIC/unplug the cable, the PC would get an IP after an unusual delay, and after a couple seconds, would stop working again.

These issues are only being experienced with devices plugged into the RB2011, and only sporadic.

I though the network is flapping, but I don’t see a packet storm, nor CPU’s working hard - across the board they are idling at 2% to 4%.

Any guidance here would be appreciated. The common VLAN misconfiguration guide, nothing sounds exactly like my issue…

config for reference attached.
rb2011_vlan_issue.rsc (2.59 KB)

kwagga · May 7, 2020, 1:49pm

Got it figured out!

Bottom line, don’t config bridge vlans and switch vlans at the same time, to do the same task…