tagged-untagged vlan in CRS112 and issue

OKNET · August 21, 2023, 4:25pm

Goal : forward tagged Vlan99 across switched and use Vlan99 itself to manage both CRS112 , also tag Vlan20 across switches to let few PC to use a different subnet (untagged traffic) coming from a different switch.

I made this configuration in both CRS112 :

/interface bridge
add name=bridge1

/interface vlan
add interface=bridge1 name=vlan99 vlan-id=99

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=sfp9
add bridge=bridge1 interface=sfp10
add bridge=bridge1 interface=sfp11
add bridge=bridge1 interface=sfp12

/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,vlan-id=20
add tagged-ports=switch1-cpu,ether1 vlan-id=99

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=20 ports=ether7,ether8

/interface ethernet switch vlan
add ports=ether1,ether7,ether8 vlan-id=20
add ports=switch1-cpu,ether1,sfp9 vlan-id=99

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether7,ether8,sfp9

Is it a correct way to config ?
Issue:
Vlan20 traffic itself is OK on both machines
Both CRS are reachable from Vlan99 and the Vlan traffic flows across tagged ports.

When I connect the Vlan20 untagged port to its dedicated untagged switch, connectivity on Vlan99 (both forwarded traffic and switch1-cpu acces) is lost, it comes back exactly whan I unplug the Vlan20 from switch (it has a completely separated phisical layer and ip subnet).

What happen ?

mkx · August 21, 2023, 6:27pm

So you’re saying that on the far left side there’s a switch which has one untagged port connected to R1 eth7 and one tagged port connected to R1 sfp9? Depending on xSTP dialect this is a loop (onky MSTP is VLAN aware, other STP dialects only deal about physical connectivity). And it’s bridge’s task to break the loop by disabling one of links, default behaviour is to disable the slower link.

Since you use VLAN-aware gear, use trunk ports for interconnnects. If you want to use two links (for capacity reasons), configure them as LACP bond (and you get redundancy for free).

OKNET · August 21, 2023, 8:33pm

No, the problem is that on the left side there are two physically separated networks, with different switches and subnets, unless there is some closing path I’m not aware of…
Bridge on CRS has no STP configured

mkx · August 22, 2023, 4:25am

What does log show between connecting vlan20 untagged switch and disconnecting it?

OKNET · August 22, 2023, 6:58am

Well… my fault: actually RSTP IS configured on bridge
anyway logging as-is shows nothing when I connect Vlan20 switch.
removing RSTP there are no more disconnections with all interfaces connected and all traffic per vlan is fine.
The fact I lose Vlan99 when RSTP is enabled makes me think to a loop somewhere…