Trouble with switch chip and VLANs

HeinzZ · August 28, 2014, 1:58pm

Hi all!

I’m trying to figure out how to use switch chip of lower-level RBs (750s, 2011s etc) together with VLANs. I have some experience with L2 switches so I’m basically trying to replicate the behavior i’m used to, however it looks like I’m missing some crucial part of this puzzle. = )

I’ve read several times the description on http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features and made myself testing setup with 3 750GLs replicating the example under “Example - 802.1Q Trunking with Atheros switch chip in RouterOS v6” in aformentioned article, however when i send packets around, i get very weird results. Basically what happens si that “vlan-header” option has no effect at all on 802.11q header, doesn’t strip or add anything no matter where packet is coming from and where it’s headed (unicast and multicast as well), however if I set default-VLAN-ID, it strips the tag on egress traffic matching the default VLAN ID and tags any untagged ingress traffic with default ID. Basically, i can replicate the same setup with all vlan-header fields on all ports set on leave-as-is, and setting anything else does not change the behavior at all.

I don’t know what the problem is, based on the wiki page there should be no need to use switch rules for this basic tagging/untagging application, but after a few days of tinkering I’m no closer to understanding how the vlan-header field in swith works. Will be gratefull for any advice!

working config of “switch” 750gl:

[admin@MikroTik] /interface ethernet switch> pr
Flags: I - invalid 
 #   NAME      TYPE          MIRROR-SOURCE    MIRROR-TARGET    SWITCH-ALL-PORTS
 0   switch1   Atheros-8327  none             none

[admin@MikroTik] /interface ethernet switch port> pr
Flags: I - invalid 
 #   NAME            SWITCH            VLAN-MODE VLAN-HEADER    DEFAULT-VLAN-ID
 0   ether1          switch1           secure    leave-as-is                100
 1   ether2          switch1           secure    leave-as-is                110
 2   ether3          switch1           secure    leave-as-is                120
 3   ether4          switch1           disabled  leave-as-is               auto
 4   ether5          switch1           secure    leave-as-is               auto
 5   switch1-cpu     switch1           disabled  leave-as-is               auto

(eth5 is trunk, 1,2 and 3 are connected to a client which listens for untagged traffic)

[admin@MikroTik] /interface ethernet switch vlan> pr
Flags: X - disabled, I - invalid 
 #   SWITCH                            VLAN-ID PORTS                           
 0   switch1                               100 ether5                          
                                               ether1                          
 1   switch1                               110 ether5                          
                                               ether2                          
 2   switch1                               120 ether5                          
                                               ether3