Trunking bridged VLANS

RouterOS Beginner Basics
1

Hi everybody,
I am very new here and I have a RB3011 since one week. I am not very familar with this and I am trying to configure VLANS without success.

Here the speps I tried:

  • setup a bridge (br01)
  • setup a VLAN (vlan 10) binded to br01
  • ether4 binded to br01
  • setup a dhcp Server on br01
  • setup a bridge (br02)
  • setup a VLAN (vlan 20) binded to br02
  • ether5 binded to br02
  • setup a dhcp Server on br02

and now I come into issues. I do not understand how to trunk vlan10 and vlan20 trought SFP to my cisco switch so that I can use the vlans on the switch. I tried several configs but nothing works.

The problem i not the cisco switch, it is the configuartion on the mikrotik. If I add the vlans directly to the sfp and if i will configure a dhcp directly to the vlan interfaces, it works. Only the combination with bridges will not work and I do not now how to do this.

Can anybody help here? What is the keyword I have to search for, or does anybody has an example how this should be configured?

Thanks a lot,
Christian

2

Hi,
it´s me again:

I think my problem is to find the right approch and I am asking for support:
I red several howtos and wikis but I did not find the right way. I am runnung OS6.42 on my RB3011.

I am not sure if it is correct to manage all the ports (physical and virtual) over a bridge. I tried to put the vlans into one bridge and gave each vlan a separate dhcp server, but this causes other issues:
A client which former run in vlan10 will get an ip address from vlan 10, although it is currently
connected to vlan20. And, all devices in vlan10 can ping devices in vlan 20 and the other way around!
This seems to be a suspicious and I do not understand what is going on.here.

I do not have a running config at the moment, but maybe someone can help with an example.

The “master” question is:
How can I trunk the vlans from two bridges:

br1: ether2, vlan10, dhcp: 172.16.10.0/24
br2: ether3, vlan20, dhcp: 172.16.20.0/24

througt the SFP port to my cisco devices.

Thanks in advanced,
Christian

3

Please don’t put VLAN interfaces in a bridge with a physical interface, that is known to cause issues:
https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_in_bridge_with_a_physical_interface

You should follow this guide for RB3011 to achieve wirespeed VLAN switching performance:
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#VLAN_Example_1_.28Trunk_and_Access_Ports.29

4

Hi,
thanks for your support! I will try the example after my business trip during next week!
Christian.

5

Hi,
I checked the guide below but this does not work for me because I cannot add sfp1 as trunk port. Seems to be that only ether1 to ether10 are available in the switch config!

/interface ethernet switch vlan
add ports=sfp1,ether3 switch=switch1 vlan-id=200
add ports=sfp1,ether4 switch=switch1 vlan-id=300
add ports=sfp1,ether5 switch=switch1 vlan-id=400

Does anybody has an idea?
Christian

6

Hi,
puuh, it looks like that RB3011 doesn´t support this feature for SFP1 anymore! The older RB2011 does! Is it correct?
Does anyone knows how I can manage this? I have to use SFP as the trunk-port for the connection to my Cisco switch.

Thanks,
Christian
MikroTik Wiki.png

7

Hi,
noone an idea to go foeward with this?
Christian

8

Moin,
ok, I found a way but I am not sure if this is the best approach!

add 5 VLANS on sfp1

  • vlan1


  • vlan10…vlan50

add 5 bridges

  • br-admin


  • br-vlan10…br-vlan50

add port to bridge

  • ether2 to br-amin


  • vlan1 to br-admin


  • ether4 to br-vlan10


  • ether5 to br-vlan10


  • ether9 to br-vlan20


  • ether10 to br-vlan20


  • vlan10 to br-vlan10


  • vlan20 to br-vlan20


  • vlan30 to br-vlan30


  • vlan40 to br-vlan40


  • vlan50 to br-vlan50

add networks

  • 192.168.01.0/24 to br-admin


  • 192.168.10.0/24 to br-vlan10

  • 192.168.50.0/24 to br-vlan50

add dhcp server and pool

  • dhcp-admin on br-admin


  • dhcp-vlan10 on br-vlan10

  • dhcp-vlan50 on br-vlan50

Cisco Switch is connected via SFP1 and vlans are available on the switches.

It seems to be working but as i mentioned, I am not sure if this is the best configuration.
Next step would be to connect the VLANS to the internet over ether1 and to route between some vlans.

Can someone check my way, or is there a more efficient way?
Christian

9

I am thinking of using VLANS as well but my prior knowledge is not helping.
I always understood that VLANS are not an entity to itself. One cannot just create VLANs.
Virtual means its actually using a host somewhere of some sort.
In this case AN EXISTING LAN is being used or being piggybacked by a VLAN structure.

So I would suspect the following is required.
Ether1 - WAN
Ether2 - Bridge 1 (standard LAN)
Ether3 - member of Bridge 1 (standard LAN)
Ether4 - Bridge 2 (Secondary LAN)
Ether5 - member of Bridge 2 (secondary LAN)

Each Bridge has its own DHCP service
Bridge1 192.168.0.1 etc.
Bridge 2 192.168.2.1 etc

Now I can choose which VLANS I create and which HOST LANS they will use to symbiotically piggyback on.
This is the step I do not know how to identify (easy with current router which has a specific selection for host LAN).

Create VLANS and associated VLAN networks with associated DHPC service.
VLAN10 - DHCP 192.168.10.1 etc
VLAN20 - DHCP 192.168.20.1
VLAN 30 - DHCP 192.168.30.1
VLAN 40- DHCP 192.168.40.1

Assign VLANS to LAN of choice etc… HOW???

Lets say using VLAN10 and 30 over Standard LAN
Lets say using VLAN20 and 40 over Secondary LAN.

How do I setup up interfaces or identify them as specific types of ports (trunk or not)???

10

1 set up a new bridge “sfp1-trunk”
2 go to interface vlan and create Vlans “sfp1-vlan10” vlan id 10 interface sfp1-trunk.
3 repeat step 2 for vlan20
4 create bridges “vlan10 bridge” and “vlan20 bridge”
5 add physical ports (ether to 10) to the respective vlanxx bridges
6 assign IP address to the vlanxx bridges
7 add “sfp1-vlan10” to "vlan10 bridge & “sfp1-vlan20” to “vlan20 bridge”
8 add port sfp1 to “spf1-trunk”

U should be able to get the vlan trunk on the sfp1 to your Cisco now.



Sent from my SM-N9005 using Tapatalk