Untagged VLANs: bug or mistake?

icanet · April 17, 2014, 2:41pm

Dear Board,

I have one RB2011Ui AS-RM (tested with RouterOS 6.7 + 6.11 + 6.12 ) and I like to configure some VLANs. It's the first time I try to use the Mikrotik Switch CPU because I'm interested in the wire speed performance. Now I discovered a strange phanomenon, hopefully someone could retry my configuration.

Objective:

I like to have untagged VLAN ports: ether3 (switch1) and ether9 (switch2), and I like to ping a special management IP address from that ports.

Configuration:
[admin@bkw] > interface ethernet print
Flags: X - disabled, R - running, S - slave

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 R ether1-master 1500 D4:CA:6D:0B:A4:0F enabled none switch1
1 S ether2-slave 1500 D4:CA:6D:0B:A4:10 enabled ether1-master switch1
2 S ether3-slave 1500 D4:CA:6D:0B:A4:11 enabled ether1-master switch1
3 S ether4-slave 1500 D4:CA:6D:0B:A4:12 enabled ether1-master switch1
4 RS ether5-slave 1500 D4:CA:6D:0B:A4:13 enabled ether1-master switch1
5 R ether6-master 1500 D4:CA:6D:0B:A4:14 enabled none switch2
6 S ether7-slave 1500 D4:CA:6D:0B:A4:15 enabled ether6-master switch2
7 RS ether8-slave 1500 D4:CA:6D:0B:A4:16 enabled ether6-master switch2
8 S ether9-slave 1500 D4:CA:6D:0B:A4:17 enabled ether6-master switch2
9 S ether10-slave 1500 D4:CA:6D:0B:A4:18 enabled ether6-master switch2
10 sfp1 1500 D4:CA:6D:0B:A4:0E enabled none switch1

[admin@bkw] > interface vlan print
Flags: X - disabled, R - running, S - slave

NAME MTU ARP VLAN-ID INTERFACE

0 R vlan-100-ether1 1500 enabled 100 ether1-master
1 R vlan-100-ether6 1500 enabled 100 ether6-master

[admin@bkw] > interface bridge print brief
Flags: X - disabled, R - running

NAME MTU

0 R switch1-switch2-master 1500

[admin@bkw] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic

INTERFACE BRIDGE PRIORITY PATH-COST HORIZON

0 vlan-100-ether1 switch1-switch2-master 0x80 10 none
1 vlan-100-ether6 switch1-switch2-master 0x80 10 none

[admin@bkw] /ip> address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 192.168.27.254/24 192.168.27.0 switch1-switch2-master

[admin@bkw] > interface ethernet switch vlan print
Flags: X - disabled, I - invalid

SWITCH VLAN-ID PORTS

0 switch2 100 ether9-slave
switch2-cpu
1 switch1 100 ether3-slave
switch1-cpu

[admin@bkw] > interface ethernet switch port print
Flags: I - invalid

NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID

0 sfp1 switch1 disabled leave-as-is auto
1 ether1-master switch1 secure always-strip 10
2 ether2-slave switch1 disabled leave-as-is auto
3 ether3-slave switch1 secure always-strip 100
4 ether4-slave switch1 disabled leave-as-is auto
5 ether5-slave switch1 disabled leave-as-is auto
6 ether6-master switch2 secure always-strip 10
7 ether7-slave switch2 disabled leave-as-is 0
8 ether8-slave switch2 secure always-strip 100
9 ether9-slave switch2 secure always-strip 100
10 ether10-slave switch2 disabled leave-as-is 0
11 switch1-cpu switch1 disabled leave-as-is auto
12 switch2-cpu switch2 disabled leave-as-is 0Problem:

If I connect my laptop (192.168.27.9/24) to ether9 => I can ping 192.168.27.254.
If I connect my laptop (192.168.27.9/24) to ether3 => I can't ping 192.168.27.254.

I tried also to bind the management IP address on ether1-master or vlan-100-ether1 but the behaviour doesn't change.

IMHO everything for switch2 should also work with switch1, but it doesn't. I can't see any misconfiguration in my configuration.

Maybe someone could point out my mistake or retry and validate if there is a bug?

Thanks
Sebastian

CelticComms · April 17, 2014, 5:07pm

Your cpu port settings are different on each switch. If I understand what you are doing try setting both to “secure” and get rid of that auto setting for default VLAN on switch1.

icanet · April 22, 2014, 1:39pm

Hi,

you pointed out to a mistake in my configuration which I didn’t note. After hopefully changing this parameter I could say it isn’t working either. Additionally I noticed that the management IP address is only reachable from my Windows 7 laptop. Trying to ping this IP from my Linux Laptop would’n return any result (with tcpdump I see the arp reply, but thats all => very strange effect).

To summarize what I’m like to do:

I like to have untagged VLAN ports (“access ports”) which should be communicate to a management IP address. Until now I didn’t succeed into a working configuration.

I’d like to use ports from the two different switch CPUs as “access ports” to connect to the same management IP address.

Any help is appreciated.

Thanks!
Sebastian

CelticComms · April 22, 2014, 6:51pm

Try uploading the full current config and indicate which management IP you want to contact from which ports.

icanet · April 23, 2014, 8:46am

Hi Celtic,

I hope this is all you need. Maybe I didn't got the difference between the switch_cpu and the ethernet master port? IMHO they belong together, but working on a different layer => switch_cpu over master port.
[admin@bkw] > export

jan/02/1970 00:00:49 by RouterOS 6.12

software id = F2F5-LBFS

/interface bridge
add l2mtu=1594 name=switch1-switch2-master
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master poe-out=off
set [ find default-name=ether2 ] master-port=ether1-master name=ether2-slave
set [ find default-name=ether3 ] master-port=ether1-master name=ether3-slave
set [ find default-name=ether4 ] master-port=ether1-master name=ether4-slave
set [ find default-name=ether5 ] master-port=ether1-master name=ether5-slave
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master name=ether7-slave
set [ find default-name=ether8 ] master-port=ether6-master name=ether8-slave
set [ find default-name=ether9 ] master-port=ether6-master name=ether9-slave
set [ find default-name=ether10 ] master-port=ether6-master name=ether10-slave
/interface vlan
add interface=ether1-master l2mtu=1594 name=vlan-100-ether1 vlan-id=100
add interface=ether6-master l2mtu=1594 name=vlan-100-ether6 vlan-id=100
/interface ethernet switch port
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 6 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 8 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 9 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 11 default-vlan-id=0
/interface bridge port
add bridge=switch1-switch2-master interface=vlan-100-ether1
add bridge=switch1-switch2-master interface=vlan-100-ether6
add bridge=switch1-switch2-master interface=ether1-master
add bridge=switch1-switch2-master interface=ether6-master
/interface ethernet switch vlan
add ports=ether9-slave,switch2-cpu,ether8-slave switch=switch2 vlan-id=100
add independent-learning=no ports=ether3-slave,switch1-cpu switch=switch1
vlan-id=100
/ip address
add address=192.168.27.254/24 comment=MNGT interface=switch1-switch2-master
network=192.168.27.0Thanks!

Sebastian

coryh · September 30, 2014, 12:37am

Did you ever find a resolution to this? I am having a similar issue with not able to reach the router from a Linux host but windows is ok.