Hi Guys,
Can you help me figure out how to make a configuration for this scenario?
I have a device that has a management vlan of 100.
My laptop does not support VLANs
I want to put a RouterBoard in between the two devices with a bridge and tag all the packets coming from the laptop to the device with the management vlan with a vlan id of 100. How can I configure the routerboard to do this?
Any help would be gratefully received.
Thanks guys.
See the VLAN link in my signature.
Laptop —> Ether1 - Ether2 ----> Network
In this scenario (Ether1/Ether2 being your bridge Mikrotik) you’d create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. This will tag/strip for your laptop.
This approach is strongly discouraged since 6.41
Despite the fact VLAN interface supports L2 and can be bridged, It should not be used that way unles really necessary. Reason is, that it will simply tag everything including BPDU etc…
Bridge now supports VLAN tagging so you can relatively easily achieve tagging purely with the bridge between Ether1 and Ether2 where you configure Ether2 as tagged (trunk) and Ether1 as untagged (access) ports…
On the page I linked, there is presented code for correct solution so all you need is adjust it to your needs (change VLAN id and )
Hi Guys,
I managed to make this work using the not advised method. However, I am now trying to do it correctly as reccoemended and I just am not getting it right.
Basically, in this lab I want to get R1 (192.168.100.1) to ping R3 (192.168.100.2).
R2 has the bridge setup.
R1 e3 is connected to R2 e3 via ethernet
R2 e4 is connected to R3 e4 via ethernet
Here is the config, can you spot where i’m going wrong.
Thanks
R1
[admin@R1] > /interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP
0 R ether1 - Internet 1500 0C:83:4F:31:99:00 enabled
1 R ether2 1500 0C:83:4F:31:99:01 enabled
2 R ether3 - R1 --> R2 1500 0C:83:4F:31:99:02 enabled
3 R ether4 1500 0C:83:4F:31:99:03 enabled
4 R ether5 1500 0C:83:4F:31:99:04 enabled
[admin@R1] > /interface vlan export verbose
# feb/18/2019 11:37:38 by RouterOS 6.43.8
# software id =
#
#
#
[admin@R1] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 D 192.168.49.137/24 192.168.49.0 ether1 - Internet
1 192.168.100.1/24 192.168.100.0 ether3 - R1 --> R2
[admin@R1] > /interface bridge export verbose
# feb/18/2019 11:37:38 by RouterOS 6.43.8
# software id =
#
#
#
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
[admin@R1] >
R2
[admin@R2] > /interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP
0 R ether1 1500 0C:83:4F:9C:D5:00 enabled
1 R ether2 1500 0C:83:4F:9C:D5:01 enabled
2 RS ether3 - R2 --. R1 1500 0C:83:4F:9C:D5:02 enabled
3 RS ether4 - R2 --> R3 1500 0C:83:4F:9C:D5:03 enabled
4 R ether5 1500 0C:83:4F:9C:D5:04 enabled
[admin@R2] > /interface vlan export verbose
# feb/18/2019 11:37:48 by RouterOS 6.43.8
# software id =
#
#
#
[admin@R2] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
[admin@R2] > /interface bridge export verbose
# feb/18/2019 11:37:48 by RouterOS 6.43.8
# software id =
#
#
#
/interface bridge
add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes dhcp-snooping=no disabled=no ether-type=0x8100 fast-forward=yes forward-delay=15s frame-types=admit-all igmp-snooping=no \
ingress-filtering=no max-message-age=20s mtu=auto name=bridge1 priority=0x8000 protocol-mode=rstp pvid=1 transmit-hold-count=6 vlan-filtering=yes
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridge1 broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=\
"ether4 - R2 --> R3" internal-path-cost=10 learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=100 restricted-role=no restricted-tcn=no \
tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge1 broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=\
"ether3 - R2 --. R1" internal-path-cost=10 learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no \
tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface bridge vlan
add bridge=bridge1 disabled=no tagged="ether3 - R2 --. R1" untagged="ether4 - R2 --> R3" vlan-ids=100
[admin@R2] >
R3
[admin@R3] > /interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP
0 R ether1 1500 0C:83:4F:20:99:00 enabled
1 R ether2 1500 0C:83:4F:20:99:01 enabled
2 R ether3 1500 0C:83:4F:20:99:02 enabled
3 RS ether4 - R3 --> R2 1500 0C:83:4F:20:99:03 enabled
4 R ether5 1500 0C:83:4F:20:99:04 enabled
[admin@R3] > /interface vlan export verbose
# feb/18/2019 11:38:09 by RouterOS 6.43.8
# software id =
#
#
#
/interface vlan
add arp=enabled arp-timeout=auto disabled=no interface="ether4 - R3 --> R2" loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mtu=1500 name=vlan1 \
use-service-tag=no vlan-id=100
[admin@R3] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.100.2/24 192.168.100.0 vlan1
[admin@R3] > /interface bridge export verbose
# feb/18/2019 11:38:09 by RouterOS 6.43.8
# software id =
#
#
#
/interface bridge
add ageing-time=5m arp=enabled arp-timeout=auto auto-mac=yes dhcp-snooping=no disabled=no fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s mtu=auto name=bridge1 \
priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridge1 broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=\
"ether4 - R3 --> R2" internal-path-cost=10 learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=100 restricted-role=no restricted-tcn=no \
tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge1 broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=no interface=vlan1 \
internal-path-cost=10 learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=100 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no \
unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface bridge vlan
add bridge=bridge1 disabled=no tagged="" untagged="" vlan-ids=""
[admin@R3] >
On R2 you have this:
/interface bridge port
add bridge=bridge1 interface=ether4 pvid=100 ingress-filtering=no frame-types=admit-all
add bridge=bridge1 interface=ether3 pvid=1 ingress-filtering=no frame-types=admit-all
/interface bridge vlan
add bridge=bridge1 tagged=ether3 untagged=ether4 vlan-ids=100
(I’ve cleaned the non important settings).
Which essentialy state that ether3 (connection towards R1) should be trunk with frames tagged with VID=100.
Then on R1 you have this:
Yup, that’s right, nothing about VLANs. Which would be fine if you connected R1 to ether4 on R2 (which is set up as access port for VLAN with VID=100).
Configuration on R3 is not correct either:
/interface bridge port
add bridge=bridge1 frame-types=admit-all ingress-filtering=no interface=ether4 pvid=100
add bridge=bridge1interface=vlan1
/interface bridge vlan
add bridge=bridge1 tagged="" untagged="" vlan-ids=""
The last line actually says you don’t want to deal with any VLAN on this device. The second port on /interface bridge port, adding vlan1 virtual VLAN interface back to the bridge just loops all the traffic around (you configured vlan1 interface in /interface vlan and no other playing with it should happen).
Configuration on R3, regarding ether4, should be same as for ether3 on R2 … with addition that bridge1 should also be tagged member of that VLAN so that vlan1 interface would actually start seeing tagged frames with VID=100.
And that’s not the end of story, your config example shows mighty lack of VLAN understanding. Either in general or at least how things are handled in ROS. In later case have a look at this topic.
You are correct. I really don’t get it in ros at the moment. I’m trying to figure it out.
Imma go and check out your linked topic. Would someone give me a correct config for this lab so that I can see actually how this should be done and have a working example to play with?
Any and all help given really is appreciated as I work to crack the back of this.
Thanks guys
Sent from my iPhone using Tapatalk
I think mkx gave you the advice you needed.
After implementing post your config here so we can look at it..
/export hide-sensitive file=myconfig