I’am having problems configuring VLANs on RB260gs, here is what I want:
Port 5 - a trunk port to a cisco 6500 with VID 2,200,300
Port 4 - a access port to client ( untag VID 200 )
Port 3 - a access port to client ( untag VID 300 )
VID 2 is the management vlan.
I think i tried all the possible combination on the VLAN and VLANs tabs but with no succes..
How i think it should be done:
On VLAN tab:
port 5 - vlan enabled
port 5 - accept only tagged
port 5 - leave as is
port 4 - vlan enabled
port 4 - accept only untagged
port 4 - leave as is
port 3 - vlan enabled
port 3 - accept only untagged
port 3 - leave as is
On VLANs tab:
VID 2:
not member on 1-4 ( since is the management vlan ), on port 5 add if missing.
VID 200:
not member on 1-3 ( not used ports, or used for other vlan ), on port 4 always strip and on port 5 add if missing.
VID 300:
not member on 1-2,4 – on port 3 always strip and on port 5 add if missing.
It doesn’t work how I described above, how should this be done ?
On the system tab, in order to make vlan 2 the management vlan, should I uncheck the ports or just enter vid 2 below ?
I managed to solve the vlan problem but now i’am stuck at the management vlan …
It is posible to assign the management ip address to VID 200 for example ?
Till now on host table i can see the CPU mac only on VLAN 1 and do not respond from any other vlan no mather how i would try to achive that.
I also tried to make port 3 an access port to vid 200 ( untagged ), plugged a host to it and try to ping the rb260gs but with no success. I need to mention that vid 200 is correctly configured since i can ping other devices on that vlan from the host connected to port 3.
Note that the switch will respond to http requests to its IP address on all ports. This behavior is a bit different than Cisco IOS that responds to untagged traffic via an IP bound to Vlan 1.
NOTE: Once you set port 1 to “trunk” mode, you will not longer be able to communicate with the switch unless you create a Vlan1 on your router.
NOTE: You must also create Vlan1 but it is not necessary to assign it to any ports, just create it.
NOTE: The management IP for the switch is handled a bit differently. You must create a Vlan1 with ID=1 on the physical interface that will trunk to the switch. Then bind your management IP to that Vlan1 interface.
The reason i have a special vlan for management is because I want to isolate this traffic as much as possible. The actual topology do not allow me using VID 1 for management.
I think there is no way to move management to VID 2 for example or make the switch answer requests coming from VID 2, is that correct ?
We are looking into this problem - RB260GS itself cannot be accessed from any VLAN.
With fixes in new firmware Management VLAN should work by setting “Allow From VLAN” = 2.
After doing some research into this problem i discovered:
on rb260 i configured the uplink port to accept only tagged frames.
switch accept connections coming from VID 2 but it answer them on vid 1 ( guess ) untagged.
in order to make the mangement work ( a workaround ) I tagged VID 2 on the cisco device and put the port native vlan 2 in order to send the frames tagged on vid 2 and receive them also on vid 2.
the problem with this setup is that i cannot forward vid 2 to other devices connected to mikrotik ( i will double tag this ), so i’am forced to create a separate vid that will be used only for rb260gs management and will always end to it.
@becs - when this firmware will be released ? now i’am running 1.8