VLAN and Cisco trunk

nordex · August 4, 2007, 5:55pm

Hello, I’m running simple VLAN config for test purposes.

2.9.43 on pc.

VLAN and Trunk generally works ok.

On Cisco 2950 I have 2 vlans and trunk.
On Mikrotik I have one ethernet interface and 2 VLAN interfaces defined on it.

If every vlan interface has it’s own ip address, things are ok.

BUT.
If I put those 2 vlans in a bridge, and give that bridge ip address, instead one per vlan interface,
than ping reply times look something like:

time<1ms
time=3000ms
time<1ms
time out
time out
time<1ms

It’s not loop since bandwidth is only few kb’s per interface.

So, what am I missing here ?

sdischer · August 4, 2007, 6:19pm

As you found out you can’t do that. Don’t mix vlans and bridges this way. .1Q relies on tagging and untagging the frames and when you bridge the subinterfaces, it confuses this. Why would you want to do that? Maybe I am missing something but I bet there is a better ay to do this if I knew what you were trying to accomplish.

nordex · August 4, 2007, 7:45pm

Hi, I need all vlans on one interface (connected to trunk) so I can read vlan tag from radius.

I’m building hotspot, this way I will know from which room customer is logging in.

tneumann · August 5, 2007, 11:38am

nordex,

we’ve been discussing this a few months ago,
see http://forum.mikrotik.com/t/is-it-possible-identify-by-switch-port/12397/1

Did you follow all the suggestion I made in that previous discussion?
Especially the

add chain=forward in-bridge=bridge1 out-bridge=bridge1 action=drop comment="" disabled=no

part? And it is extremely important that you do not include the physical interface
itself as a member of the bridge…

–Tom

nordex · August 6, 2007, 1:01pm

Tom, tnx for the reply.

Yes, this is the same issue I was writing few months ago.

I’ve followed your instructions :

-created few vlans (cisco catalyst 2950)
-created trunk port
-created vlan interfaces under one physical interface
-put vlans into same bridge (but without physical inter. himself)
-give bridge an ip address.
-set filter rule :add chain=forward in-interface=bridge1 out-interface=bridge1 action=drop comment=“” disabled=no

when I try to ping pc from router or vice versa I get
ping replies like:

time<1ms
time=3000ms
time<1ms
time out
time out
time<1ms

Obvious problem is on bridging.
If every vlan has it’s own ip address, everything works fine.
But if you put them in a bridge, pings go crazy.

any idea on this ?

nordex · August 7, 2007, 2:51pm

SOLVED
I was tired when I was reading Tom’s reply so
I set a rule on a firewall filter instead on a bridge filter. dumb me.

everything works fine now.

Tom, since you have similar hotspot configuration, would you please contact me
on boris@dubrovnik-hotspot.com for some consultations.

For certain fee, of course !

amtisrac · September 19, 2007, 10:48am

I have a 100Mbit link (by T-Mobile) with vlan. I know the ID, the connection is working, but very slow… Maximum 15Mbit and not so stable. I try 3com lan card, realtek 8139 card and any other supported via chipset based card with the same result. When I using a cisco r3400 vlan switch the link is ok, I can use 100Mbit. Have you idea what is the problem with the MT’s vlan? I don’t use bridge, bgp etc only pure static routing! (I don’t like use the cisco stuff!)

nordex · September 19, 2007, 1:38pm

what is value of MT board cpu usage ?

amtisrac · September 19, 2007, 5:39pm

Solved!
The problem was on the T-mobile system!