Hello,
I’ve spent the last several hours frustratingly trying to set up what I thought would be a simple VLAN which eventually culminated in a factory reset . There seems to be too many ways to control VLANs, from the switch chip, ports, vlans, adding interfaces etc that frankly I have no idea what I’m supposed to be using here.
My scenario:
Switch 1 (main room):
7 devices on a regular unmanaged gigabit switch
Switch 2 (isolated room):
3 devices on a regular unmanaged gigabit switch,
RB951 (main room):
ether1: goes to a cable modem in telecoms closet
ether2: master port for ether3, ether4, ether5, 1 device connected
ether3: 1 device connected
ether4: not connected
ether5: connected to Switch 1
Switch 3 (telecoms closet)
Managed gigabit switch. Trying to use this.
Cable Info:
1 ethernet run from isolated room to telecoms closet
1 ethernet run from main room to telecoms closet
Goal: To allow Switch 1 and Switch 2 to exist on the same VLAN while still preserving internet access from the RB951 via the cable modem. Since there’s only a single cable run from the RB951 to the telecoms closet, I need to repurpose this cable to carry both data to and from Switch 2 and also the cable modem. Switch 3 supports 802.1Q VLANs and configurable port groupings etc. Traffic going to the devices connected to the RB951, Switch 1 / Switch 2 and the cable modem should have no VLAN header.
I imagine I need at least one or two new VLAN interfaces on the RB951, but then with the switch chip involved things get very confusing. Should I even need to use the switch chip? Do I need to bridge the VLAN interfaces? I’m really not even sure where to start with this as I already spent several hours trying all manner of configurations without much luck .
You need to configure a trunking port on your managed switch and establish two VLANs on that port. Call them 10 and 11 for this example. Plug the cable to the RB951 into this port, NOT the cable modem.
Next, configure a single port on your managed switch for VLAN 10, Configure all remaining ports for VLAN 11.
Connect the VLAN 10 port to your cable modem. Connect other devices on the switch to the remaining ports. Those other devices will be on VLAN 11. Neither the cable modem nor the other devices will receive a VLAN header because they are not plugged into the trunking port.
On the Mikrotik, create two VLAN interfaces and bridge them to eth1.
You will now have three usable interfaces on the RB951: VLAN 10, VLAN 11, and eth2.
VLAN 10 is your external Gateway interface.
VLAN 11 is the remaining devices in your telcom closet.
Eth2 is the rest of your network.
Do NOT do anything else with Eth1. That is your trunk port. It does not get an address, or a DHCP client.
At this point, you will probably need to treat VLAN 11 as a separate network segment, with it’s own DHCP server. I could be wrong, but I do not think it is possible to bridge VLAN11 to eth2. You will need to let the RB951 route traffic between those two segments, and setup a Masquerade rule such that it can do NAT for both the segment in your closet and the rest of your LAN. Unless you need broadcast traffic between your two segments, this should not be a problem.
EDIT: It MAY be possible to avoid the extra segment. You might try to assign VLAN 11 to Eth2, and see if that, in effect, bridges your entire network to VLAN 11.
Thanks for your post, I had a feeling I was going down the wrong track by changing all the switch chip VLAN stuff (which is how I ended up getting locked out of the router ). I do need all the devices to be in the same broadcast domain, but you’ve pointed me in the right direction so I’ll play around from there.
I managed to get the trunking working so the internet traffic goes through the VLAN but I haven’t been able to figure out how to get both switches and the local RB951 on the same VLAN / broadcast domain yet. If anyone else has any ideas I’d be glad to hear them!
Managed to get it all working! Seems there is no need to bridge the ether1 and VLAN interfaces. I managed to get the rest of the LAN on the VLAN by bridging ether2 with the VLAN interface that was attached to ether1. Unfortunately it seems there’s some not insignificant CPU overhead with this configuration as I can no longer max out my download speed and the CPU pegs at 99% during transfers. I do wonder if using the switch chip VLAN features is a more correct solution.
Oh well, gives me a reason to get the RB850Gx2 I guess..
. There seems to be too many ways to control VLANs, from the switch chip, ports, vlans, adding interfaces etc that frankly I have no idea what I’m supposed to be using here.
). I do need all the devices to be in the same broadcast domain, but you’ve pointed me in the right direction so I’ll play around from there.