VLAN confusing to me.

Billias · July 3, 2016, 12:43pm

Hi all,

I am used on Openwrt and Cisco routers / Linux VLANs, but something is driving me crazy to this mikrotik RouterOS. I cannot setup properly the VLANs and the switching.

I want to have 3 VLANs:

VLAN 10 - Home Lan
VLAN 20 - WIFI
VLAN 101 - DMZ
How can I properly configure a port to have:
Tagged: 20, 101
Untagged: 10?

I used the guide: http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN#Properties

But the defualt vlan goes “crazy”. It seems like the Switching setup is not working properly? or I am doing something wrong (mostly the last)

Can somebody help?
Thank you,
V

Billias · July 3, 2016, 8:23pm

I use Ether5 for tests.

I have some results, but without ether 5 belonging on the group of the other Ethernets:

here is the example:

/interface bridge
add name=bridge-vlan200
add name=bridge-vlan201
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether5 name=ether5-vlan201 vlan-id=201
add interface=bridge-vlan200 name=vlan200 vlan-id=200
add interface=bridge-vlan201 name=vlan201 vlan-id=201
/interface ethernet switch port
set 3 vlan-mode=secure
set 4 default-vlan-id=200 vlan-mode=check
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pool200 ranges=10.10.200.10-10.10.200.100
add name=pool201 ranges=10.10.201.10-10.10.201.100
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master name=\
    defconf
add address-pool=pool200 disabled=no interface=bridge-vlan200 name=server200
add address-pool=pool201 disabled=no interface=bridge-vlan201 name=server1
/interface bridge port
add bridge=bridge-vlan201 interface=vlan201
add bridge=bridge-vlan200 interface=ether5
add bridge=bridge-vlan200 interface=vlan200
add bridge=bridge-vlan201 interface=ether5-vlan201
/interface ethernet switch vlan
add independent-learning=no ports=ether5,switch1-cpu switch=switch1 vlan-id=\
    200
add independent-learning=no ports=ether5,switch1-cpu switch=switch1 vlan-id=\
    201

Am I doing something wrong? (the vlans are not as the ones I mentioned, as I am testing things.)

Sob · July 4, 2016, 12:14am

There are two different types of VLANs in RouterOS:

Software VLANs in “/interface vlan”. They behave as network interfaces. You put them on physical interface and they give you access to tagged traffic on that interface. You can use them when you want to do routing between VLAN(s) and anything else. You don’t want them for standard switching. They can be bridged, but it’s not good for performance.
Hardware VLANs in switch chip. This should be same kind of high-performance VLANs as in normal switches.

I have close to none experience with 2). All I can say is that I found the config really, really confusing. I’m also not sure how mixing those two types of VLANs work (but that’s part of my mentioned confusion). In other words, I can’t really help you. But at least this brief intro gives your thread a bump up.

Billias · July 4, 2016, 5:10am

I found after tracing traffic, that Swithc VLAN is not changing the default vlan, on any Option (disabled… etc) and even if I strip or not the vlan.
That confuses me.

When I removed the port ether5 from master port 2, and joined it to Bridge200 which is member with the vlan200 then the “native” vlan changed"
It seems something is not working with the switch, Or I am wrong

Edited (I prefer instead of replying):
One of the issues is, If I group the ports on the switch, they get their VLAN settings from their group owner.
If I ungroup them, it seems like the ports are not switching properly between them, and they use the software vlan handling.
So if i use the same vlan and they are not on the same group, the VLANs cannot talk to each other.