Hi Everyone
this is my first time working with vlan so please bear with me my ignorance , my network consist of a unifi switch which connect three apartments and is trunked into my mikrotik 750GL ver 6.47.4
after setting up the unifi switch with vlans and then setting up the vlan interfaces on bridge on mikrotik which contain the trunk port ether2 which is connected to port 1 on my unifi switch the network is not stable at all sometimes it connects and sometime it does not. please tell me what i’m messing ( i think i need extra configuration in the bridge vlan table ). i have attached my entire configuration screenshot of the unifi switch and an export of the configuration of the router. right now i turned off the vlans on the unifi switch and disabled the vlans interface on the router.
p.s. i use pppoe from the mikrotik router to get to the internet
p.s. i ready the documentation like a hundred times but it very confusing. myconfig.rsc (8.9 KB)
Agree with erlinded, you config is really messed up in structure (mixing vlans bridges addresses etc…) and get rid of upnp settings.
Use the reference and then post another attempt.
ex. four VLans identified but only 3 with all the settings required
ex. putting vlans on a bridge but then providing settings for bridge and vlan (cant do both)
ex. ether2 cant be on bridge but have its own ip address
@anav: I didn’t want to reply here because I was trying to help this guy in some other place and I hoped that another pair of eyes will notice the issue. I went through it and couldn’t spot any mistake (I missed the IP on Ether2 which should be on bridge, but that shouldn’t cause issues with VLANs themselves. In the worst case, it would lead to broken native/untagged traffic).
I know you can often spot mistakes in the config and you got enough experience with bridge and vlans, but in this case, I believe you replied with premature conclusion. Could you please look at it again? As a small favor for the young pony? I will send you nice drawing if you do
Hmm I already pointed out the errors, but okay since you stroked my…
ego.
(1) Okay so vlan881 please dont name it vlan1 that is so confusing LOL. Call it vlanISP if anything as its required to connect to the ISP.
(2) Config is incomplete and confusing.
a. assigned vlans to bridge’
b. assigned a subnet to the bridge
c. assigned subnet to the vlans
So you have a potential conflict assigning subnets to both the bridge and vlans on the bridge.
Remember ether5 is an independent subnet which is fine.
But its not clear WHO is getting the bridge subnet, aka is it users on etherports 2,3,4 ???
(3) Where is vlan filtering=yes???
(4) Where are bridge vlan settings ???
(5) Are the Bridge ports trunk ports or access ports???
Small flaw of that list is that it doesn’t include THE problem:
Just because the name confuses you, it’s not wrong.
It looks like simple pre-‘bridge vlan filtering’ style config and it should work.
3&4) See 2)
Hybrid trunk & untagged, nothing clearly wrong.
Obvious and also harmless.
That said, I don’t see the problem either.
Easy fix for any possible confusion about bridges and vlans, if there’s just one switch and only one cable to it from router, then get rid of bridge, move vlan interfaces directly to ethernet port connected to switch, and it becomes dead simple. Not that I’d think it would help.
@sob: thank you thank you thank you! First person saying that I didn’t go crazy. btw:my last suggestion to OP in different conversation was exactly as yours - remove the bridge to minimize possible impact. He didn’t reply yet so we will wait.
@anav: Great. Now we are talking Sorry for stroking your ego. Next time I may stroke something else
Lets go through all points if you don’t mind:
Ok, naming convention. Not an actual issue. (I agree it is weird as heck that ISP will bring PPPoE in VLAN but hey… allegedly it works)
What should be missing? this is full export…
a. I don’t see a problem with this. Every bridge with VLANs will look this way
b. Uhm… thats just a simple native/untagged network. Not sure what should be wrong?
c. sure, those subnets are different. vlan 30 has subnet 192.168.30.0/24 vlan 20 has subnet 192.168.20.0/24 etc etc… Again not sure whats wrong with that.
So you have a potential conflict assigning subnets to both the bridge and vlans on the bridge.
Do I have a conflict? I mean those subnets are not overlapping. Bridge interface is for untagged network while each VLAN interface is for separate tagged networks.
Remember ether5 is an independent subnet which is fine.
Yup, aware of that. OP created that on purpose to safely log into the router while he plays with bridge and vlans.
vlan-filtering is a questionable point. My understanding so far is, that as long as all bridge-ports are trunk, you don’t need vlan-filtering. it is needed only if you need an edge/access ports. (please correct me if i am wrong).
If you don’t have vlan-filtering, you don’t need vlan settings. I hope we can agree on that (it wont be applied anyway with vlan-filtering=no). All ports will behave as trunks.
I guess we should start with this.. Clarify what the heck is OP trying to achieve:
Ether1 = WAN (well, actually WAN is the PPPoE in VLAN)
Ether2, Ether3, Ether4 = trunk ports. Only Ether 2 currently used and connected to the trunk port on Unifi switch.
Ether5 = management interface
yes, already agreed.
What drives me crazy is, that I actually have the same config on my network, working perfectly fine (coincidentally with Unifi switch, same as OP). Due to that, I can’t really figure out what could be wrong if this thing works in one environment and does not work in other…
can mean anything. What I learned so far (generally) is that I can’t believe users anything, except maybe that they do have router and it’s turned on. Typical example is something like “internet doesn’t work at all!”, while in reality internet works great and it’s just some problem with one dns server they happen to be using. So how exactly it’s unstable and it doesn’t connect would deserve better explanation.
Btw, naughty pony! Isn’t it enough that internet is full of indecent pictures of you? But I guess it’s not wrong for you hoofed creatures to be attracted to each other.
I couldn’t agree more. Unfortunately I don’t know anything further (yet). I provided reasonable step-by-step guide to OP so we can narrow down the issue (you know - ping this, ping that, connect here and there) but again, it was afternoon/evening so he didn’t get back to me yet.
Btw, naughty pony! Isn’t it enough that internet is full of indecent pictures of you? But I guess it’s not wrong for you hoofed creatures to be attracted to each other.
I am naugthy and I am proud of it. What ponies and donkeys do to each other does not concern humans.
Per diagram in original post, only ether2 is connected … to unifi switch which is supposed to split that trunk to a few access ports.
I believe that MT should work just fine even though bridge is configured as non-VLAN aware. Which leaves the other end (unifi) to be checked whether trunk port is properly configured. I can’t tell that from the screenshots posted (port1 config is not clearly shown and even if it was, I wouldn’t know as I have none experience with unifi).
