VLAN not working on CRS305-1G-4S+

Methraton · September 1, 2024, 2:43am

Hi,

I have a problem with my VLAN setup where untagged traffic from interface sfp-sfpplus4 does not receive an IP from the DHCP server on VLAN50 ( instead, it’s getting IP from VLAN1), in my understanding, traffic should be tagged by the crs305.

Here’s my setup, there must be something wrong with it but I can’t see it

/interface bridge
add name=BR1

/interface list
add name=WAN
add name=LAN

/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=50
add bridge=BR1 interface=sfp-sfpplus1
add bridge=BR1 interface=sfp-sfpplus2
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=50

/interface bridge vlan
add bridge=BR1 tagged=sfp-sfpplus1 untagged=sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BR1 vlan-ids=50
add bridge=BR1 tagged=sfp-sfpplus1 vlan-ids=100

/interface list member
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=WAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN

/ip dhcp-client
add interface=BR1

/ip hotspot profile
set [ find default=yes ] html-directory=hotspot

/ip service
set telnet disabled=yes
set api disabled=yes

/system identity
set name=Crs305

/system leds
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes

/system leds settings
set all-leds-off=immediate

/system note
set show-at-login=no

/system routerboard settings
set boot-os=router-os

Thanks !!

mkx · September 1, 2024, 10:04am

Unless bridge has vlan-filtering=yes set, all VLAN-related settings on bridge and member ports are ignored (this includes PVID setting).

Methraton · September 1, 2024, 10:34am

yes, true !

Thing is, with the vlan filtering activated , my server on sfp-sfpplus4 can’t reach any DHCP server ( which comes from sfp-sfpplus2 ).

So I guess my vlan setup is incorrect but can’t see how exactly

Methraton · September 1, 2024, 10:42am

While reading my initial post, I realize that I left some things out that could help in the understanding of the setup.

ether1 => not used at the moment but planned to be used for some extra 1G connectivity if needed
sfp-sfpplus1 => will be connected to another switch will tagged traffic, so this port is a trunk
sfp-sfpplus2 => connected to my router which runs a DHCP server per VLAN , also trunk
sfp-sfpplus3 => unused yet but will be like sfp-sfpplus4 if used one day
sfp-sfpplus4 => connected to a server which should get tagged with VLAN 50 and get an IP from DHCP server running on the router ( plugged to sfp-sfpplus2)

mkx · September 1, 2024, 12:00pm

The setting for sfp-sfpplus2 (under bridge/port) lacks setting of PVID … and default is PVID=1 … OTOH it’s set as untagged for VLAN 50 … so you have a discrepancy here.

Methraton · September 1, 2024, 2:23pm

Hi mkx ,

Thanks for your time and advice, I managed to make it work my way ( thing is I need the VLAN 1 too).

While adding, like you suggested, the port sfp-sfpplus2 to use pvid=50 did unlock me , my server still got its IP from the wrong VLAN.

Anyway, you put me on the right track, what worked for me was to add sfp-sfpplus2 as tagged in the bridge/vlan for VLAN 50.

here’s my setup now :

/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=50
add bridge=BR1 interface=sfp-sfpplus1
add bridge=BR1 interface=sfp-sfpplus2
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=50
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=50
/interface bridge vlan
add bridge=BR1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=sfp-sfpplus3,sfp-sfpplus4,BR1 vlan-ids=50
add bridge=BR1 tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=100