VLAN prioritization on hybrid ports

zyxnull · May 13, 2015, 4:14am

Hello all

I’m trying to setup a Mikrotik RB951G-2HnD with hybrid ports, I’m almost there but I’ve got a couple of questions about prioritization

Scenario is as follows

ether1 will be gateway
All other ethernet ports will be used to connect either PCs or VLAN capable devices (hybrid ports)

I’ve setup a VLAN with id 20, I want that VLAN to have priority “7” and the rest untagged network to have priority “0”, as far as I understand all non tagged traffic is already tagged “0” so I suppose that what’s left is to set the VLANs priority but I’m not clear how to do that.

The idea is the following: We have this VoIP phones that will be configured to use vlan id 20 and then we’ll connect PC’s to those phones, PCs will get untagged connection

VLAN id 20 has a 172.16.20.0/24 network
and untagged traffic has a 192.168.88.0/24 network

So far I was able to achieve almost everything except for priority, I’m not quite clear on how to do it, this is my configuration so far

/interface bridge
add admin-mac=D4:CA:6D:7E:A8:65 auto-mac=no mtu=1500 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
    20/40mhz-ht-above disabled=no distance=indoors l2mtu=2290 mode=ap-bridge \
    ssid=MikroTik-92E969
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
    ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add comment="" interface=bridge-local l2mtu=\
    1594 name=vlan-20 vlan-id=20
/ip neighbor discovery
set vlan-20 comment=""
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.200
add name=pool-vlan-20 ranges=172.16.20.30-172.16.20.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=8h name=\
    default
add address-pool=pool-vlan-20 disabled=no interface=vlan-20 lease-time=8h \
    name=dhcp-vlan-20
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface ethernet switch vlan
add independent-learning=no ports="ether2-master-local,ether3-slave-local,ethe\
    r4-slave-local,ether5-slave-local,switch1-cpu" switch=switch1 vlan-id=20
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.88.0
add address=172.16.20.1/24 comment="vlan-20 address" interface=vlan-20 \
    network=172.16.20.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server network
add address=172.16.20.0/24 comment="vlan-20 Network" dns-server=\
    8.8.8.8,208.67.222.222 gateway=172.16.20.1
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/romon port
add disabled=no
/system clock
set time-zone-autodetect=no time-zone-name=US/Pacific-New
/system clock manual
set time-zone=-06:00
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local

Any help will be greatly appreciated

chechito · May 13, 2015, 5:23am

what do you mean with “hibrid ports”??

in that config the tagged traffic its working as you expect??

For traffic QoS the simple manner its using simple queue

zyxnull · May 13, 2015, 6:06am

Hi chechito, thanks for answering, let me respond to your questions individually

I mean Hybrid ports as stated on the wiki “Vlans on Mikrotik environment” on this URL http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment and specifically this section:

An Hybrid port is a special mode that allow untagged and tagged packets on the same port. Imagine that you have a Voip desktop phone, you will connect your PC to the phone and the phone to the switch. We will have a vlan for voip and untagged data for the PC.

Sample provided on wiki fits my exact needs

Yes it is, for example:

If I plug a machine (PC or other device not VLAN aware) it gets an address on the 192.168.88.100-192.168.88.200 range as expected
On the other hand if I plug a device configured for VLAN id 20 it does receives an IP address on the 172.16.20.30-172.16.20.200 range as expected.

So far, so good, working as expected

Not my point, as a matter of fact I made a mistake, It should have been priority “5” and not “7” as I stated in my case, but any way if I find the right method to set the priority to my needs the rest should be easy.

You see, I’m trying to use 802.1p as stated on the same wiki as mentioned before, let me show you exactly what part of the manual I’m referring to

QoS on Vlans

This is called 802.1p. Inside the vlan tag we have 3 bits that are available to set CoS (priority) and go from 0 to 7. 0 is the lowest priority and 7 the highest.

By default all packets have CoS set to 0.

The CoS field can be set in two places: /ip firewall mangle or /interface bridge filter

When working directly on the vlan interface (edge router or device that adds the tag), use /ip firewall mangle.

When dealing with bridges use /interface bridge filter.

To set the CoS field the action that is used on the rules is set-priority. When this is set on the vlan interface, it will set it´s CoS id.

On this set-up we will remain with the previous network diagram.

As you can see it is not done the way you are telling me, I suppose it is also a valid method but on this particular case I want to understand how to use this feature properly as stated on the manual.

Hope this clarifies things a little