Hi,
I’m struggling with setting up VLANs on RB110AHx4 and CRS326 with running SWOS. I went through documentation, few examples and forum posts and I’m exhausted ideas what else I could change/correct to make my setup working. Apparently I need help from someone with more knowledge or maybe just fresh eyes on my settings. Please help.
This is what I have and what I’m trying to make working.
I have RB1100AHx4 and connected to it two CRS326-24G-2S+ which are running SWOS. RouterOS is in version 6.41 and SWOS is in version 2.6.
First CRS326 ports ether1 and ether2 are connected to RB1100AHx4 ether1 and ether2 ports. On this links I’ve setup bonding in mode 802.3ad. On RouterOS I’ve made for that bonding interface and on SWOS I’ve setup LAG.
Second CRS326 ports ether1 and ether2 are connected to RB1100AHx4 ether6 and ether7 ports with this same configuration.
So I have two bonding interfaces for links to two CRS326 switches. These interfaces, both are members of bridge called master_bridge. Bridge, have assigned 192.168.88.150 IP address.
On bond interface for link to first CRS326 I’ve made VLAN interface with vlan ID 100 and I’ve attached 192.168.87.1 IP to this interface.
On CRS326 I’ve set VLAN Mode to “enabled” on ether1 and ether2 which are members of LAG group, VLAN Receive is set to “any” and Default VLAN ID is “1”. For access port ether23 I’ve set VLAN Mode to “enabled”, VLAN Receive to “only untagged”, Default VLNA ID to “100” and enabled Force VLAN ID option.
With shit configuration in place Windows 7 workstation connected to first CRS326 ether23 port is getting IP configuration from DHCP server running on VLAN interface on RB1100AHx4, but I’m not able to ping successfully this host nor connect to it with RDP or to Internet from workstation itself. What looks odd for me is that, torch running on bond interface is reporting packets with IP of workstation as a source IP and VLAN ID equal to 100 which is what I expect. Firewall consist only three accept rules for INPUT, FORWARD and OUTPUT chains.
If I remove VLAN restrictions/configuration all communication works fine.
In in final setup I plan to have bridges on RB1100AHx4 for every VLAN with VLAN interfaces created for each bond interface as a members and IP address attached to this bridges.
For clarity, RB1100AHx4 have link to Internet gateway through ether 11 interface.
Any Ideas what I’m doing wrong?
I played a little with any VLAN settings which I found in RouterOS for bridges and VLAN port members but without any progress and I don’t have more ideas what else could prevent this config from working. The next step which I plan is to reset all devices to factory settings and try to setup this from scratch but before I give a try I would like to ask you for help.
Below I’m pasting my configuration details. I’ve removed some parts which I believe is not used/relevant. Please let me know if I should share something more.
Thank you for help!!!
[_@RT_Por23_01] /interface> print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 RS name="ether1_SW_Por23_01" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=64:D1:54:CC:4D:0C
last-link-down-time=jan/22/2018 16:27:44 last-link-up-time=jan/22/2018 16:29:16 link-downs=2
1 RS name="ether2_SW_Por23_01" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=64:D1:54:CC:4D:0C
last-link-down-time=jan/22/2018 17:04:46 last-link-up-time=jan/22/2018 17:05:21 link-downs=1
...
5 RS name="ether6_SW_Por23_02" default-name="ether6" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=64:D1:54:CC:4D:11
last-link-up-time=jan/22/2018 17:11:22 link-downs=0
6 RS name="ether7_SW_Por23_02" default-name="ether7" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=64:D1:54:CC:4D:11
last-link-up-time=jan/22/2018 17:11:26 link-downs=0
...
10 R name="ether11" default-name="ether11" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=64:D1:54:CC:4D:16
last-link-up-time=jan/22/2018 00:59:00 link-downs=0
...
13 RS name="SW_Por23_01" type="bond" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:0C last-link-down-time=jan/22/2018 16:27:50
last-link-up-time=jan/22/2018 16:29:16 link-downs=1
14 RS name="SW_Por23_02" type="bond" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:11 last-link-down-time=jan/22/2018 17:10:59
last-link-up-time=jan/22/2018 17:11:22 link-downs=1
15 R name="master_bridge" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:0C last-link-down-time=jan/22/2018 17:40:00
last-link-up-time=jan/22/2018 17:40:00 link-downs=3
16 R name="vlan100_SW_Por23_01" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1588 mac-address=64:D1:54:CC:4D:0C last-link-down-time=jan/22/2018 17:44:47
last-link-up-time=jan/23/2018 22:24:14 link-downs=3
17 X name="vlan100_bridge" type="bridge" mtu=auto mac-address=02:1E:EB:76:86:F1 last-link-down-time=jan/22/2018 17:45:26 last-link-up-time=jan/22/2018 17:39:58
link-downs=7
18 X name="vlan200_SW_Por23_01" type="vlan" mtu=1500 mac-address=64:D1:54:CC:4D:0C last-link-down-time=jan/22/2018 17:44:48 last-link-up-time=jan/22/2018 16:29:16
link-downs=3
[_@RT_Por23_01] /interface bonding> print detail
Flags: X - disabled, R - running
0 R name="SW_Por23_01" mtu=1500 mac-address=64:D1:54:CC:4D:0C arp=enabled arp-timeout=auto slaves=ether1_SW_Por23_01,ether2_SW_Por23_01 mode=802.3ad primary=none
link-monitoring=arp arp-interval=500ms arp-ip-targets=192.168.88.169 mii-interval=100ms down-delay=200ms up-delay=0ms lacp-rate=1sec
transmit-hash-policy=layer-2-and-3 min-links=1
1 R name="SW_Por23_02" mtu=1500 mac-address=64:D1:54:CC:4D:11 arp=enabled arp-timeout=auto slaves=ether6_SW_Por23_02,ether7_SW_Por23_02 mode=802.3ad primary=none
link-monitoring=arp arp-interval=500ms arp-ip-targets=192.168.88.167 mii-interval=100ms down-delay=200ms up-delay=0ms lacp-rate=1sec transmit-hash-policy=layer-2
min-links=1
[_@RT_Por23_01] /interface bridge> print detail
Flags: X - disabled, R - running
0 R name="master_bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:CC:4D:0C protocol-mode=rstp fast-forward=yes
igmp-snooping=no priority=0x8000 auto-mac=yes max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name="" region-revision=0
max-hops=20 vlan-filtering=no pvid=1
1 X name="vlan100_bridge" mtu=auto arp=enabled arp-timeout=auto mac-address=02:1E:EB:76:86:F1 protocol-mode=rstp fast-forward=yes igmp-snooping=no priority=0x8000
auto-mac=yes max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name="" region-revision=0 max-hops=20 vlan-filtering=no pvid=1
[_@RT_Por23_01] /interface bridge> port print detail
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
0 interface=SW_Por23_02 bridge=master_bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto external-fdb=auto horizon=none hw=no
auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=no
1 XI interface=vlan100_SW_Por23_01 bridge=vlan100_bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto external-fdb=auto horizon=none
hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=no
2 XI interface=vlan200_SW_Por23_01 bridge=master_bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto external-fdb=auto horizon=none
hw=yes auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=no
3 interface=SW_Por23_01 bridge=master_bridge priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto external-fdb=auto horizon=none hw=yes
auto-isolate=no restricted-role=no restricted-tcn=no pvid=1 frame-types=admit-all ingress-filtering=no
[_@RT_Por23_01] /interface> ethernet print detail
Flags: X - disabled, R - running, S - slave
0 RS name="ether1_SW_Por23_01" default-name="ether1" mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:0C orig-mac-address=64:D1:54:CC:4D:0C arp=enabled arp-timeout=auto
loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited switch=switch1
1 RS name="ether2_SW_Por23_01" default-name="ether2" mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:0C orig-mac-address=64:D1:54:CC:4D:0D arp=enabled arp-timeout=auto
loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited switch=switch1
...
5 RS name="ether6_SW_Por23_02" default-name="ether6" mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:11 orig-mac-address=64:D1:54:CC:4D:11 arp=enabled arp-timeout=auto
loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited switch=switch2
6 RS name="ether7_SW_Por23_02" default-name="ether7" mtu=1500 l2mtu=1592 mac-address=64:D1:54:CC:4D:11 orig-mac-address=64:D1:54:CC:4D:12 arp=enabled arp-timeout=auto
loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited switch=switch2
[_@RT_Por23_01] /interface> vlan print detail
Flags: X - disabled, R - running, S - slave
0 R name="vlan100_SW_Por23_01" mtu=1500 l2mtu=1588 mac-address=64:D1:54:CC:4D:0C arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off
loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=100 interface=SW_Por23_01 use-service-tag=no
1 X name="vlan200_SW_Por23_01" mtu=1500 mac-address=64:D1:54:CC:4D:0C arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off
loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=200 interface=SW_Por23_01 use-service-tag=no
[_@RT_Por23_01] /ip> address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf
address=192.168.88.150/24 network=192.168.88.0 interface=master_bridge actual-interface=master_bridge
1 ;;; WAN
address=192.168.89.2/24 network=192.168.89.0 interface=ether11 actual-interface=ether11
2 address=192.168.87.1/24 network=192.168.87.0 interface=vlan100_SW_Por23_01 actual-interface=vlan100_SW_Por23_01
[_@RT_Por23_01] /ip> route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.89.1 gateway-status=192.168.89.1 reachable via ether11 distance=1 scope=30 target-scope=10
1 ADC dst-address=192.168.87.0/24 pref-src=192.168.87.1 gateway=vlan100_SW_Por23_01 gateway-status=vlan100_SW_Por23_01 reachable distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.150 gateway=master_bridge gateway-status=master_bridge reachable distance=0 scope=10
3 ADC dst-address=192.168.89.0/24 pref-src=192.168.89.2 gateway=ether11 gateway-status=ether11 reachable distance=0 scope=10
Screenshots of SWOS configuration.
Regards Przemek