I have the following setup:
The routers are 2011’s
From “user 1” I can ping the different routers and pfsense without any problems
From pfsense and to 8.8.8.8 i get from 30-100% packet loss.
Any suggestions on what I can try?
PS: The reason for this setup is to place my pfsense box in a closet and only run one ethernet cable in there.
Ahh so the RB2011 are not routing they are simply acting as switches?? (and the one cable holds the three vlans to the pfsense)
That is correct, they are used as switches right now. (simple brigde and vlan setup, nothing else)
Edit: I can add the config from the last router (closest to pfsense box). I have removed vlan id 20 from the router, just to make it easier for my self to get the basic stuff working correctly first. And I have removed RSTP from all brigdes.
/interface bridge
add name=bridge1 protocol-mode=none
add name=bridgevlan10 protocol-mode=none
add name=brigdeWAN150 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=uplink
set [ find default-name=ether2 ] comment=wan
set [ find default-name=ether3 ] comment=lan
/interface vlan
add interface=ether1 name=eth1-vlan10 vlan-id=10
add interface=ether1 name=eth1-vlanWAN150 vlan-id=150
add interface=ether2 name=eth2-vlanWAN150 vlan-id=150
add interface=ether3 name=eth3-vlan10 vlan-id=10
/interface bridge port
add bridge=bridgevlan10 interface=eth1-vlan10
add bridge=brigdeWAN150 interface=eth1-vlanWAN150
add bridge=bridge1 interface=ether1
add bridge=brigdeWAN150 interface=ether2
add bridge=brigdeWAN150 interface=eth2-vlanWAN150
add bridge=bridgevlan10 interface=ether3
add bridge=bridgevlan10 interface=eth3-vlan10
I used one bridge and added all the VLAN’s to it. On the bridge VLAN you can add all VLAN’s and mark all ether ports either tagged (in case of a trunk port with multiple VLAN’s) or untagged (for a sngle VLAN or access port).
Please check this site: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
That is the only way I know how to do it, single bridge.
This ref is great just find the device ex. that fits your scenario.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Thanks for the tip, will check out the link. And i discovered “brigde vlan” because of that.. not just interface vlan..
A follow up question before i go insane (:D)
Do I need both interface vlans AND brigde vlan configured?
With interface vlans I get traffic, but packet loss. With brigde vlans I get some connectivity but having problems getting my network up and running.
If anyone know of examples on configuring a MT router basicly as a switch with VLANs that would be very appreciated.
Sorry I only know the new way where you need both Bridge vlan settings and the vlan interfaces.
How do you know you get packet loss on your vlans???
I may be getting some on mine but have no way to check that!!
That’s easy to check. Speedtest to internet shows ~50% speed and ping shows packet loss:
PING 8.8.8.8 (8.8.8.
: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=13.750 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=16.930 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=13.187 ms
— 8.8.8.8 ping statistics —
10 packets transmitted, 3 packets received, 70.0% packet loss
round-trip min/avg/max/stddev = 13.187/14.622/16.930/1.648 ms
When that is said. The packet loss does not happen before pfsense but after. The ping results above are from WAN interface on pfsense.
Update: reset all routers and applied the examples provided here: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Setup_Examples (example 1/2)
Got All VLANs up and running, no packet loss, full speed across the network and all SSID’s working as they should - all good and fine 
But I need to add a ‘managment’ network as I am now not able to communicate with the routers via winbox - guess that’s because all packages from “user 1 pc” are tagged with VLAN headers and the routers are on another network/vlan 1.