VLAN traffic is not working

bhaputi · January 26, 2006, 10:19pm

Hello,
We are using Mikrotik OS ver. 2.9.7, and cannot seem to get vlan’d traffic to pass. We are plugging our mikrotik box in as a transparent bridge between 2 summit extreme switches using 802.1Q vlans, but traffic is not getting through. If we take the same mikrotik box and plug it in between an HP 2424 switch and a summit extreme switch without using 802.1Q vlans, the traffic passes fine. Can someone point me in the right direction here? We have run through the vlan suggestions we have found here in the forums, and so far it has been no-go.

jager · January 27, 2006, 11:01am

We are using VLANs with zero problems since 2.8.27. (now on 2.9.
Take care that you configured the VLAN interface to be on the correct Ethernet, and VLAN IDs should be the same as configured on switch…

bhaputi · January 27, 2006, 12:30pm

So you cannot set the bridge to just pass the vlan IDs? Do I need to manually add the vlan ID for each separate vlan to the ethernet interface? We have approx. 1200 vlans throughout our network, so I hope not.

jager · January 27, 2006, 1:15pm

Well, we have arround 15 VLANs only, and they are separately entered. Everything work this way. I never tryed to do this via bridge.
Anybody else on forum, have tryed this?
I believe that it is very painfulll to enter 1200 interfaces by hand…
But, if the only solution is to enter each VLAN, write a simple script which will telnet to the router, and do the job
We are using similar trick for some other purposes. We have 2 ISP`s and we measure the bandwidth usage at both ISPs. If the usage reaches 80%, the script is telneting to the router, and the ip pool that gives IP addresses to PPPoE customers changes to the second ISP
Very primitive load balancing, but works great

bhaputi · January 27, 2006, 4:46pm

It sounds like maybe you are not using transparent bridging? The only IP we have on the Mikrotik box is for management (on a 3rd NIC). We have no IP assigned to the bridged interfaces. I would think that the bridge should just pass the VLAN IDs correctly, but it appears not to.

bhaputi · January 27, 2006, 6:27pm

Thanks for the tips. It actually turned out to be a duplex issue - all traffic is flowing great now.

jager · January 27, 2006, 7:37pm

Great! I`m happy that you solved it…

BurstNET · January 28, 2006, 12:51am

any reason you can think of that simple queres will not work on the traffic in this configuration? network interfaces and the bridge show the traffic flowing over them, but the simple queres do not and seem to have no effect on controlling traffic. connection tracking does show the traffic breakdown, so it looks like the vlan traffic is readable. even just trying to put a rule on the interfaces themselves does not seem to function now. anything special need to be done to throttle bandwidth in this situation? do simple queres not work in this situation, and need to use mangle/parket-marking method instead? tried that as well, and did not seem to work either. had no problems prior with non-vlan’d type traffic.

jager · January 28, 2006, 8:05am

This must be a bridge issue, I don`t see any other explanation.
We have VLANs, and just now, I made a test to be sure not to give you wrong type of help

I set up a new simple queue on VLAN interface, called ABC, Look at the following screenshot from my winbox:

http://jager.on.panonnet.net/!queue.gif

This interface without queue almost never have less than 2Mbit of traffic.
You can see in the middle of the traffic window for this interface how the traffic significaly lowered when I enabled the queue, (and my users was wondering what is going wrong with the Internet ) and raised again after turning the queue off.
I really hope this helps you, at least, we can be sure that Mtik know how to handle simle queues on VLANs.

!Wait, something comes onto my mind… all my queues have priority 8.
I still did not made any QoS to favorize certain type of traffic. Do you have different queue priorities on you router? Maybe the solution lies there?

Crossing fingers

Jager

BurstNET · January 29, 2006, 12:41am

our vlans are not configured on the mikrotik machine like yours are. ours just pass thru from one switch to another, going thru the mikrotik transparent bridge. we still have not gotten this working.

jager · January 29, 2006, 12:49pm

If you do not configure VLANs on mikrotik, how do you expect Mtik to know what to do with the queue that is configured on it? On which interface to shape the traffic?
I really don`t get it Neither Mtik does
Can you send at least your interfaces config for everybody here to see?

jparsons · February 19, 2006, 1:41am

I am trying to do the same. I have setup a mgmt interface on eth1 and then setup eth2 and eth3 as a bridge. I have tried adding the VLAN’s i want to put the queue on under the bridge interface. Do I need to add them to the ethernet interfaces instead?

What I am trying ot accomplish is to do some traffic shaping on some customers i have VLAN’d I only have about four right now connected via fiber optic to us, then i have the switch they are on setup with vlans, with our border router (a juniper not a mikrotik sorry) setup with subnets on the interface connected to the switch they are on, and vlans on each.
I put a mikrotik in between the border router and the switch now, with the eth2 and eth3 as a the interfaces bridging them. they pass traffic and the VLAN information between the juniper and the switch fine, now i would like to start shaping. What would be the best method?
Can I shape based on VLAN ID or since each is subnetted out, should i do it by thier network ID?
Also i am fairly new to mikrotik (but love it) so could someone provide me with some basic setup steps to implement thier recomendation as well.

Thanks in advance!

jager · February 19, 2006, 10:17am

You can setup a new simple queue to every VLAN interface, and shape the traffic as you wish. For example, like this:

142 name=“VLAN Proxim 1” dst-address=0.0.0.0/0 interface=proxim1 parent=none direction=both priority=8
queue=default/default limit-at=0/0 max-limit=10000000/10000000 total-queue=default

Hope this helps.

jparsons · February 19, 2006, 2:50pm

thanks for the response, unfortunatley, it didnt work for me, i might have something configured improperly however.
Should i create a vlan interface to match. for example one of the VLAN’s is VLAN 30 i tried to create it under the bridge interface, and eth2 and eth3 … no luck
I was able to create a filter under bridge and it would match vlan30 packets, so i created a packet mark, however i still couldnt get the que to see the vlan 30 traffic even based on the packet mark.

since these are subnetted as well, should i be able to que based on a range of IP’s .. for example if one of the customers has network 10.2.10.48/28 couldnt I match those addresses, and then que them?

I think I might be over complicating this…

any more suggestions would be greatly appreciated.

BurstNET · February 22, 2006, 3:49am

Let me know if you get this working…we have not yet ourselves.

SMA

jparsons · February 22, 2006, 9:28pm

I feel like i have tried everything.. I am beginning to pull my hair

I tried to mark the VLAN traffic, and that does work fine. but when you try to limit it.. it doesnt seem to see it at all… odd.
so since i have each of the cusomters subnetted as well.. i tried to just setup the queue based on thier individual subnet, however that does not seem to work either.

can traffic shaping not be done over a bridge? Should I be using the bridge interface or the ethernet ones when i setup the filters?

so to restate my issue.. I have a Mikrotik 2.9.13 rotuerboard 532 device setup between my border router, and a switch which feeds out to about four customers tied in to us across fiber optics. Each customer is assigned either a /28 or /27 subnet. then each port on the switch is assigned a unique VLAN ID for each customer. our border router is setup with the gateway address for each subnet, and on this router each subnet is assigned to a subinterface with thier unique VLAN ID. confused? well here is a diagram. with ficticious IP’s but the subnetting and VLAN ing is the same. i want to limit each customer to 3M up and 3M down MAX.
any help would be greatly appreciated!

BurstNET · February 22, 2006, 11:14pm

This appears to be just about the exact same problem we are having.

SMA

jparsons · February 22, 2006, 11:51pm

Im glad i am not alone in my misery! HA!

Well if i get anywhere with it I will let you know, in the meantime anyone else have any suggestions???

jager · February 23, 2006, 12:40am

I think this is not going to work, as you do not have the VLANs defined on Mikrotik. Is is possible to do VLANs on Mtik, and not on Juniper? Only in that case you can assign one simple queue for every VLAN, and it will work OK.
I have several VLAN switches, and every AP, remote link have assigned a different VLAN ID. This interfaces are nicely visible and separated in Mikrotik. The are also “queueable” without problems.

At the end, you can rate limit the traffic based on source address… this should also work.

jparsons · February 23, 2006, 2:45am

So do you mean, turn the mikrotik from a bridge into a router, and then add the vlan at the interface facing the customers.

I have thought of doing this, the bridging was an easy solution with minimal downtime. and i thought this would be possible. I have tried defining the vlans on the bridge interface as well as each interface, and also with all interfaces. like i said, i have been able to mark the traffic, just doesnt seem to do anything on limiting it.

If it cannot be done on the bridge, I will try to remove the bridging and do routing and see how that works…

Thank you for your advice, If i misunderstood, just let me know…