Hi, I found some posts on this, but not exactly what I’m looking for.
I’m a newbie as far as RouterBoards, but I’ve got 15 years of experience with Linux routers and switches.
I have several Netgear GS724T configured with VLANs and VLAN trunking between the GS724T.
The above GS724 are working just fine, but I’m trying to deploy RB2011 at user desks because some engineers
nee to have access to several VLANs and Voip but our offices only have 1 or 2 ethernet jack / seat.
Question 1) Does the RB2011 fully support 802.1Q VLAN tags?
Reading: http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
This document suggests to define the subnet used by this VLAN “add address=10.10.10.3/24 interface=VLAN2”
As far as I know, VLANs should only be layer 2 / “ethernet frame base”, defining the IP subnet does not sound right.
It also adds this extra level of “synchronization” between my layer 2 and layer 3 network configuration.
Question 2) How do I configure the RB2011 to use Eth5 as VLAN trunking for VLAN id = 2, 7 and 8 connected to my GS724T? With:
VLAN-2 on ports Eth10, Eth9. (100Mb)
VLAN-7 on ports Eth1, Eth2, Eth3, Eth4. (1,000Mb)
VLAN-8 on ports Eth6, Eth7, Eth8 (100Mb)
VLAN-2,7,8 Trunk on Eth5 (1,000Mb)
This will allow me to deliver 3 VLANs to the desks of the engineers using a single ethernet link back to on of the main GS724T switches.
This way they will have access to the company Intranet VLAN-7 at a full gig link (not limited to going through the phone’s 100 Mb link).
They will have access to their Voip for the telephony on VLAN-2
They will have access to the isolated Test environment on VLAN-8
Obviously none of the enduser devices connected to the RB2011 will output VLAN tags.
They will only send normal ethernet frames (Even if some devices support VLANs I don’t want to configure them).
So only the trunk port on Eth5 will be the one expecting VLAN tags from the GS724T switch, ranging from VLAN 2, 7 and 8.
Thank you in advance,
Martin Politick.
politick at gmail dot com
Can someone tell me how I can get Mikrotik to at least answer question 1) below?
I believe the question to be a simple clarification on the product specification, and its usage.
Question 1) Does the RB2011 fully support 802.1Q VLAN tags?
Because I don’t understand why I’d need to let the RB2011 know about the subnets on the VLANs.
I use VLAN trunking between my RB600 and My Netgear GS724T, while the RB600 does not have the switch chip that the RB2011 does, the configuration is the same. For some of my VLANs, I do have IPs assigned, as I want to reach the MT router on that address/vlan, if you only want to bring the vlans to their desk (which is what it sounds like you want to do), an IP is not required.
Because the 2011 uses two separate switch chips but you want all trunking to happen on a single port, the CPU has to be involved, which is why I have bridges in my solution rather than native switch vlan configuration. In your use, you cannot fully offload all traffic from the CPU. If you wanted to do a hybrid solution, you could configure the intranet ports to use native switch vlan commands and only have to bridge the test and VoIP ports, but realistically, I don’t think you’ll have any performance problems with your desired use.
/interface/ethernet/
set ether10 master-port=ether9
set ether2,ether3,ether4 master-port=ether1
set ether7,ether8 master-port=ether6
I get an error code:only one master port in switch group allowedSince I’m new to RouterOS, I don’t get all the concepts so I can’t figure out a way to fix this.
I believe you’re trying to create 3 separate “Virtual switches”
(eth1, eth2, eth3, eth4) - (eth6,eth7,eth8) - (eth9,eth10)
Then I think you’re creating “Virtual ethernet ports” called vlan2, vlan7 and vlan8,
which at the same time it tells that ether5 should expect VLAN tags (802.1q) on port #5
Then you bridge the “virtual ethernet ports” vlans with the master-port of each virtual switch.
QUESTIONS:
Q1) what is the purpose of a master-port
Q2) Since there are no vlan statements on anyother port than ether5, does that imply that all VLAN ID will be strip from all other ports (which is what I want)
Q3) On other switches I need to tell what should be the default VLAN ID of none-VLAN trunking ports.
Is this accomplished by the bridge command?
My apologies, I do not have a 2011 to verify against.
The master-port is to setup switch groups in the hardware switch chip. Doing so will offload switching functions from the CPU. The “master-port” is the only one that needs to be further used in configuration settings when referencing that switch group.
Since there are less switch groups available than what you require, some of your switched traffic must go through the CPU. This is not a big deal, as the CPU can handle over 1GBps in bridging mode and you already are required to use the CPU since your trunk is on one chip and some of the ports are on another (as previously mentioned).
So we drop the switch-chip stuff and lengthen our bridge port section. The full config would now read:
OP, since you’re mainly looking to do L2 switching, you might be better served by an L2 switch than a Routerboard. Given that you already use Netgear “smart” switches in your network, it might be worthwhile to look at the GS108T, which is similar in price to the RB2011, and has an interface/management features similar to your existing switches.
Yes thank you, I’ve looked at them.
But I have 2 reasons to use the RB2011
1- We already use this model for other purposes so I prefer to always re-use the same components as much as I can (easier for long term support)
2- Gives me a reason to start understanding concepts behind RouterBoard (learning exercise)
But your proposition could be very useful for other users.
Yes I’ve verified and it works at 95%.
I can’t bridge ether6 because it’s already used and if I remove it I loose my connectivity to 192.168.88.1
So I’ve done this (which leaves ether6 as the configuration port) and added an extra VLAN-1: