VLANing

CHARL13 · June 21, 2013, 2:22pm

Hi there

I'm really struggling to configure a VLAN for an RB951G-2HnD.

I'm trying to VLAN off ports ether3, ether4 and ether5 into VLAN-ID 2.

So far I have the following Switch Port config:

NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID

0 ether1-gateway switch1 disabled leave-as-is auto
1 ether2-trunk switch1 disabled leave-as-is auto
2 ether3-master-local switch1 secure always-strip 2
3 ether4-slave-local switch1 secure always-strip 2
4 ether5-slave-local switch1 secure always-strip 2
5 switch1_cpu switch1 disabled leave-as-is auto

and the following Ethernet config:

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 ether1-gateway 1500 00:0C:42:B7:AC:D6 enabled none switch1
1 ether2-trunk 1500 00:0C:42:B7:AC:D7 enabled none switch1
2 ether3-master-local 1500 00:0C:42:B7:AC:D8 enabled none switch1
3 S ether4-slave-local 1500 00:0C:42:B7:AC:D9 enabled ether3-master-local switch1
4 S ether5-slave-local 1500 00:0C:42:B7:AC:DA enabled ether3-master-local switch1

What I now want to do is create a DHCP server and address for VLAN 2 but I need to apply it to an interface which I don't currently have. Where am I going wrong?

Many thanks

tws101 · June 21, 2013, 3:31pm

While Mikrotik has a switch chip… It is no substitute for an actual managed switch.

Add your VLAN Interface in INTERFACE

Your switch will need to have default vlan set to 2 for those ports change mode to fall back. Leave as always strip.

Now head to dhcp server and you will see the VLAN interface you created as an option.

CHARL13 · June 21, 2013, 3:34pm

Thanks TWS101

When I create the VLAN Interface it wants to be attached to another Interface. Which one should I choose? And do I need to do anything with bridging?

tws101 · June 21, 2013, 4:10pm

Attach to the master port (Physical Port) you will be using the VLAN on. Based on your setup it looks like Port 3 “ether3-master-local”

No bridging..

CHARL13 · June 21, 2013, 4:27pm

Thanks TWS101, I’ll try that and see what happens.

CHARL13 · June 24, 2013, 8:23am

Ok I’ve got this config so far. I think it’s right but I’m not able to ping the vlan address. Maybe firewall rules?

[admin@MikroTik] /interface ethernet switch> port print
Flags: I - invalid
 #   NAME                     SWITCH  VLAN-MODE  VLAN-HEADER  DEFAULT-VLAN-ID
 0   ether1-gateway        switch1  disabled        leave-as-is       auto
 1   ether2-trunk            switch1  disabled         leave-as-is       auto
 2   ether3-master-local  switch1  fallback         always-strip      2
 3   ether4-slave-local     switch1  fallback         always-strip      2
 4   ether5-slave-local     switch1  fallback         always-strip      2
 5   switch1_cpu             switch1  disabled        leave-as-is        auto

[admin@MikroTik] /interface ethernet switch> vlan print
Flags: X - disabled, I - invalid
 #   SWITCH  VLAN-ID  PORTS
 0   switch1    2            ether3-master-local
                                  ether4-slave-local
                                  ether5-slave-local

[admin@MikroTik] /interface> ether print
Flags: X - disabled, R - running, S - slave
 #    NAME                      MTU  MAC-ADDRESS          ARP        MASTER-PORT          SWITCH
 0    ether1-gateway        1500  00:0C:42:B7:AC:D6  enabled  none                        switch1
 1    ether2-trunk            1500  00:0C:42:B7:AC:D7  enabled  none                        switch1
 2    ether3-master-local  1500  00:0C:42:B7:AC:D8  enabled  none                        switch1
 3  S ether4-slave-local    1500  00:0C:42:B7:AC:D9  enabled  ether3-master-local  switch1
 4  S ether5-slave-local    1500  00:0C:42:B7:AC:DA  enabled  ether3-master-local  switch1

 [admin@MikroTik] /interface> vlan print
Flags: X - disabled, R - running, S - slave
 #    NAME         MTU   ARP       VLAN-ID  INTERFACE
 0    vlan-home  1500  enabled  2             ether3-master-local

 [admin@MikroTik] /ip> add print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   ;;; home address
      172.16.0.1/24      172.16.0.0      bridge-local
 1   172.16.1.1/24      172.16.1.0      vlan-home

[admin@MikroTik] /ip> dhcp-server print
Flags: X - disabled, I - invalid
 #   NAME  INTERFACE  RELAY  ADDRESS-POOL  LEASE-TIME ADD-ARP
 1   dhcp1  vlan-home               vlan1                3d

tws101 · June 24, 2013, 3:20pm

By default in Mikrotik you can route between VLANs unless you added a firewall rule to prevent you from doing so.

And yes your configuration looks good. I assume you are getting The correct IP addresses from the vlan assigned Ethernet ports?

CHARL13 · June 26, 2013, 3:35pm

Digging into this I came across this which I assume will tag the packets on the way in through the ports which is what I’m looking for.

/interface ethernet switch rule add switch=switch1 ports=ether3,ether4,ether5 new-vlan-id=2

Only my 8327 switch chip doesn’t support new-vlan-id.

Any ideas?

tws101 · June 27, 2013, 2:51pm

If you are setting the port to have a default vlan ID then you are fine. Untagged packets will be accepted into the default.

If you need to tag them later like on your trunk port.. You would tag them on egress. Also the trunk port would need to be part of the same switch.

CHARL13 · April 11, 2014, 9:53am

I eventually gave up on this last year as I didn’t have a switch. I’m now attempting to give it a go again but with a different setup.

So I’ve got an RB951G-2hnd and an RB250GS (planning on getting another one if I get this working) - to keep it simple I’ve left the default configuration in place, but changed the IP config (currently 172.16.0.0/24). Please ignore the information that precedes this post.

This is going to be a multi stage process. I’d like to get vlan30 sorted. From there I’m hoping to sort vlan10 and then vlan20.
I’ve been trying to do this using the documentation and other peoples examples but nothing seems to make sense. Is anyone able to help?

Thanks