VLANs are not isolated from each other?

netmaster · October 18, 2011, 12:13pm

broadcasts and multicast leaks from one vlan to another - is this supposed to be like that, or I am missing something?

For example this setup from the WiKi (I used slightly different numbering but basic setup is same). From port4 (vlan400) i can see (with Wireshark) ARP broadcasts for IP at vlan200 destined to port2. Also, if I connect STB to port2 and join some multicast group, then same multicast traffic from vlan200 appear on all other ports.
More confusion - after joining at port4 with the same multicast group as in port2, then something happens at port2, and picture freezes in STB, but group stay connected to that vlan at the router. Judging about the rapidly flashing LED, then traffic seems to flowing, but get corrupted or looping somehow. On the port4, at the same time is everything fine, and VLC plays multicast stream.

Is there some workaround to prevent such behavior or this switch just can’t do anything right with vlans?

BTW: Tried to replace RB250GS with 8port switches from TP-Link or D-Link, and everything works like it should.

slackR · October 18, 2011, 8:15pm

You could turn off forwarding between the ports.

netmaster · October 19, 2011, 6:24am

did it - no difference
As far I understand, forwarding between trunk port and every other port is still needed, so there is no difference, because leaking occurs between vlan inside a trunk and a other ports untagging different vlans. I have not tested, is there a leaks between physical ports belong to different vlans.

netmaster · October 19, 2011, 11:26am

also tried to build ACL filters for allowing packets with certain vlan id to only certain ports, but no luck.

In meantime, I also discovered reason of that STB killing feature. If two devices joining with same multicast group, from different ports and from different vlans, all traffic gets doubled (or tripled in case of three ports) on all these ports. Every packets get sent twice or more and this kills my STB, and after some time even computer. This is not a switch, this is a DOS tool.

winet · November 5, 2011, 11:20am

have u upgraded its firmware the the latest one?

netmaster · November 5, 2011, 5:55pm

of course

winet · November 6, 2011, 6:53am

ow bugger i had a plan to get a SwOS, but with this kind of bug, i think i’m gonna postpone it until it is fixed. because i have to do multicast filtering on a network

RcRaCk2k · May 16, 2012, 7:22am

I have the same problem!

running SwOS 1.6 and can see DHCP-Discoverys (255.255.255.255 ff:ff:ff:ff:ff:ff) on VLAN2 from a client that is connected to VLAN1 on the same RB250GS Switch.

  /---------------------------\
  | SWITCH RB250GS 5-Port     |
  |          Ports            |
  |   1    2    3    4    5   |
  \---------------------------/
      |    |    |    |    |
      |    |    |         |
    VLAN1  |  VLAN2     VLAN1+2
    strip  |  strip      add
      |    |    |         |
     PC1   |   SXT        |
           |            ROUTER
         VLAN1
         strip
           |
          PC2

That is a very big problem! How to solve this?

joncolby · August 9, 2014, 8:47pm

Go vote here for this, it will help with fixing your problems : http://forum.mikrotik.com/t/vote-for-packetfence-support/78509/1

roadracer96 · August 12, 2014, 12:12am

Thread jacking. Zero relevance.