VLANs between CCR and CRS328

En español

Buenos dias, tengo un detalle con una configuracion, para ver si hay alguna manera de solucionarlo, este es mi escenario..


Tengo un CCR2116 el cual tengo declaradas 8 VLANS en un bridge en modo Vlan Filtering.

Despues de ese CCR, tengo un CRS328 el cual actua solo como switch y de alli lo transporto hacia otro switch de fibra modelo CRS317.

Desde el CRS317 lo mando por fibra a unos CSS el cuales ya estan configurados y los AP’s conectados a esos CSS funcionan muy bien y tengo varios SSIDS con las VLANS declaradas y funcionan bien.

El detalle es que quiero declarar en el puerto 3 y 4 del CRS328 una vlan ID 80 para que esos puertos funcionen como modo acceso del que rango de segmento que corresponde a la vlan 80..

Hasta ahorita no he podido hacerlo funcionar.

¿Alguien que haya tenido este escenario y como lo resolvieron?


English

Good morning, I have a configuration issue. I’m wondering if there’s a way to resolve it. Here’s my scenario.

I have a CCR2116 with 8 VLANs declared on a bridge in VLAN Filtering mode.

After that CCR, I have a CRS328, which acts only as a switch, and from there I transport it to another fiber switch, model CRS317.

From the CRS317, I send it via fiber to some CSSs, which are already configured. The APs connected to those CSSs work fine. I have several SSIDS with the VLANs declared, and they work fine.

The problem is that I want to declare VLAN ID 80 on ports 3 and 4 of the CRS328 so that those ports function as access mode for the segment range corresponding to VLAN 80.

So far, I haven’t been able to get it working.

Has anyone had this issue and how did they resolve it?

Did you check this tutorial? http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1 You should configure VLANs on both CCR and CRS according to this tutorial and they’ll work correctly on both device models and wirespeed on CRS as well.

If, after reading and understanding the tutorial, you still have problems, come back and post configuration (everything under /interface) for both CCR and CRS for us to see what exactly you did.

ya hice la configuracion y no logro que tenga trafico mis equipos y APS que estan en el CRS328..

quitando el Vlan Filtering de la interfaz bridge del CRS328, el trafico vuelve a la normalidad pero si lo activo, no tengo trafico ni en los APS que tengo en el CRS328 ni en los equipos que tengo en el CRS317

Aqui mi tabla de exportacion de la pantalla Interface del CRS317

/interface bridge
add admin-mac=78:9A:18:37:02:B0 auto-mac=no comment=defconf frame-types=
admit-only-vlan-tagged ingress-filtering=yes name=bridge pvid=10
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether2 ] comment=“Puerto 2 ap site”
set [ find default-name=ether9 ] poe-out=off
set [ find default-name=ether11 ] poe-out=off
set [ find default-name=sfp-sfpplus1 ] comment=“MANDA SWITCH DE FIBRA”
set [ find default-name=sfp-sfpplus2 ] comment=“RECIBE VLANS DESDE CCR”
/interface vlan
add interface=sfp-sfpplus2 name=ADMINISTRACION vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether5 pvid=80
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether6 pvid=80
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether7
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether8
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether9
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether12
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether13
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether14
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether15
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether16
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether17
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether18
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether21
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether22
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether23
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=ether3 pvid=80
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=ether4 pvid=80
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=sfp-sfpplus1 vlan-ids=80
add bridge=bridge tagged=bridge vlan-ids=40
add bridge=bridge tagged=bridge vlan-ids=50
add bridge=bridge tagged=bridge vlan-ids=60
add bridge=bridge tagged=bridge vlan-ids=70
add bridge=bridge tagged=bridge vlan-ids=90
add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10

CCR Router

/interface bridge
add name=VLANS protocol-mode=none vlan-filtering=yes
/ethernet interface
set [ find default-name=sfp28-2 ] auto-negotiation=no comment=“LINK TO SWITCH” speed=10G-baseCR
set [ find default-name=sfp28-7 ] disabled=yes
set [ find default-name=sfp28-10 ] comment=“WAN1 TELMEX”
set [ find default-name=sfp28-11 ] comment=“WAN2 MEGACABLE”
set [ find default-name=sfp28-12 ] comment=“WAN3 TELMEX”
/interface vlan
add interface=VLANS name=ADM_RED vlan-id=10
add interface=VLANS name=CCTV vlan-id=40
add interface=VLANS name=EXTERNAL vlan-id=50
add interface=VLANS name=HOLPRE vlan-id=80
add interface=VLANS name=“HOLPRE HOTSPOT” vlan-id=90
add interface=VLANS name=“HOLPRE NAVE” vlan-id=70
add interface=VLANS name=GUESTS vlan-id=60
/interface bridge port
add bridge=VLANS frame-types=admit-only-vlan-tagged interface=sfp28-2
add bridge=VLANS frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=10
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=50
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=60
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=40
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=80
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=70
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=90

no se si este bien mi configuracion, pero me gustaria ver si le pueden echar una revision y decirme si hay algo que haya hecho mal.

Muchas gracias

English

I’ve already configured it, but I can’t get any traffic on my devices and APs on the CRS328.

Removing VLAN filtering from the CRS328 bridge interface returns traffic to normal, but if I enable it, I get no traffic on either the APs on the CRS328 or the devices on the CRS317.

Here’s my export table from the CRS317 Interface screen.

/interface bridge
add admin-mac=78:9A:18:37:02:B0 auto-mac=no comment=defconf frame-types=
admit-only-vlan-tagged ingress-filtering=yes name=bridge pvid=10
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether2 ] comment=“Port 2 AP site”
set [ find default-name=ether9 ] poe-out=off
set [ find default-name=ether11 ] poe-out=off
set [ find default-name=sfp-sfpplus1 ] comment=“COMMAND FIBER SWITCH”
set [ find default-name=sfp-sfpplus2 ] comment=“RECEIVE VLANS FROM CCR”
/interface vlan
add interface=sfp-sfpplus2 name=ADMIN vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether5 pvid=80
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether6 pvid=80
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether7
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether8
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether9
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether12
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether13
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether14
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether15
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether16
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether17
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether18
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether21
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether22
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf frame-types=
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=
ether23
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=ether3 pvid=80
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
ingress-filtering=yes interface=ether4 pvid=80
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=sfp-sfpplus1 vlan-ids=80
add bridge=bridge tagged=bridge vlan-ids=40
add bridge=bridge tagged=bridge vlan-ids=50
add bridge=bridge tagged=bridge vlan-ids=60
add bridge=bridge tagged=bridge vlan-ids=70
add bridge=bridge tagged=bridge vlan-ids=90
add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=10

CCR Router

/interface bridge
add name=VLANS protocol-mode=none vlan-filtering=yes
/ethernet interface
set [ find default-name=sfp28-2 ] auto-negotiation=no comment=“LINK TO SWITCH” speed=10G-baseCR
set [ find default-name=sfp28-7 ] disabled=yes
set [ find default-name=sfp28-10 ] comment=“WAN1 TELMEX”
set [ find default-name=sfp28-11 ] comment=“WAN2 MEGACABLE”
set [ find default-name=sfp28-12 ] comment=“WAN3 TELMEX”
/interface vlan
add interface=VLANS name=ADM_RED vlan-id=10
add interface=VLANS name=CCTV vlan-id=40
add interface=VLANS name=EXTERNAL vlan-id=50
add interface=VLANS name=HOLPRE vlan-id=80
add interface=VLANS name=“HOLPRE HOTSPOT” vlan-id=90
add interface=VLANS name=“HOLPRE NAVE” vlan-id=70
add interface=VLANS name=GUESTS vlan-id=60
/interface bridge port
add bridge=VLANS frame-types=admit-only-vlan-tagged interface=sfp28-2
add bridge=VLANS frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=10
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=50
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=60
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=40
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=80
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=70
add bridge=VLANS tagged=VLANS,sfp28-2 vlan-ids=90

I don’t know if my configuration is correct, but I’d like to see if you could check it and tell me if there’s anything I’ve done wrong.

Thank you very much.

Sorry muy importante to see the entire config
/export file=anynameyouwish ( minus router serial number or switch serial number, any public WANIP information, keys )