VLANS with Bridge

OnixJonix · May 11, 2016, 7:36am

Hi!
Problem with VLAN in bridging mode!
Cant passthrue vlan to next router!
Example:

main router - router1 - router 2
Problem - with router2 - cant give out access ports and passthrue both vlans to next router!

my router 2 configuration i think is also OK! Maybe someone have ideas?

MasterXP · May 11, 2016, 8:21am

Your configuration looks good, to understand the problem, can you post your configuration of the 3 routers?

Another question, the trunk port and access ports is working fine at Router 1?

OnixJonix · May 11, 2016, 11:09am

If i connect ROUTER2 to MAIN router directly then everything is working fine!
Access ports work fine on Router1 the problem i think is passing the vlan from router1 to router2!
3 MAIN config (I think this is what you mean with Router1

/interface bridge
add name=bridge_main
/interface vlan
add interface=bridge_main name=vlan10_private vlan-id=10
add interface=bridge_main name=vlan20_public vlan-id=20
/interface bridge port
add bridge=bridge_main interface=ether2
add bridge=bridge_main interface=ether3
add bridge=bridge_main interface=ether4

MasterXP · May 11, 2016, 2:02pm

If Router 2 works when connected to Main router, then the problem must be at Router 1.

Please post config of Main, Router 1 and Router 2.

ZeroByte · May 11, 2016, 2:39pm

Do the routers 1 and 2 have ethernet switch chips in them? It looks like you’re using routers 1 and 2 more as switches than as routers, so perhaps you should build the vlans in the switches directly - it would give more performance.

I built some multi-vlan access point Mikrotiks once (back before they supported vlan-tag on the VAP interfaces directly) and it was exactly like your configuration, so it should definitely work this way.

Could (R)STP be running on the main bridge at R1 and blocking for some reason or other?

OnixJonix · May 12, 2016, 6:36pm

I have RB2011UAS-2HnD but i need 9 ports (switch chips ar divided, i think, 5 and 5)! For this purpose i need only internet use with 40Mbps bandwith so no need for full wire speed and bridge will do the job! I thought i also know how it is done, but not working! But im sure the problem is in ROUTER1! Maybe there is some way to test… maybe with packet sniffer! Look for VLAN ID passing??
I will experiment tomorow! About STP - it is clean config without default config so cant see this problem but i will check it!

ZeroByte · May 12, 2016, 6:47pm

Well, you could let two ports on Router1 be switched ports - e.g. set ether2 master=ether1, and then connect the trunks to ether1 and ether2
This way, traffic from Main → Router2 will just switch through Router1 at wire speed, and none of the VLAN stuff will be interfered with.

You’ll need to remove ether2 from the main bridge, but leave ether1 in the main bridge.

OnixJonix · May 12, 2016, 7:00pm

Great idea! Didn’t thought so far! I definetly will try it tomorow! Thanks man!
but still… want to understand why vlans with bridge didnt go thrue!

ZeroByte · May 12, 2016, 7:08pm

Not sure - I’ve done it your way before myself - I thought it seemed fiddly, but it worked…

OnixJonix · May 13, 2016, 5:34am

Mystery solved! Thanks to ZeroByte!
RouterOS 6.34.2 by default enables RSTP! Uncheked RSTP on Router1 MAIN bridge everything works!
Thanks a lote for tip!
Still will try also with switch option too!

ZeroByte · May 13, 2016, 1:36pm

I think the fact that spanning tree was behind it is actually indicative of some other issue, as STP by itself shouldn’t just block things - Perhaps STP on the vlan bridges was interfering - I’d say that if you did want to keep STP on the network, that it should probably be disabled on the vlan bridges and left enabled on the main bridge. But if you’re not going to connect any loops to the network (backup links) then STP isn’t needed.

I think the switch option is probably the best one performance-wise and it’s simpler. You could even remove the main bridge - put the vlan interfaces on the master interface of the switch (instead of on main bridge) and then just bridge those vlan interfaces to their proper untagged physical interfaces with the vlan bridges.

macgaiver · May 13, 2016, 1:48pm

If you decide to use software bridging.

on clean config on every physical interface create all VLANs that will run through them.
for each VLAN create a separate bridge and add client Ethernet interfaces that should have access to these VLANs

hardware VLANing in fact look similar

define what physical interfaces VLANS will be running on in
/interface ethernet swtich vlan menu
specify defaultvlan tags that should be added to incomming traffic in /interface ethernet switch port menu

ZeroByte · May 13, 2016, 2:13pm

That’s definitely the cleanest way to do it.

The one exception for me would be if you want all vlans tagged on all interfaces, then you could just use one bridge and only create vlan interfaces on the bridge for those vlans that the Mikrotik itself should participate in as a host.