Community discussions

 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

CRS and RB2011 vlan configuration

Fri Feb 12, 2016 11:03 pm

Could anyone point me in the right direction regarding my vlan setup.

I have port1 on my RB2011 as WAN with DHCP client, and I have setup 3 vlan interfaces on port2 (vlan 10, 172 and 192). I have configured one DHCP server for each vlan. I have configured a firewall, and basic NAT.

On my CRS125-24G-1G-RM I have setup a switchgroup where ether2-24 has ether1-master as master. I have setup egress vlan tag for vlan 10, 192 and 172 on port1, and also port 2 & 3 for vlan 172. Ether2-16 has ingress vlan translation for vlan 192 - working great and equipment is getting IP from DHCP in 192.168.73.0 subnet, as wanted. Ether23&24 has ingress vlan translation for vlan 10 - also working, getting IP from DHCP in 10.0.0.0 subnet - as wanted

The problem is, I have my Ubiquiti AP AC Lite on port 2 & 3, and have configured a SSID for my private network, and wifi equipment is recieving IP 192.168.73.0 adresses as wanted - there is no vlan settings configured in Ubiquiti controller for this SSID, so this SSID is broadcasting in untagged vlan 192 - perfect. Then I have a second SSID in vlan 172 - where i want 172.16.26.0 adresses - but when connecting to this WiFi, I am not getting IP....

I have tested to configure a ingress vlan translation for vlan 172 on port17 - and then everything is OK - so my problem I am quite shure is on my hybrid vlan config of ether2 & 3

Here is some of my setup on my CRS switch:
[root@MikroTik_Switch] /interface ethernet> print
Flags: X - disabled, R - running, S - slave 
 #    NAME            MTU MAC-ADDRESS       ARP        MASTER-PORT          SWITCH         
 0 R  ether1-master  1500 E4:8D:8C:A8:56:72 enabled    none                 switch1        
 1 RS ether2         1500 E4:8D:8C:A8:56:73 enabled    ether1-master        switch1        
 2 RS ether3         1500 E4:8D:8C:A8:56:74 enabled    ether1-master        switch1        
 3  S ether4         1500 E4:8D:8C:A8:56:75 enabled    ether1-master        switch1        
 4  S ether5         1500 E4:8D:8C:A8:56:76 enabled    ether1-master        switch1        
 5  S ether6         1500 E4:8D:8C:A8:56:77 enabled    ether1-master        switch1        
 6  S ether7         1500 E4:8D:8C:A8:56:78 enabled    ether1-master        switch1        
 7  S ether8         1500 E4:8D:8C:A8:56:79 enabled    ether1-master        switch1        
 8  S ether9         1500 E4:8D:8C:A8:56:7A enabled    ether1-master        switch1        
 9  S ether10        1500 E4:8D:8C:A8:56:7B enabled    ether1-master        switch1        
10  S ether11        1500 E4:8D:8C:A8:56:7C enabled    ether1-master        switch1        
11 RS ether12        1500 E4:8D:8C:A8:56:7D enabled    ether1-master        switch1        
12  S ether13        1500 E4:8D:8C:A8:56:7E enabled    ether1-master        switch1        
13  S ether14        1500 E4:8D:8C:A8:56:7F enabled    ether1-master        switch1        
14  S ether15        1500 E4:8D:8C:A8:56:80 enabled    ether1-master        switch1        
15  S ether16        1500 E4:8D:8C:A8:56:81 enabled    ether1-master        switch1        
16  S ether17        1500 E4:8D:8C:A8:56:82 enabled    ether1-master        switch1        
17  S ether18        1500 E4:8D:8C:A8:56:83 enabled    ether1-master        switch1        
18  S ether19        1500 E4:8D:8C:A8:56:84 enabled    ether1-master        switch1        
19  S ether20        1500 E4:8D:8C:A8:56:85 enabled    ether1-master        switch1        
20  S ether21        1500 E4:8D:8C:A8:56:86 enabled    ether1-master        switch1        
21 RS ether22        1500 E4:8D:8C:A8:56:87 enabled    ether1-master        switch1        
22  S ether23        1500 E4:8D:8C:A8:56:88 enabled    ether1-master        switch1        
23 RS ether24        1500 E4:8D:8C:A8:56:89 enabled    ether1-master        switch1        
24  S sfp1           1500 E4:8D:8C:A8:56:8A enabled    ether1-master        switch1   
[root@MikroTik_Switch] /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID PORTS                 SVL LEARN FLOOD INGRESS-MIRROR QOS-GROUP                
 0 D    4095 switch1-cpu           no  no    no    no             none                     
 1        10 ether1-master         no  yes   no    no             none                     
             ether23              
             ether24              
 2       172 ether1-master         no  yes   no    no             none                     
             ether2               
             ether3               
 3       192 ether1-master         no  yes   no    no             none                     
             ether2               
             ether3               
             ether4               
             ether5               
             ether6               
             ether7               
             ether8               
             ether9               
             ether10              
             ether11              
             ether12              
             ether13              
             ether14   

[root@MikroTik_Switch] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,
      ether13,ether14 
     service-vlan-format=any customer-vlan-format=any new-customer-vid=192 
     pcp-propagation=no sa-learning=yes 

 1   ports=ether23,ether24 service-vlan-format=any customer-vlan-format=any 
     new-customer-vid=10 pcp-propagation=no sa-learning=yes 

 2 D ports="" service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 
     pcp-propagation=no sa-learning=no 
[root@MikroTik_Switch] /interface ethernet switch egress-vlan-tag> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   VLAN-ID TAGGED-PORTS                                                                  
 0 D    4095
 1        10 ether1-master                                                                 
 2       192 ether1-master                                                                 
 3       172 ether1-master                                                                 
             ether2                                                                        
             ether3 
Please ask if more info is needed to help me out!
 
skuykend
Member Candidate
Member Candidate
Posts: 270
Joined: Tue Oct 06, 2015 7:28 am

Re: CRS and RB2011 vlan configuration

Sat Feb 13, 2016 2:06 am

[root@MikroTik_Switch] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,
      ether13,ether14 
     service-vlan-format=any customer-vlan-format=any new-customer-vid=192 
     pcp-propagation=no sa-learning=yes 
Looks like this ingress would override any incomming tagged packets from 172 as well. Maybe change it to only only set the new-customer-vid when Customer-vid is 0?
 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

Re: CRS and RB2011 vlan configuration

Sat Feb 13, 2016 11:03 am

I have now tested with following:
[root@MikroTik_Switch] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,
      ether13,ether14 
     service-vlan-format=any customer-vlan-format=any customer-vid=0 new-customer-vid=192 
     pcp-propagation=no sa-learning=yes 

 1   ports=ether23,ether24 service-vlan-format=any customer-vlan-format=any 
     new-customer-vid=10 pcp-propagation=no sa-learning=yes 

 2 D ports="" service-vlan-format=any customer-vlan-format=any new-customer-vid=4095 
     pcp-propagation=no sa-learning=no 
This did absolutely nothing. I have also tryed rebooting the AP`s. I have never rebooted the CRS, as any other settings I have done has worked instantly - should i perhaps try to reboot the CRS as well?
 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

Re: CRS and RB2011 vlan configuration

Tue Feb 16, 2016 10:57 pm

I have still not figured this out.

I would really appresiate if anyone would take their time to help me out!

Regards,
Torstein
 
w0lt
Member
Member
Posts: 484
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: CRS and RB2011 vlan configuration

Tue Feb 16, 2016 11:43 pm

Maybe add switch1-cpu to your individual vlans? See below:
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1,switch1-cpu vlan-id=20

-tp
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

Re: CRS and RB2011 vlan configuration

Wed Feb 17, 2016 12:27 am

This did not do the trick :( This only "locked me out" off the switch from my vlan 192. I had to connect to one off the ports not configured in any vlan and use winbox and mac adresse to connect to it and make it reverse...

-Torstein
 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

Re: CRS and RB2011 vlan configuration

Fri Feb 26, 2016 10:38 am

I have still not figured this out.

Are there any way to get support from Mikrotik, or some other way to get help to sort this out?

Regards,
Torstein
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: CRS and RB2011 vlan configuration

Fri Feb 26, 2016 1:40 pm

The following ingress VLAN translation rule has missing "customer-vid=0" parameter therefore it translates VLAN172 to VLAN192 on ether2 and ether3 as well.
[root@MikroTik_Switch] /interface ethernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic
 0   ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,
      ether13,ether14
     service-vlan-format=any customer-vlan-format=any new-customer-vid=192
     pcp-propagation=no sa-learning=yes 
 
torsteintveit
just joined
Topic Author
Posts: 8
Joined: Mon Feb 01, 2016 11:17 pm

Re: CRS and RB2011 vlan configuration

Fri Feb 26, 2016 1:55 pm

I think I already have tried that, if you read my reply from 13/2-2016?

Regards,
Torstein
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: CRS and RB2011 vlan configuration

Fri Feb 26, 2016 2:19 pm

Try flushing the Unicast Forwarding Database after modifying the Ingress VLAN Translation rule to make CRS relearn correct VLAN ids.
/interface ethernet switch unicast-fdb flush
 
kamillo
Member Candidate
Member Candidate
Posts: 155
Joined: Tue Jul 15, 2014 5:44 pm

Re: CRS and RB2011 vlan configuration

Fri Feb 26, 2016 2:37 pm

Hi,

I have CRS with working vlan config. My trunk ports look like that:

<interface ethernet switch egress-vlan-tag> print

# VLAN-ID TAGGED-PORTS
0 10 bond0
ether17
ether23
switch1-cpu
1 96 bond0
ether17
ether23
switch1-cpu
2 15 bond0
ether23
switch1-cpu
3 2 ether1
switch1-cpu
4 D 4095

So I'm using egress-vlan-tag instead translation

My access ports:

<hernet switch ingress-vlan-translation> print
Flags: X - disabled, I - invalid, D - dynamic
0 ports=ether9,ether16,ether21,ether18 service-vlan-format=any
customer-vlan-format=any new-customer-vid=10 pcp-propagation=no
sa-learning=yes

1 D ports=ether2,ether3,ether4,ether5,ether6,ether10,ether11,ether12,ether13,
ether14,ether15,ether19,ether20,ether22,sfp1
service-vlan-format=any customer-vlan-format=any new-customer-vid=4095
pcp-propagation=no sa-learning=no

and as was mentioned before:
Maybe add switch1-cpu to your individual vlans? See below:
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1,switch1-cpu vlan-id=20

-tp


Hopefully this will help you

Who is online

Users browsing this forum: No registered users and 24 guests