Hi,
I have an RB3011.
On this device we have vlan's
All VLAN's are on Ether10 (vlan9, vlan10, vlan12, vlan14, vlan15, vlan16, vlan17, vlan18, vlan19 and vlan900)
Now I want only a few vlans on Ether 4 (only vlan 9, vlan10 and vlan900.
How can I do this?
In Cisco you have a trunk with allowed vlan command
In mikrotik you must add a bridge but can only add one vlan to it.
Re: VLAN tagging (trunk allowed vlan)
Part of the switch setup.
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
You'll have to set up the VLAN table and then set the switch port vlan mode to something other than 'disabled'.
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
You'll have to set up the VLAN table and then set the switch port vlan mode to something other than 'disabled'.
Re: VLAN tagging (trunk allowed vlan)
Ok, so adding the port to bridges is not the way?
can you give me a small example?
can you give me a small example?
Re: VLAN tagging (trunk allowed vlan)
With the RB3011, what you have is basically two separate managed switches hooked up to a two port router.
You'll still need some bridge(s), but not every port individually, just the master-port, (or vlans off the master-port) of each switch group.
Without knowing your WAN/LAN setup I can't really give an exact example that would work best for your situation, without possibly screwing you up more!
You could remove all ports from the switch (Master-port=none) and bridge the ones needed, but this is not nearly the best way to go for efficiency and causes bottlenecks.
Generally I would set up WAN on Ether1, Ether2 as master port for all other ports in switch-group1 and Ether6 as the master-port for all ports in swtich2.
Create a bridge for Ether2 and Ether6. Hang VLANS needed for management/routing off the bridge.
Switch VLAN setup:
Ether2-10 add what VLANS should be allowed on what physical ports
switch1-cpu, switch2-cpu any VLANS that need to be bridged/routed or needed for router management.
Switch Port setup (do this after switch VLAN setup):
Ether1/WAN - leave as is, vlan mode disabled.
Ether2-10, vlan mode other than disabled (secure, fallback, check) vlan-header, tagged or untagged, etc)
You'll still need some bridge(s), but not every port individually, just the master-port, (or vlans off the master-port) of each switch group.
Without knowing your WAN/LAN setup I can't really give an exact example that would work best for your situation, without possibly screwing you up more!
You could remove all ports from the switch (Master-port=none) and bridge the ones needed, but this is not nearly the best way to go for efficiency and causes bottlenecks.
Generally I would set up WAN on Ether1, Ether2 as master port for all other ports in switch-group1 and Ether6 as the master-port for all ports in swtich2.
Create a bridge for Ether2 and Ether6. Hang VLANS needed for management/routing off the bridge.
Switch VLAN setup:
Ether2-10 add what VLANS should be allowed on what physical ports
switch1-cpu, switch2-cpu any VLANS that need to be bridged/routed or needed for router management.
Switch Port setup (do this after switch VLAN setup):
Ether1/WAN - leave as is, vlan mode disabled.
Ether2-10, vlan mode other than disabled (secure, fallback, check) vlan-header, tagged or untagged, etc)
Re: VLAN tagging (trunk allowed vlan)
Thanks for your explination.
The scenario is as follow:
I have a CCR1009 as core router.
Port 1 of this core router is connected to the ISP modem.
Port 5 is connected to the RB3011 (must be vlan 9 untagged)
The other ports of the RB3011 are as follow:
Ether1 as told untagged vlan 9
Ether2 untagged vlan 9
Ether3 untagged vlan 9
Ether4 Tagged vlan 9 and vlan 10
Ether5 Untagged vlan 900
Ether6 Untagged vlan 900
Ether7 Untagged vlan 17
Ether8 Tagged vlan 9,10,12,14,15,16,17,18.19.900
Ether9Tagged vlan 9,10,12,14,15,16,17,18.19.900
Ether9 Tagged vlan 9,10,12,14,15,16,17,18.19.900
The scenario is as follow:
I have a CCR1009 as core router.
Port 1 of this core router is connected to the ISP modem.
Port 5 is connected to the RB3011 (must be vlan 9 untagged)
The other ports of the RB3011 are as follow:
Ether1 as told untagged vlan 9
Ether2 untagged vlan 9
Ether3 untagged vlan 9
Ether4 Tagged vlan 9 and vlan 10
Ether5 Untagged vlan 900
Ether6 Untagged vlan 900
Ether7 Untagged vlan 17
Ether8 Tagged vlan 9,10,12,14,15,16,17,18.19.900
Ether9Tagged vlan 9,10,12,14,15,16,17,18.19.900
Ether9 Tagged vlan 9,10,12,14,15,16,17,18.19.900
Re: VLAN tagging (trunk allowed vlan)
I don't actually have a RB3011, but a RB2011 which is close.
You haven't mentioned how your connecting to the RB3011 for management (which VLAN? or console?) so this will be a little incomplete and you may lose access if not careful.
Any management IP should be set on a vlan interface added under the sw-bridge.
Hopefully this will give you a good start, but I'm sure I have a few typos.
##Add ports into their respective switch groups using master-port, only Ether1 and Ether6 will remain as none
You haven't mentioned how your connecting to the RB3011 for management (which VLAN? or console?) so this will be a little incomplete and you may lose access if not careful.
Any management IP should be set on a vlan interface added under the sw-bridge.
Hopefully this will give you a good start, but I'm sure I have a few typos.
##Add ports into their respective switch groups using master-port, only Ether1 and Ether6 will remain as none
Code: Select all
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1 ##duplicate def-name up to ether5
set [ find default-name=ether7 ] master-port=ether6 ##duplicate def-name up to ether10
Code: Select all
/interface bridge
add name=sw-bridge protocol-mode=none
Code: Select all
/interface bridge port
add bridge=sw-bridge interface=Ether1
add bridge=sw-bridge interface=Ether6
Code: Select all
/interface ethernet switch port
set [ find default-name=ether1 ] default-vlan-id=9 vlan-header=always-strip vlan-mode=secure
set [ find default-name=ether2 ] default-vlan-id=9 vlan-header=always-strip vlan-mode=secure
set [ find default-name=ether3 ] default-vlan-id=9 vlan-header=always-strip vlan-mode=secure
set [ find default-name=ether4 ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
set [ find default-name=ether5 ] default-vlan-id=900 vlan-header=always-strip vlan-mode=secure
set [ find default-name=switch1-cpu ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
set [ find default-name=ether6 ] default-vlan-id=900 vlan-header=always-strip vlan-mode=secure
set [ find default-name=ether7 ] default-vlan-id=17 vlan-header=always-strip vlan-mode=secure
set [ find default-name=ether8 ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
set [ find default-name=ether9 ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
set [ find default-name=ether10 ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
set [ find default-name=switch2-cpu ] default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
Code: Select all
/interface ethernet switch vlan
add independent-learning=no ports=ether1,ether2,ether3,ether4,switch1-cpu switch=switch1 vlan-id=9
add independent-learning=no ports=ether8,ether9,ether10,switch2-cpu switch=switch2 vlan-id=9
add independent-learning=no ports=ether5 switch=switch1 vlan-id=900
add independent-learning=no ports=ether6,ether8,ether9,ether10 switch=switch2 vlan-id=900
add independent-learning=no ports=ether7,ether8,ether9,ether10 switch=switch2 vlan-id=17
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=12
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=13
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=14
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=15
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=16
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=18
add independent-learning=no ports=ether8,ether9,ether10 switch=switch2 vlan-id=19
Re: VLAN tagging (trunk allowed vlan)
Sorry,
My Management network is VLAN 9
My Management network is VLAN 9
Re: VLAN tagging (trunk allowed vlan)
Hi,
It looks like it is working I only get a lot of timeouts if I ping from the Core router to the RB3011 management IP address.
I also saw RSTP is set to none. If I set it to RSTP than the link is down. (so RSTP problem.).
Can we also solve this? I think this is a big inpact on performance now.
It looks like it is working I only get a lot of timeouts if I ping from the Core router to the RB3011 management IP address.
I also saw RSTP is set to none. If I set it to RSTP than the link is down. (so RSTP problem.).
Can we also solve this? I think this is a big inpact on performance now.
Re: VLAN tagging (trunk allowed vlan)
MikroTik has recently changed how they do RSTP to be more standards compliant and doesn't seem to work correctly yet on the small switch chips. I would leave it disabled.
That shouldn't hurt performance unless something else is wrong or you have a loop. Make sure the VLAN 9 interface for the management address is hangng off the bridge and not a slave interface to the bridge.
That shouldn't hurt performance unless something else is wrong or you have a loop. Make sure the VLAN 9 interface for the management address is hangng off the bridge and not a slave interface to the bridge.
Re: VLAN tagging (trunk allowed vlan)
Thanks for your answere.
But How can I do this. I need to manage the devices. And I need to mangage it over the network.
But How can I do this. I need to manage the devices. And I need to mangage it over the network.
Re: VLAN tagging (trunk allowed vlan)
And If I also have a RB951G-2HnD, And want to use Cap connectons to CAPsMAN. How do I this?
Who is online
Users browsing this forum: bertus and 41 guests