Community discussions

MikroTik App
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Managment Vlan, Port Vlan problem.

Sat Mar 23, 2019 6:44 pm

Hi,
I need help, I'm trying to configure the switch settings.

I have RB4011 Switch, I have WLAN device on port10 what needs vlan50 when I tag vlan50 port10.
I can no longer ping switch on management vlan50 what I do wrong?

** Firewall is disabled.

Port1 - Trunk
* Vlan1 - Untaged
* vlan10 - Tagged
* vlan13 - Tagged
* Vlan50 - Tagged
* vlan101 - Tagged

Port2-7
* Vlan1 - Untaged

Port 8-9 Bonding
* Vlan1 - Untaged


Port10
* Vlan1 - Untaged
* vlan10 - Tagged
* Vlan50 - Tagged
* vlan101 - Tagged


https://www.dropbox.com/s/3grx8f3i369la ... 4.png?dl=0
https://www.dropbox.com/s/ha8yotaprah2q ... 4.png?dl=0
]https://www.dropbox.com/s/02zhcld8dosxx ... 0.png?dl=0
https://www.dropbox.com/s/c0m5h5cbwp8fl ... 6.png?dl=0


Switch Configure file:

# model = RB4011iGS+
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=ether1 name=vlan10-Wlan_Log-init vlan-id=10
add interface=ether1 name=vlan50-Management vlan-id=50
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=vlan10-Wlan_Log-init pvid=10
add bridge=bridge1 interface=vlan50-Management pvid=50
/interface bridge vlan
add bridge=bridge1 tagged=ether10 vlan-ids=50
/ip address
add address=192.168.50.10/24 interface=vlan50-Management network=192.168.50.0
/system identity
set name=MikroTik-RB4011iGS+RM

Last edited by logman on Fri Mar 29, 2019 6:35 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Managment Vlan, Port Vlan problem.

Sun Mar 24, 2019 4:18 am

Have a careful read of this excellent reference and adjust you config accordingly.
Recommend do not use vlan1 for vlan traffic.

viewtopic.php?f=13&t=143620

After your next config session based on the above repost it for review
/export hide-sensitive file=yourconfig
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Re: Managment Vlan, Port Vlan problem.

Sun Mar 24, 2019 2:17 pm

I got it to work, not sure if it's Correct Way to do :)

Can someone check config, please?
# mar/29/2019 18:31:52 by RouterOS 6.44.1
#
# model = RB4011iGS+
# serial number = Need More Beer
/interface bridge
add name=bridge1_vlans vlan-filtering=yes
add name=bridge2_vlan50 pvid=50 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether9 ] mac-address=B8:69:F4:F2:25:3E
/interface vlan
add interface=bridge1_vlans name=vlan10-Wlan_Log-init vlan-id=10
add interface=bridge1_vlans name=vlan13-WAN vlan-id=13
add interface=bridge1_vlans name=vlan50-Management vlan-id=50
add interface=bridge1_vlans name=vlan101-Wlan_US vlan-id=101
/interface bonding
add mode=802.3ad name=bonding1_Synology1 slaves=ether8,ether9
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge1_vlans interface=sfp-sfpplus1
add bridge=bridge1_vlans interface=ether1
add bridge=bridge1_vlans interface=ether2
add bridge=bridge1_vlans interface=ether3
add bridge=bridge1_vlans interface=ether4
add bridge=bridge1_vlans interface=ether5
add bridge=bridge1_vlans interface=ether6
add bridge=bridge1_vlans interface=ether7
add bridge=bridge1_vlans interface=ether10
add bridge=bridge1_vlans interface=bonding1_Synology1
add bridge=bridge2_vlan50 interface=vlan50-Management pvid=50
/interface bridge vlan
add bridge=bridge1_vlans tagged=\
    ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=50
add bridge=bridge1_vlans tagged=sfp-sfpplus1 vlan-ids=13
add bridge=bridge1_vlans tagged=sfp-sfpplus1,ether10 vlan-ids=10,101
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip address
add address=192.168.50.10/24 interface=vlan50-Management network=192.168.50.0
/ip dns
set servers=192.168.50.1
/ip route
add distance=1 gateway=192.168.50.1
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=MikroTik-RB4011iGS+RM8
/system ntp client
set enabled=yes primary-ntp=192.168.0.9 secondary-ntp=192.168.0.16


Last edited by logman on Sat Mar 30, 2019 11:47 am, edited 1 time in total.
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 11:46 am

How does configure look now?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 3:13 pm

Sorry I am not familiar with the switch chip vlan method only the vlan filtering single bridge method.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 4:09 pm

@anav: setup by @logman has all VLAN config done in the new way. I guess him adding default-vlan-id=0 on all ether ports is just to distract you :wink:

@logman: there's no need to introduce bridge2_vlan50 ... in order to start using interface vlan50-Management, you should add bridge1_vlans as tagged member to ports members of vlan-ids=50:
/interface bridge vlan
add bridge=bridge1_vlans tagged=\
bridge1_vlans,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=50
After that you can remove bridge2_vlan50. As a safety precaution you should enable safe mode before beginning to make the changes. After all, safe mode is @anav's BFF, why shouldn't it be everybody's? :wink:

As you're not using any of /interface vlan interfaces (except the vlan50-Management) for IP in the RB4011, you can remove them. Vlan interfaces are needed if L3 interaction is necessary. If device only prrforms L2 operations (switching), these interfaces are not needed, all config is in /interface bridge (both port and vlan).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 5:02 pm

Hahah, touche mon amie! ;-p

Yes the odd settings looked like one of those stupid chip setup nomenclatures that just want to make me puke.
Then I saw two bridges, which made me more ill!
Then interface bonding, and I thought, I will get myself into trouble with mkx AND sob if I muck about.

However the show stopper for me was these two lines (as if a few default id=0 would phaze the mighty anav) !!!!
add interface=bridge1_vlans name=vlan50-Management vlan-id=50
add name=bridge2_vlan50 pvid=50 vlan-filtering=yes


Since he stated his setup/config worked and these two lines look like there is no way in hell its going to work bells ringing in my head.
The mental conflict I was having left me no doubt in my decision to abstain LOL.
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 8:03 pm

I Only Need L2, I did remove #2 Bridge.

Does config look correct now?
# model = RB4011iGS+

/interface bridge
add name=bridge1_vlans vlan-filtering=yes
/interface ethernet
set [ find default-name=ether9 ] mac-address=B8:69:F4:F2:25:3E
/interface vlan
add interface=bridge1_vlans name=vlan10-Wlan_Log-init vlan-id=10
add interface=bridge1_vlans name=vlan13-WAN vlan-id=13
add interface=bridge1_vlans name=vlan50-Management vlan-id=50
add interface=bridge1_vlans name=vlan101-Wlan_US vlan-id=101
/interface bonding
add mode=802.3ad name=bonding1_Synology1 slaves=ether8,ether9
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge1_vlans interface=sfp-sfpplus1
add bridge=bridge1_vlans interface=ether1
add bridge=bridge1_vlans interface=ether2
add bridge=bridge1_vlans interface=ether3
add bridge=bridge1_vlans interface=ether4
add bridge=bridge1_vlans interface=ether5
add bridge=bridge1_vlans interface=ether6
add bridge=bridge1_vlans interface=ether7
add bridge=bridge1_vlans interface=ether10
add bridge=bridge1_vlans interface=bonding1_Synology1
add bridge=bridge1_vlans interface=vlan50-Management pvid=50
/interface bridge vlan
add bridge=bridge1_vlans tagged=sfp-sfpplus1 vlan-ids=13
add bridge=bridge1_vlans tagged=sfp-sfpplus1,ether10 vlan-ids=10,101
add bridge=bridge1_vlans tagged=bridge1_vlans,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=50
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip address
add address=192.168.50.10/24 interface=vlan50-Management network=192.168.50.0
/ip dns
set servers=192.168.50.1
/ip route
add distance=1 gateway=192.168.50.1
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=MikroTik-RB4011iGS+RM8
/system ntp client
set enabled=yes primary-ntp=192.168.0.9 secondary-ntp=192.168.0.16


 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 8:38 pm

Two things I dont understand.
a. why you do not have the bridge as well tagged for the first two /interface bridge vlan rules?
b. how any of the vlans get addresses, dhcp service, etc......... you only are showing the single management vlan but I suspect that this was only to focus on Vlan50 and thus not all shown?
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 9:25 pm

A) Not sure why I didn't... Well, lesson learned :P
B) I have a Firewall/DHCP server it gives VLAN IP, I have one management VLAN.

Firewall > Switch > Switch > Switch (RB4011iGS)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 10:05 pm

A) as I already explained, bridge doesn't have to be member (either tagged or untagged) of a vlan if it doesn't interact with it on L3 (IP) level. And it's not in this case ... other than with vlan 50.

Other than excess vlan interfaces ... there's also an error in /interface bridge port ... vlan vlan50-Management interface does not belong there ... the config it needs is correctly done in /interface vlan.

Once I explained vlan interfaces like this: it has two ends: tagged end, which is anchored in sea of VLANs (bridge or physical interfaces) in /interface vlan ... the other end is untagged, tied to shore without VLANs used for L3 interfaces ... it is wrong to tie this end to a buoy floating in the sea of VLANs (by adding it to bridge ports).
 
logman
just joined
Topic Author
Posts: 8
Joined: Thu Mar 21, 2019 6:41 pm

Re: Managment Vlan, Port Vlan problem.

Sat Mar 30, 2019 11:38 pm

I did Remove "vlan50-Management" from bridge/port-interfaces.
# model = RB4011iGS+

/interface bridge
add name=bridge1_vlans vlan-filtering=yes
/interface ethernet
set [ find default-name=ether9 ] mac-address=B8:69:F4:F2:25:3E
/interface vlan
add interface=bridge1_vlans name=vlan10-Wlan_Log-init vlan-id=10
add interface=bridge1_vlans name=vlan13-WAN vlan-id=13
add interface=bridge1_vlans name=vlan50-Management vlan-id=50
add interface=bridge1_vlans name=vlan101-Wlan_US vlan-id=101
/interface bonding
add mode=802.3ad name=bonding1_Synology1 slaves=ether8,ether9
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge1_vlans interface=sfp-sfpplus1
add bridge=bridge1_vlans interface=ether1
add bridge=bridge1_vlans interface=ether2
add bridge=bridge1_vlans interface=ether3
add bridge=bridge1_vlans interface=ether4
add bridge=bridge1_vlans interface=ether5
add bridge=bridge1_vlans interface=ether6
add bridge=bridge1_vlans interface=ether7
add bridge=bridge1_vlans interface=ether10
add bridge=bridge1_vlans interface=bonding1_Synology1
/interface bridge vlan
add bridge=bridge1_vlans tagged=sfp-sfpplus1 vlan-ids=13
add bridge=bridge1_vlans tagged=sfp-sfpplus1,ether10 vlan-ids=10,101
add bridge=bridge1_vlans tagged=bridge1_vlans,sfp-sfpplus1,ether10 vlan-ids=50
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip address
add address=192.168.50.10/24 interface=vlan50-Management network=192.168.50.0
/ip dns
set servers=192.168.50.1
/ip route
add distance=1 gateway=192.168.50.1
/snmp
set contact=Logman enabled=yes location=Koti trap-generators=interfaces trap-interfaces=vlan50-Management
/system clock
set time-zone-name=Europe/Helsinki
/system identity
set name=MikroTik-RB4011iGS+RM8
/system ntp client
set enabled=yes primary-ntp=192.168.0.9 secondary-ntp=192.168.0.16 server-dns-names=192.168.50.1


Bridge will not Forward unknow VLANs if not VLAN not added in a switch?
Just thinking if the trunk has more VLANs and I use those what listed on a switch

Who is online

Users browsing this forum: 0xAA55 and 43 guests