MikroTik

Community discussions
https://forum.mikrotik.com/

Trunk between RB1100 and CRS326 doesn`t work

https://forum.mikrotik.com/viewtopic.php?t=148463

Page 1 of 1

Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 1:36 pm
by Despierto
Hello!
I have RB1100 configured as router (R1) with IP 192.168.70.1 in VLAN70.
CRS326 connected with a trunk port and should get vlan70 & vlan80. But it isn`t. The second trunk from R1 to SW2 (RB951) workes fine, nevertheless it contains other vlans.
I can`t understand why. Can you help me?
Sсheme:
R1-SW1.png

R1 configuration:
Code: Select all
# RouterOS 6.44.1
# model = RB1100x4

/interface bridge
add comment=OFFICE fast-forward=no name=bridge-vlan10-office protocol-mode=none
add arp=reply-only comment=GUESTS fast-forward=no name=bridge-vlan30-guests protocol-mode=\
    none
add comment=SYSADMINS fast-forward=no name=bridge-vlan50-sysadmins protocol-mode=none
add comment=SERVERS fast-forward=no name=bridge-vlan70-servers protocol-mode=none
add comment=MANAGEMENT fast-forward=no name=bridge-vlan80-management protocol-mode=none
add comment=VLAN99 fast-forward=no name=bridge-vlan99

/interface vlan
add interface=ether2-trunk-to-SW2-sysadmins name=vlan10--SI--trunk-to-SW2-sysadmins \
    vlan-id=10
add interface=ether2-trunk-to-SW2-sysadmins name=vlan30--SI--trunk-to-SW2-sysadmins \
    vlan-id=30
add interface=ether2-trunk-to-SW2-sysadmins name=vlan50--SI--trunk-to-SW2-sysadmins \
    vlan-id=50
add interface=ether1-trunk-to-SW1-servers name=vlan70--SI--trunk-to-SW1-servers vlan-id=70
add interface=ether1-trunk-to-SW1-servers name=vlan80--SI--trunk-to-SW1-servers vlan-id=80
add interface=ether2-trunk-to-SW2-sysadmins name=vlan99-SI-trunk-to-SW2-sysadmins vlan-id=\
    99

/interface bridge port
add bridge=bridge-vlan99 interface=ether4-net99-uplink
add bridge=bridge-vlan99 interface=ether5-net99-note
add bridge=bridge-vlan10-office comment="VLAN 10 OFFICE subinterface" interface=\
    vlan10--SI--trunk-to-SW2-sysadmins
add bridge=bridge-vlan30-guests comment="VLAN 30 GUESTS subinterface" interface=\
    vlan30--SI--trunk-to-SW2-sysadmins
add bridge=bridge-vlan50-sysadmins comment="VLAN 50 SYSADMINS subinterface" interface=\
    vlan50--SI--trunk-to-SW2-sysadmins
add bridge=bridge-vlan80-management comment="VLAN 80 MANAGEMENT si" interface=\
    vlan80--SI--trunk-to-SW1-servers
add bridge=bridge-vlan70-servers comment="VLAN 70 SERVERS si" interface=\
    vlan70--SI--trunk-to-SW1-servers
add bridge=bridge-vlan99 interface=vlan99-SI-trunk-to-SW2-sysadmins
add bridge=bridge-vlan10-office interface=ether6-office
add bridge=bridge-vlan70-servers interface=ether7-test-servers
add bridge=bridge-vlan80-management interface=ether8-test-servers

/ip address
add address=192.168.10.1/24 interface=bridge-vlan10-office network=192.168.10.0
add address=192.168.30.1/24 interface=bridge-vlan30-guests network=192.168.30.0
add address=192.168.50.1/24 interface=bridge-vlan50-sysadmins network=192.168.50.0
add address=192.168.70.1/24 interface=bridge-vlan70-servers network=192.168.70.0
add address=192.168.80.1/24 interface=bridge-vlan80-management network=192.168.80.0

/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether11-wan-to-R1-gateway

SW1 Configuration:
Code: Select all
# RouterOS 6.44.2
# model = CRS326-24G-2S+

/interface bridge
add name=BR_MAIN protocol-mode=none vlan-filtering=yes

/interface vlan
add disabled=yes interface=BR_MAIN name=VLAN10_OFFICE vlan-id=10
add disabled=yes interface=BR_MAIN name=VLAN30_GUESTS vlan-id=30
add disabled=yes interface=BR_MAIN name=VLAN50_SYSADMIN vlan-id=50
add interface=BR_MAIN name=VLAN70_SERVERS vlan-id=70
add interface=BR_MAIN name=VLAN80_MANAGEMENT vlan-id=80

/interface bridge port
add bridge=BR_MAIN interface=ether3-servers pvid=70
add bridge=BR_MAIN interface=ether4-servers pvid=70
add bridge=BR_MAIN interface=ether5-servers pvid=70
add bridge=BR_MAIN interface=ether6-servers pvid=70
add bridge=BR_MAIN interface=ether7-servers pvid=70
add bridge=BR_MAIN interface=ether8-servers pvid=70
add bridge=BR_MAIN interface=ether9-servers pvid=70
add bridge=BR_MAIN interface=ether10-servers pvid=70
add bridge=BR_MAIN interface=ether11-management pvid=80
add bridge=BR_MAIN interface=ether12-management pvid=80
add bridge=BR_MAIN interface=ether13-management pvid=80
add bridge=BR_MAIN interface=ether14-management pvid=80
add bridge=BR_MAIN interface=ether15-office pvid=10
add bridge=BR_MAIN interface=ether16-guests pvid=30

/interface bridge vlan
add bridge=BR_MAIN disabled=yes tagged=ether1-trunk-uplink-to-R1,BR_MAIN vlan-ids=10
add bridge=BR_MAIN disabled=yes tagged=ether1-trunk-uplink-to-R1,BR_MAIN vlan-ids=30
add bridge=BR_MAIN tagged=ether1-trunk-uplink-to-R1,BR_MAIN vlan-ids=70
add bridge=BR_MAIN tagged=BR_MAIN,ether1-trunk-uplink-to-R1 vlan-ids=80

/ip address
add address=192.168.70.2/24 interface=VLAN70_SERVERS network=192.168.70.0

Re: Trunk between RB1100 and CRS326 doesn`t work  [SOLVED]

Posted: Mon May 13, 2019 3:53 pm
by mkx
On your CRS your setup is incomplete. You should add port ether1-trunk-uplink-to-R1 to bridge BR_MAIN as well ... but as trunk port.
Code: Select all
/interface bridge port
add bridge=BR_MAIN interface=ether1-trunk-uplink-to-R1 frame-types=admit-only-vlan-tagged ingress-filtering=yes

I suggest you to use ingress-filtering=yes on all ports (both access and trunk) and frame-types=admit-only-untagged-and-priority-tagged for access ports (together with frame-types=admit-only-vlan-tagged for trunk ports).



BTW, I'm sure that configuration readability would benefit if you converted the R1 config to single-bridge vlan-filtering style ... that might also improve performance, but not by much I guess.

Re: Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 4:24 pm
by Despierto
On your CRS your setup is incomplete. You should add port ether1-trunk-uplink-to-R1 to bridge BR_MAIN as well ... but as trunk port.
Code: Select all
/interface bridge port
add bridge=BR_MAIN interface=ether1-trunk-uplink-to-R1 frame-types=admit-only-vlan-tagged ingress-filtering=yes
Thank you so much, that`s what I need!

I suggest you to use ingress-filtering=yes on all ports (both access and trunk) and frame-types=admit-only-untagged-and-priority-tagged for access ports (together with frame-types=admit-only-vlan-tagged for trunk ports).
I`ll study this question.

BTW, I'm sure that configuration readability would benefit if you converted the R1 config to single-bridge vlan-filtering style ... that might also improve performance, but not by much I guess.
Are you suggest to use the same style as I use on CRS326?

Re: Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 4:38 pm
by mkx
Are you suggest to use the same style as I use on CRS326?

Yes.

There's a big difference between CRS3xx and RB1100 is that CRS is a decent switch that can do VLAN stuff in hardware while the RB1100 can not. As your current setup does it in software already, the performance won't change for the worse.

Re: Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 5:00 pm
by nmt1900
There seems to be one more thing to it...

As I see here, CRS326 has one bridge with enabled VLAN filtering, while router RB1100 has bridges without VLAN filtering enabled. When I was testing CRS326 setups when VLAN-aware bridges first came out on RouterOS (with 6.41 probably), then I saw that switch with VLAN filtering on bridge would work properly only if corresponding bridge(s) on router also have VLAN filtering enabled.

However switches can have VLAN filtering disabled on bridge(s) and would still work properly with router that has VLAN filtering enabled on its' bridge(s) - so network can have both of these if router has VLAN filtering enable on LAN bridge(s)...

Re: Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 5:13 pm
by mkx
Things are slightly different:

when using new style of vlan-filtering on bridge, on vast majority of devices everything is done in software. The only requirement is that appropriate ether ports are made members of bridge. CRS3xx is exception here as it can HW-offload bridge vlan-filtering setup to underlying hardware.

Before ROS 6.41, bridge was not VLAN aware and one had to work with other means: VLAN filtering directly on switch chips (if devices had switch chips capable of VLANs) and using bridge as "dumb switch", or the way OP's RB1100 is done: by creating VLAN interfaces directly on physical ports and then using bridges (as dumb switches) to join those VLAN interfaces together - one bridge per VLAN.
You can still do such setup ... but vlan-filtering must be set to off in this case.

There was a thread in this forum where differences between old and new way was discussed. I posted configs for the same scenario both old and new way. Both are done using single bridge as my old device (RB951G) features a decent switch chip.

Re: Trunk between RB1100 and CRS326 doesn`t work

Posted: Mon May 13, 2019 7:56 pm
by nmt1900
If we are talking about old RB1100 (the first generation), which has Atheros switch chips in it, then hardware offloading is possible with many configurations. However if device is latest RB1100AHx4, then hardware offload is possible only when STP is completely disabled. Same problem is with RB4011 series which also has RTL8367 chips...
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/