Community discussions

 
noaccessjon
just joined
Topic Author
Posts: 2
Joined: Tue Jun 11, 2019 2:30 pm

RB 3011: Very simple VLAN scenario not working.

Mon Jun 24, 2019 1:43 pm

Hi all. I'm trying to get a simple proof-of-concept scenario working on my RB3011 with just one VLAN, one access port and a DHCP server. It sounds super simple, but is just simply not working: the host attached to the access port cannot ping the VLAN interface nor get an IP address from the DHCP server. I've looked at lots of examples, and read and re-read the thread about common mis-configurations. No luck. After about 2 weeks of trying this, I'm almost ready to send the router back. My basic approach is to leave the switch configuration alone, and do the VLAN processing via the bridge. I've tried adding a new bridge and applying the VLAN settings to that, and also just adding the VLAN configuration to the existing bridge. The results for both approaches are exactly the same: no communication between the network host and the Mikrotek.

I'm administering the RB3011 on its 192.168.88.1 address via ether2; making changes using SSH, but using the webfig interface to view things for convenience. The RB3011 is a RouterBoard 3011UiAS on RouterOS 6.44.3. In my scenario, I want to add a VLAN with ID 10, which has a DHCP server on it serving addresses in the network range 192.168.10.0/24. The DHCP server listens (in theory) on my new VLAN interface 192.168.10.1 (called "vif", short for "VLAN interface"). Hosts should be able to get an IP address in this VLAN if they connect to the access port ether8. For my testing, I'm manually configuring the host (Linux) with the IP address 192.168.10.5, since it's not getting an address from DHCP. I'm trying to ping the 192.168.10.1 interface to verify connectivity. Simple, but not working. The way I'm working is writing my configuration in a text editor and applying the commands by pasting them into an SSH session after a full system reset (/system reset-configuration) each time to ensure a consistent base state.
# Add a new VLAN interface called "vif" to the bridge. VLAN 10
/interface vlan
add interface=bridge name=vif vlan-id=10

# Put access port "ether8" into VLAN 10
/interface bridge port
set [ find interface=ether8 bridge=bridge] pvid=10

# Set bridge ether8 as untagged ingress/egress (access port mode)
/interface bridge vlan
add bridge=bridge untagged=ether8 vlan-ids=10

# Set up the IP configuration
/ip address add address=192.168.10.1/24 interface=vif comment="Internal Network" network=192.168.10.0
/ip pool add name=internal-dhcp ranges=192.168.10.2-192.168.10.254
/ip dhcp-server network add address=192.168.10.0/24 dns-server=192.168.10.1 domain=mydomain.local gateway=192.168.10.1 netmask=24
/ip dhcp-server
# Disable the default 192.168.88.0/24 DHCP server - I don't use this anyway
disable [ find name=defconf ]
# Create a new DHCP server on the new vif (VLAN 10) interface.
add address-pool=internal-dhcp disabled=no interface=vif name="Internal DHCP"

# This next line doesn't seem to do anything practical but is suggested here:
# https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_interface_on_a_slave_interface
# Whether I add this or not, interface "vif" and the bridge both show up as "non slave"
/interface vlan set vif interface=bridge

# Enable VLAN filtering.
/interface bridge
set [ find name=bridge ] vlan-filtering=yes
Either I am misunderstanding some fundamental aspect of the RouterOS/RB3011 architecture, or my 3011 is broken. I'd be very grateful for any suggestions. On one hand I'm hoping I'm missing something really obvious; on the other, that would mean that either the documentation or my brain (or both!) are below par.

Kind regards,
Jon
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1435
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: RB 3011: Very simple VLAN scenario not working.  [SOLVED]

Wed Jun 26, 2019 2:24 am

For access to the device itself, i.e. Management ip and or access to services on device, i.e. DHCP, etc, you will have to provide access to the CPU using the "bridge port", so the command will be:
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10
MTCNA, MTCTCE, MTCRE & MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: RB 3011: Very simple VLAN scenario not working.

Wed Jun 26, 2019 4:24 pm

have you read the following references............
viewtopic.php?f=13&t=143620 (best reference)
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
noaccessjon
just joined
Topic Author
Posts: 2
Joined: Tue Jun 11, 2019 2:30 pm

Re: RB 3011: Very simple VLAN scenario not working.

Wed Jun 26, 2019 9:23 pm

For access to the device itself, i.e. Management ip and or access to services on device, i.e. DHCP, etc, you will have to provide access to the CPU using the "bridge port", so the command will be:
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10
Thank you very much for this - it's exactly right. I had actually figured it out before I saw your reply, because the forum moderators took about 24 hours to approve the post. But yes - the issue was that I had not included the bridge itself as a tagged interface. It's not the most obvious thing, but it definitely works.

Thanks again!
Jon

Who is online

Users browsing this forum: No registered users and 27 guests