Community discussions

 
slyz
just joined
Topic Author
Posts: 5
Joined: Tue Sep 06, 2016 5:51 pm

Configure simple bridge+vlan, No ping; missing something basic?

Fri Aug 30, 2019 5:06 pm

I followed simple bridge vlan configuration as wiki and numerous internet resources explain it.
# jan/04/1970 02:01:10 by RouterOS 6.45.3
# software id = 2F3F-S04B
#
# model = RBcAPGi-5acD2nD
# serial number = xxxxxxxx
/interface bridge
add admin-mac=74:4D:28:C5:46:A2 auto-mac=no frame-types=\
    admit-only-vlan-tagged ingress-filtering=yes name=bridge pvid=88 \
    vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n ssid=MikroTik
set [ find default-name=wlan2 ] band=5ghz-n/ac ssid=MikroTik
add keepalive-frames=disabled mac-address=76:4D:28:C5:46:A5 master-interface=\
    wlan1 multicast-buffering=disabled name=work2g ssid=leoj8ohN-F9FD41 \
    vlan-id=20 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled
/interface vlan
add interface=bridge name=vlan88 vlan-id=88
/interface wireless
add keepalive-frames=disabled mac-address=76:4D:28:C5:46:A4 master-interface=\
    wlan1 multicast-buffering=disabled name=web2g ssid=ireW1hee-F9FD41 \
    vlan-id=70 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether2 pvid=88
/interface bridge vlan
add bridge=bridge tagged=ether1,bridge untagged=ether2 vlan-ids=88
add bridge=bridge tagged=ether1,bridge vlan-ids=20
add bridge=bridge tagged=ether1,bridge vlan-ids=70
/interface wireless cap
set bridge=bridge
/ip address
add address=192.168.88.24 interface=vlan88 network=192.168.88.0
/ip ssh
set forwarding-enabled=remote
/system ntp client
set enabled=yes primary-ntp=192.168.88.1
/tool mac-server
set allowed-interface-list=none
The problem is: A computer, configured with 192.168.88.xx/24 address, connected to ether2 (untagged vlan88) port cannot ping the device 192.168.88.24. And the router cannot ping the computer either.
Gateway cannot ping the device via ether1(trunk). And the device cannot ping gateway router via ether1 (trunk). But I found it can ping gateway, if I explicitly choose vlan88 as interface. What am I doing wrong here?
[admin@MikroTik] > ping 192.168.88.1
  SEQ HOST                                     SIZE TTL TIME  STATUS             
    0                                                         no route to host   
    1                                                         no route to host   
    2                                                         no route to host   
    sent=3 received=0 packet-loss=100% 

[admin@MikroTik] > ping interface=vlan88 192.168.88.1
  SEQ HOST                                     SIZE TTL TIME  STATUS             
    0 192.168.88.1                               56  64 0ms  
    1 192.168.88.1                               56  64 0ms  
    sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms 
 
mkx
Forum Guru
Forum Guru
Posts: 2829
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configure simple bridge+vlan, No ping; missing something basic?

Fri Aug 30, 2019 10:07 pm

As you created vlan88 interface on bridge and set bridge "interface" as tagged member port of VLAN 88, setting pvid on bridge to the same value is wrong ... (re)set pvid on bridge interface to pvid=1 ...

Btw, if VLANs 20 and 70 are going to be used on wlan only, then bridge "interface" doesn't have to be member port on those two VLANs. As you configured vlan-mode=use-vlan on wlan interfaces, you have to add wlan interfaces as tagged member ports to corresponding VLANs.
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 2942
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Configure simple bridge+vlan, No ping; missing something basic?

Sat Aug 31, 2019 9:41 pm

Your sources suck..............
Try this one
viewtopic.php?f=13&t=143620
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
slyz
just joined
Topic Author
Posts: 5
Joined: Tue Sep 06, 2016 5:51 pm

Re: Configure simple bridge+vlan, No ping; missing something basic?  [SOLVED]

Tue Sep 03, 2019 2:25 pm

As you created vlan88 interface on bridge and set bridge "interface" as tagged member port of VLAN 88, setting pvid on bridge to the same value is wrong ... (re)set pvid on bridge interface to pvid=1 ...

Btw, if VLANs 20 and 70 are going to be used on wlan only, then bridge "interface" doesn't have to be member port on those two VLANs. As you configured vlan-mode=use-vlan on wlan interfaces, you have to add wlan interfaces as tagged member ports to corresponding VLANs.
Unfortunately bridge pvid changed nothing. I believe this setting is ignored, later I tried to change it after I got it working - no impact.

Good point about other VLANs not required to have bridge as member.

I did a reset-configuration and now it works, probably something with bridge used for CAP.
Now the bridge status says root-bridge, before it did not.

Anyway thanks. Superb resource @anav. Sucks that official wiki is less quality than that.

Who is online

Users browsing this forum: No registered users and 14 guests