Community discussions

 
xryuu
just joined
Topic Author
Posts: 3
Joined: Fri Oct 25, 2019 11:39 am

Help using RB750G as a switch with VLANs

Fri Nov 08, 2019 2:34 pm

Hello all!

I've got a Zyxel VMG1312-B10D (provided by ISP) and a MikroTik RB750G.
I want to use the RB750G as a switch and configure VLANs.
On the Zyxel modem/router I've added a static route pointing to 10.0.10.0 network and this is my configuration for RB750G.
Zyxel IP: 192.168.1.254
MikroTiK IP(desired): 192.168.1.110
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

/interface bridge port
add bridge=BR1 interface=ether1 pvid=10
add bridge=BR1 interface=ether2 pvid=10
add bridge=BR1 interface=ether3 pvid=10
add bridge=BR1 interface=ether4 pvid=10
add bridge=BR1 interface=ether5 pvid=10

/interface bridge vlan
add bridge=BR1 untagged=ether1,ether2,ether3,ether4,ether5, vlan-ids=10
set bridge=BR1 tagged=BR1 [find vlan-ids=10]

/ip address add interface=ether1 address=192.168.1.110/24 network=192.168.1.0
/ip dns set allow-remote-requests=yes servers="192.168.1.254"
/ip route add distance=1 gateway=192.168.1.254

/interface vlan add interface=BR1 name=VLAN10 vlan-id=10
/ip address add interface=VLAN10 address=10.0.10.1/24
/ip pool add name=VLAN10_POOL ranges=10.0.10.2-10.0.10.254
/ip dhcp-server add address-pool=VLAN10_POOL interface=VLAN10 name=VLAN10_DHCP disabled=no
/ip dhcp-server network add address=10.0.10.0/24 dns-server=192.168.1.254 gateway=10.0.10.1


/interface list add name=VLAN10
/interface list member
add interface=ether1 list=VLAN10
add interface=ether2 list=VLAN10
add interface=ether3 list=VLAN10
add interface=ether4 list=VLAN10
add interface=ether5 list=VLAN10

/interface bridge set BR1 vlan-filtering=yes

I want each client connected to RB750G to be able to ping clients connected to Zyxel Modem/Router and vice versa.
What should I change? What firewall rules should I add? Also I want to add more VLANs(on RB750G) later, on all 5 interfaces and do VLAN tagging from my ProxMox node.

Thank you!
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Help using RB750G as a switch with VLANs

Fri Nov 08, 2019 2:51 pm

Remove ether1 from BR1. The way it is configured now it tags packets from Zyxel with VLAN ID 10 ... and messes things big time.

Or, if you want to keep ether1 in bridge (I don't see any good reason for that), remove pvid setting from it so that it allows untagged packets remain untagged inside the bridge. And then you have to move "Zyxel LAN" settings from ether1 to BR1 "interface".
BR,
Metod
 
xryuu
just joined
Topic Author
Posts: 3
Joined: Fri Oct 25, 2019 11:39 am

Re: Help using RB750G as a switch with VLANs

Fri Nov 08, 2019 2:58 pm

Remove ether1 from BR1. The way it is configured now it tags packets from Zyxel with VLAN ID 10 ... and messes things big time.

Or, if you want to keep ether1 in bridge (I don't see any good reason for that), remove pvid setting from it so that it allows untagged packets remain untagged inside the bridge. And then you have to move "Zyxel LAN" settings from ether1 to BR1 "interface".
If it's possible can you customize my code with your suggestion? Also what about firewall filters? What should I masquarade and drop etc?
I'm pretty new to networking, background is in system administration, so any help is appreciated!
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Help using RB750G as a switch with VLANs

Fri Nov 08, 2019 5:09 pm

You'll be using RB as router between 10.0.10.0 and 192.168.1.0. Firewall setup largely depends on what kind of connectivity you intend to allow between the two networks.

Regarding ether1: it will be used as only connection between RB and 192.168.1.0 network, so it shouldn't be part of bridge (bridge is kind of a switch). The only change of your code would be to omit two lines
add bridge=BR1 interface=ether1 pvid=10
addd interface=ether1 list=VLAN10
and change one line to
add bridge=BR1 untagged=ether2,ether3,ether4,ether5 vlan-ids=10   # ether1 not mentioned any more
I'll assume that the setup you posted is beginning of something bigger ... because in its present state it doesn't make sense to use VLANs at all. All ports are untagged member of same VLAN ... so that VLAN is only present internally to RB device. Setup would be functionally identical without using VLANs.
BR,
Metod

Who is online

Users browsing this forum: No registered users and 39 guests