Community discussions

MUM Europe 2020
 
micha1207
just joined
Topic Author
Posts: 3
Joined: Thu Feb 13, 2020 1:49 pm

VLAN Tagging between two CCR

Thu Feb 13, 2020 2:07 pm

Hello,
I'm trying to get tagged traffic between two CCR -1009-8G-1S with RouterOS v6.39.2 connected via bond over Ubiquiti AirFiber. Untagged traffic works fine between them.
Vlans are created on both routers on ether6 like ether6.vlan19 and ether.vlan20 and same vlans on bonding interface like bonding1.vlan19 and bonding1.vlan20
It simply doesn't work.. Did i miss some configuration or setting which allowes to send tagged traffic over bond interface?

Many thanks in advance.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1161
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 3:19 pm

Can you post your config? What type of AirFibers are you using?
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
micha1207
just joined
Topic Author
Posts: 3
Joined: Thu Feb 13, 2020 1:49 pm

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 4:05 pm

Can you post your config? What type of AirFibers are you using?
Main network is running over Ubiquiti AirFiber 24 and Ubiquiti AirFiber - AF-5X is only for fallback purpose.

Router1 Config

/interface bridge
add name=bridge1.Building1-Network protocol-mode=none
add name=bridge1.layer2 protocol-mode=none
add name=bridge2.Voice-Network protocol-mode=none
add name=bridge3.Building2-Network protocol-mode=none
add name=bridge4.MGMT-Network protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment="Voice // VLAN2"
set [ find default-name=ether2 ] comment=empty
set [ find default-name=ether3 ] comment="Connection Building 1 // VLAN1"
set [ find default-name=ether4 ] comment=empty
set [ find default-name=ether5 ] comment="Connection Building 2 // VLAN3 // empty"
set [ find default-name=ether6 ] speed=1Gbps
set [ find default-name=ether8 ] comment=AF5X
set [ find default-name=sfp1 ] comment=AF24
/interface vlan
add interface=ether1 name=ether1.vlan2 vlan-id=2
add interface=ether3 name=ether3.vlan1 vlan-id=1
add interface=ether6 name=ether6.vlan19 vlan-id=19
add interface=ether6 name=ether6.vlan20 vlan-id=20
add interface=ether7 name=ether7.vlan32 vlan-id=32
/interface bonding
add arp-ip-targets=10.0.10.2 link-monitoring=arp mode=active-backup name=bonding1 primary=sfp1 slaves=sfp1,ether8
/interface vlan
add interface=bonding1 name=bonding1.vlan1 vlan-id=1
add interface=bonding1 name=bonding1.vlan19 vlan-id=19
add interface=bonding1 name=bonding1.vlan2 vlan-id=2
add interface=bonding1 name=bonding1.vlan20 vlan-id=20
add interface=bonding1 name=bonding1.vlan3 vlan-id=3
add interface=bonding1 name=bonding1.vlan32 vlan-id=32
add interface=bonding1 name=bonding1.vlan5 vlan-id=5
/interface bridge port
add bridge=bridge2.Voice-Network interface=bonding1.vlan2
add bridge=bridge3.Building2-Network interface=bonding1.vlan3
add bridge=bridge2.Voice-Network interface=ether1
add bridge=bridge1.Building1-Network interface=bonding1.vlan5
add bridge=bridge1.Building1-Network interface=ether3
add bridge=bridge3.Building2-Network interface=ether5
add bridge=bridge1.Building1-Network interface=bonding1.vlan1
add bridge=bridge4.MGMT-Network interface=ether7
add bridge=bridge4.MGMT-Network interface=bonding1.vlan32
/ip address
add address=10.0.10.1/30 interface=bridge2.Voice network=10.0.10.0
add address=10.0.0.30/16 interface=bridge1.Building1 network=10.0.0.0
add address=10.0.3.18/24 interface=bridge3.Building2 network=10.0.3.0
add address=192.168.35.252/22 interface=bridge4.MGMT-Network network=192.168.32.0
add address=172.19.0.252/24 interface=ether6.vlan19 network=172.19.0.0
add address=172.20.0.252/24 interface=ether6.vlan19 network=172.20.0.0
/ip route
add distance=1 gateway=10.0.0.31



Router2 Config

/interface bridge
add name=bridge1.Building1-Network protocol-mode=none
add name=bridge1.layer2 protocol-mode=none
add name=bridge2.Voice-Network protocol-mode=none
add name=bridge3.Building2-Network protocol-mode=none
add mtu=1576 name=bridge4.MGMT-Network protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment="Voice-Network // VLAN1"
set [ find default-name=ether2 ] comment="Voice-Network // VLAN2"
set [ find default-name=ether3 ] comment="Building1-Network // VLAN1"
set [ find default-name=ether4 ] comment="Building1-Network // VLAN1"
set [ find default-name=ether5 ] comment="Building2-Network // VLAN3"
set [ find default-name=ether6 ] comment="Building2-Network // VLAN3"
set [ find default-name=ether7 ] comment="Building2-Network // VLAN3"
set [ find default-name=ether8 ] comment=AF5X
set [ find default-name=sfp1 ] comment=AF24
/interface vlan
add interface=ether1 name=ether1.vlan2 vlan-id=2
add interface=ether2 name=ether2.vlan2 vlan-id=2
add interface=ether3 name=ether3.vlan1 vlan-id=1
add interface=ether4 name=ether4.vlan1 vlan-id=1
add interface=ether5 name=ether5.vlan3 vlan-id=3
add interface=ether6 name=ether6.vlan19 vlan-id=19
add interface=ether6 name=ether6.vlan20 vlan-id=20
add disabled=yes interface=ether6 name=ether6.vlan3 vlan-id=3
add interface=ether7 name=ether7.vlan32 vlan-id=32
/interface bonding
add arp-ip-targets=10.0.10.1 link-monitoring=arp mode=active-backup name=bonding1 primary=sfp1 slaves=sfp1,ether8
/interface vlan
add interface=bonding1 name=bonding1.vlan19 vlan-id=19
add interface=bonding1 name=bonding1.vlan2 vlan-id=2
add interface=bonding1 name=bonding1.vlan20 vlan-id=20
add interface=bonding1 name=bonding1.vlan3 vlan-id=3
add interface=bonding1 name=bonding1.vlan32 vlan-id=32
add interface=bonding1 name=bonding1.vlan5 vlan-id=5
/interface bridge port
add bridge=bridge2.Voice-Network interface=bonding1.vlan2
add bridge=bridge3.Hausnetz3 interface=bonding1.vlan3
add bridge=bridge2.Voice-Network interface=ether1
add bridge=bridge2.Voice-Network interface=ether2
add bridge=bridge1.Building1-Network interface=bonding1.vlan5
add bridge=bridge1.Building1-Network interface=ether3
add bridge=bridge1.Building1-Network interface=ether4
add bridge=bridge3.Building2-Network interface=ether5
add bridge=bridge4.MGMT-Network interface=ether7
add bridge=bridge4.MGMT-Network interface=bonding1.vlan32
/ip address
add address=10.0.10.2/30 interface=bridge2.Voice-Network network=10.0.10.0
add address=10.0.3.1/24 interface=bridge3.Building2-Network network=10.0.3.0
add address=10.0.0.26/16 interface=bridge1.Building1-Network network=10.0.0.0
add address=192.168.35.253/22 interface=bridge4.MGMT-Network network=192.168.32.0
add address=172.19.0.253/24 interface=ether6.vlan19 network=172.19.0.0
add address=172.20.0.253/24 interface=ether6.vlan19 network=172.20.0.0
/ip route
add distance=1 gateway=10.0.0.31

 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 5:02 pm

I'm not saying it can't be done in such an ancient ROS version, but I strongly suggest you to upgrade to some modern ROS version, e.g."long-term" 6.45.8. Try to start off with clean config and add things as needed. And configure VLANs using the new bridge vlan-filtering (using single bridge for all VLANs), it makes config so much cleaner.
BR,
Metod
 
tdw
Member Candidate
Member Candidate
Posts: 227
Joined: Sat May 05, 2018 11:55 am

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 5:22 pm

You are running an old version of RouterOS with known remote unauthenticated access vulnerabiliites, so I'd suggest upgrading to at least the latest long-term release.

With newer versions of RouterOS you can also use a single VLAN-aware bridge instead of having multiple bridges to connecting the VLAN interfaces of the various ethernet/bonding interfaces - currently there is nothing connecting VLANs 5 (at one end only), 19, 20 together; and VLANs 1 & 5 are connected to each other at the other end too.

It is also worth avoiding VLAN1 tagged, various manufacturers handle VLAN1 differently, often in incompatible ways.
 
micha1207
just joined
Topic Author
Posts: 3
Joined: Thu Feb 13, 2020 1:49 pm

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 8:26 pm

Many thanks for you replies.
Some settings doesn't make any sence to me. I guess my predecessor make this settings according to his ideas, which were not necessarily the best.
I totaly agree that the upgrade to LTS and clean install are the best options.
I'm just curious if it was possible in earlier versions to transfer tagged traffic (trunk) between routers anyway.
 
tdw
Member Candidate
Member Candidate
Posts: 227
Joined: Sat May 05, 2018 11:55 am

Re: VLAN Tagging between two CCR

Thu Feb 13, 2020 9:55 pm

Bridges in older versions of RouterOS, and newer ones with vlan-filtering=no, behave similarly to an unmanaged switch - any tagged VLANs will pass freely across all ports as the VLAN ethertype is treared no differently from any other.

As soon as you attach a VLAN interface to an ethernet interface, for example, then any ingress traffic tagged with the VLAN ID specified is extracted and never makes it to the bridge - standard linux behaviour.

Who is online

Users browsing this forum: No registered users and 56 guests