Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Post Reply
 
f38eb
just joined
Topic Author
Posts: 16
Joined: Sat Aug 18, 2012 9:36 pm

RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Thu Jun 18, 2020 2:38 pm

Hi,

I have stuck with this already few days trying to figure out how to properly set tagged and untagged vlans on RB1100Ahx2.
the principle diagram is here as an example: (pink is for testing, both cable ar not connected at the same cable)
rb1100ahx2.jpg
Cisco 1/0/3 UNtagged is connected to ether1 - port doesn't get up running, stays orange on cisco
re-plugging the same cable to:
Cisco 1/0/4 tagged ---> ether5 - ports works and everything is ok.
in production I have in place of Cisco an unmanaged HP switch, connecting RB1100Ahx2 hangs up all network...
Code: Select all
interface range GigabitEthernet1/0/1-3
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport trunk allowed vlan 2,10
 switchport trunk native vlan 999
 switchport mode trunk
!

----------------------------------------------------------------------------------------------
# jan/03/1970 01:48:04 by RouterOS 6.45.9
# model = 1100AHx2
/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=2
/interface ethernet switch port
# ether1,ether2,ether3,ether4,ether5,switch2-cpu
set 0 default-vlan-id=2 vlan-header=always-strip vlan-mode=fallback   # error here?
set 1 vlan-mode=secure
set 2 vlan-mode=secure
set 3 vlan-mode=secure
set 4 vlan-mode=secure
set 11 vlan-mode=secure
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3 
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface ethernet switch vlan
add independent-learning=yes ports=switch2-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch2 vlan-id=2 # error here?
/ip address
add address=xxxxxxx interface=vlan2 
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes
this all seems to be related to this:
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features:
Note: QCA8337 and Atheros8327 switch chips ignore the vlan-header property and uses the default-vlan-id property to determine which ports are access ports. The vlan-header is set to leave-as-is and cannot be changed while the default-vlan-id property should only be used on access ports to tag all ingress traffic.
I'm assuming error is in one of those of two rows setting vlans, but have tried different settings, either doesn't work IP network from Mikrotik, either cisco blocks port
You do not have the required permissions to view the files attached to this post.
Last edited by f38eb on Thu Jun 18, 2020 3:08 pm, edited 1 time in total.
Top
 
sid5632
Long time Member
Long time Member
Posts: 554
Joined: Fri Feb 17, 2017 6:05 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Thu Jun 18, 2020 2:59 pm

I've never looked at an 1100, but I'd have thought you'd want to change this:

/interface ethernet switch port
# ether1,ether2,ether3,ether4,ether5,switch2-cpu
set 0 default-vlan-id=2 vlan-header=always-strip vlan-mode=fallback # error here?
/interface ethernet switch vlan
add independent-learning=yes ports=switch2-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch2 vlan-id=2 # error here?

to this:

/interface ethernet switch port
# ether1,ether2,ether3,ether4,ether5,switch1-cpu
set 0 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=2

You don't need a default-vlan-id on a trunk port, only on access port. And switch2 is usually ether6-10 (it is on an RB2011 anyway, which I do have), whereas ether1-5 is switch1.
Top
 
f38eb
just joined
Topic Author
Posts: 16
Joined: Sat Aug 18, 2012 9:36 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Thu Jun 18, 2020 3:06 pm

on RB1100 it's opposite, switch2 is 1-5, switch1 is 6-10... :)

ether1 is UNtagged port
ether5 is tagged

so unfortunately your provided code won't help. That's the main problem, that everything work with tagged port, but can't get it working with the untagged port
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11635
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Thu Jun 18, 2020 10:53 pm

On my RB951G, which features (single) AR8327, the following sets ether2 as hybrid port (trunk with native) ... VLAN 40 is untagged (native) and VLAN 3999 is tagged:

Code: Select all
/interface ethernet switch port
set 1 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure

/interface ethernet switch vlan
add independent-learning=yes ports=ether2 switch=switch1 vlan-id=3999
add independent-learning=yes ports=ether2 switch=switch1 vlan-id=40

Actually the config lines in the second part include all ports which are members of corresponding VLAN.

So the "big difference" is in vlan-mode= setting.
Top
 
f38eb
just joined
Topic Author
Posts: 16
Joined: Sat Aug 18, 2012 9:36 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Thu Jun 18, 2020 11:47 pm

On my RB951G, which features (single) AR8327, the following sets ether2 as hybrid port (trunk with native) ... VLAN 40 is untagged (native) and VLAN 3999 is tagged:

Code: Select all
/interface ethernet switch port
set 1 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure

/interface ethernet switch vlan
add independent-learning=yes ports=ether2 switch=switch1 vlan-id=3999
add independent-learning=yes ports=ether2 switch=switch1 vlan-id=40

Actually the config lines in the second part include all ports which are members of corresponding VLAN.

So the "big difference" is in vlan-mode= setting.

i think that one works for hybrid port fine, haven't tested it though, but as the tagged port is working fine, it might also work fine with hybrid port.
but I think there is kind of issue how Mikrotik ROS or precisely this switch works with VLAN's.
I checked with RB850 (ether1, ether2 put together with bridge, no vlans, no tagging etc., just plain bridge) Ether1 comes from unmanaged HP, ether2 goes to RB1100. When I connect RB1100 , then they see each other, but traffic from uplink HP on ether1 not work any more, although it doesn't hang up the HP switch and other hosts :)
will try it tomorrow with Cisco, to see the behaviour.
Otherwise will have to make network setup in different way, using other MT or somthn...
Top
 
f38eb
just joined
Topic Author
Posts: 16
Joined: Sat Aug 18, 2012 9:36 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Fri Jun 19, 2020 8:46 am

I checked with RB850 (ether1, ether2 put together with bridge, no vlans, no tagging etc., just plain bridge) Ether1 comes from unmanaged HP, ether2 goes to RB1100. When I connect RB1100 , then they see each other, but traffic from uplink HP on ether1 not work any more, although it doesn't hang up the HP switch and other hosts :)
will try it tomorrow with Cisco, to see the behaviour.
Otherwise will have to make network setup in different way, using other MT or somthn...
Tried with cisco -> RB850 (bridged ether1,ether2) -> RB1100 eth1 - cisco switches port to disabled orange state ...
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11635
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Fri Jun 19, 2020 11:43 am

Any log on Cisco to see why it deems port/connection faulty?

One thing, just to make sure: when you try the untagged connection between cisco and RB, you have to disconnect the trunk connection first. Or else there will be loop on VLAN 2 and without MTSP cisco would panick and disable port ...
Top
 
f38eb
just joined
Topic Author
Posts: 16
Joined: Sat Aug 18, 2012 9:36 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Fri Jun 19, 2020 3:00 pm

no error no cisco
Code: Select all
GigabitEthernet1/0/3 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 2c3e.cfe6.8d03 (bia 2c3e.cfe6.8d03)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     361171 packets input, 369451598 bytes, 0 no buffer
     Received 8944 broadcasts (2759 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 2760 multicast, 0 pause input
     0 input packets with dribble condition detected
     375887 packets output, 92599920 bytes, 0 underruns
Switch#show interfaces status err-disabled
Switch#
altghough i figured out that setting on mikrotik solves issue:
Code: Select all
/interface bridge
add name=bridge1 protocol-mode=none
But I think the RSTP should be used, as I will have multiple switches in chain, although not with multiple parallel connections... ?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11635
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB1100Ahx2 (Atheros8327) tagged and untagged vlans

Fri Jun 19, 2020 11:56 pm

As there are VLANs in play, it should be MSTP rather than RSTP.

And it doesn't matter how many switches are in chain, it only depends on interconnection ... if there's a loop in network infrastructure, switches around that loop need some kind of xSTP running (the same variant all of them) to avoid connectikn loops.
Top
Post Reply

Who is online

Users browsing this forum: Airiasas, Amazon [Bot], lurker888 and 11 guests
  4. RouterOS
  5. Beginner Basics