Community discussions

MikroTik App
 
Daniel44
just joined
Topic Author
Posts: 12
Joined: Thu Nov 19, 2020 3:47 pm

Simple VLAN fails....

Mon Feb 22, 2021 3:03 pm

Hello,

a very simply VLAN setup I'm struggeling ATM.....

CRS106-1C-5S RouterOS 6.47.7

I Try to Setup VLAN 1337 with one tagged and one untagged port.


On Port SFP1 there should be VLAN1 and VLAN1337, on port sfp2 only VLAN1337 untagged.
All configuration is done via winbox.

I created a bridge "bridge_1337", added the port "sfp2".
I create new port "ze_1337" on port sfp1 and add it also to "bridge_1337".

Anything else I have to do? If you need more info feel free to ask, I tried to keep this post small.

Best regards

Daniel
 
tdw
Forum Veteran
Forum Veteran
Posts: 713
Joined: Sat May 05, 2018 11:55 am

Re: Simple VLAN fails....

Mon Feb 22, 2021 4:43 pm

Use a single bridge, then on CRS1xx/2xx devices configure the switch chip so you have wire-speed connections between ports. The switch menu doesn't hide any of the huge number of switch registers which may be configured for different scenarios, however there are some basic examples here https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
 
Daniel44
just joined
Topic Author
Posts: 12
Joined: Thu Nov 19, 2020 3:47 pm

Re: Simple VLAN fails....

Wed Feb 24, 2021 4:53 pm

I resetted my switch and tried to configure him.
At sfp1 I need the default LAN (no vlan) AND a tagged VLAN. How can I do this when the switch is used? I can only configure the sfp1 to the VLAN-Bridge or the "default" bridge.
 
tdw
Forum Veteran
Forum Veteran
Posts: 713
Joined: Sat May 05, 2018 11:55 am

Re: Simple VLAN fails....

Wed Feb 24, 2021 5:17 pm

Do not create another bridge, if all ports are already in the bridge created by the default configuration all you have to do is add the /ethernet interface switch settings.

For VLAN 1337 tagged on SFP1 and untagged on SFP2 this would be
/interface ethernet switch ingress-vlan-translation
add ports=sfp2 customer-vid=0 new-customer-vid=1337
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1 vlan-id=1337
/interface ethernet switch vlan
add ports=sfp1,sfp2 vlan-id=1337


You also need to configure other VLANs, management access and unknown/invalid VLAN filtering as required.
 
Daniel44
just joined
Topic Author
Posts: 12
Joined: Thu Nov 19, 2020 3:47 pm

Re: Simple VLAN fails....

Wed Feb 24, 2021 5:21 pm

And what abount an untagged VLAN port? Simply add the Port to the bridge and set the PVID?
 
tdw
Forum Veteran
Forum Veteran
Posts: 713
Joined: Sat May 05, 2018 11:55 am

Re: Simple VLAN fails....

Wed Feb 24, 2021 5:56 pm

Setting the PVID under /interface bridge port is only applicable to bridges with vlan-filtering=yes.

Mikrotik have only fully combined bridge VLAN filtering with hardware offload configuration on CRS3xx devices. On all others to achieve wire-speed switching you must use a bridge with vlan-filtering=no to enable the hardware switching AND configure the switch chip to allow the required tagged/untagged VLANs on the ports.

I don't have a CRS1xx/2xx to hand, if you wish to have untagged traffic pass between all the other interfaces, and be used for management access, something along the lines of:
/interface ethernet switch vlan
add ports=switch1-cpu,combo1,sfp1,sfp3,sfp4,sfp5 vlan-id=0
 
Daniel44
just joined
Topic Author
Posts: 12
Joined: Thu Nov 19, 2020 3:47 pm

Re: Simple VLAN fails....

Thu Feb 25, 2021 8:25 am

The whole mikrotik stuff is very confusing......
I thought Vlan 1 is the VLAn for all untagged packages?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 6189
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Simple VLAN fails....

Thu Feb 25, 2021 2:02 pm

All the piecemeal advice is useless, by that I mean well-intentioned but off the mark.
if one doesnt know how to config the MT, snippets will not be helpful.

There is one good guide to setting up vlans for switch/routers -switch chip method:
https://www.youtube.com/watch?v=Rj9aPoyZOPo

There is one good guide to setting up vlans for routers - vlan filtering method
viewtopic.php?f=23&t=143620

Pick one and learn it!
Then come back here and post your config to get you through the last mile.
/export hide-sensitive file=anynameyouwish
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
tdw
Forum Veteran
Forum Veteran
Posts: 713
Joined: Sat May 05, 2018 11:55 am

Re: Simple VLAN fails....

Thu Feb 25, 2021 2:28 pm

I thought Vlan 1 is the VLAn for all untagged packages?
Untagged traffic by its very nature has no VLAN ID. Many vendors use a default of adding VLAN ID 1 tags to untagged traffic on ingress and removing them on egress if their device does not support untagged packets internally. The switch chip in CRS1xx/2xx does, and uses VLAN ID 0 to indicate the packet is untagged within the chip.

If you really want to use VLAN 1 in the switch chip:
/interface ethernet switch ingress-vlan-translation
add ports=switch1-cpu,combo1,sfp1,sfp3,sfp4,sfp5 customer-vid=0 new-customer-vid=1
/interface ethernet switch vlan
add ports=switch1-cpu,combo1,sfp1,sfp3,sfp4,sfp5 vlan-id=1

Who is online

Users browsing this forum: No registered users and 48 guests