Community discussions

MikroTik App
 
kerall117
just joined
Topic Author
Posts: 1
Joined: Tue Mar 02, 2021 3:54 am

CRS326 VLAN Filtering

Tue Mar 02, 2021 4:30 am

I've spent most of the day trying different combinations and solutions to get VLAN filtering working on a CRS326-24G-2S+RM and have come back with no results. All I'm interested in is leaving every port on the default VLAN with a few tagged VLANs going to a virtual server and one untagged port going to a management VLAN. Up to this point the default VLAN and tagged VLANs on the virtual server have been working without any issue. The problem arose when I needed to use a single VLAN-unaware device on a separate subnet. I have created three VLAN interfaces - vlan110-Servers, vlan120-Printers, vlan99-Management. These are on bridge1 which includes all physical ports on the router/switch. One possible complication is that ether23/24 are bonded with LACP, but that bonded interface is also included in the bridge and has been working without issue until now.

My understanding is that all VLANs which include IPs used by the CRS326 itself must be tagged in Bridge>VLANs. Because the CRS326 is the default gateway for all of the /24 subnets of each VLAN, I assume that I need to tag the bridge for every VLAN. Likewise, all of my ports except ether22 will be untagged VLAN 1. With the configuration below, as soon as I enable VLAN filtering I lose connection to the CS326. I'm probably missing something very obvious but all of my previous experience has been with RoaS and this is just not getting any clearer as I continue to troubleshoot. Any help would be appreciated. I only started working with Mikrotik devices in the last few months and this is the first time I've completely hit a wall.
/interface bridge
add name=NullBridge
add admin-mac=08:55:31:6E:F0:B8 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan99-Management vlan-id=99
add interface=bridge name=vlan110-Server vlan-id=110
add interface=bridge name=vlan120-Printers vlan-id=120
/interface bonding
add mode=802.3ad name=bonding1 slaves=ether23,ether24 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.100-192.168.10.200
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.20
add name=dhcp_pool2 ranges=192.168.1.100-192.168.1.150
add name=dhcp_pool3 ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan110-Server name=dhcp1-Servers
add address-pool=dhcp_pool1 disabled=no interface=vlan120-Printers name=dhcp2-Printers
add address-pool=dhcp_pool2 disabled=no interface=bridge name=dhcp3-Primary
add address-pool=dhcp_pool3 disabled=no interface=vlan99-Management name=dhcp4-Management
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=10.254.254.254
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge interface=bonding1
add bridge=bridge interface=ether22
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether22 vlan-ids=99
add bridge=bridge tagged=bridge vlan-ids=110
add bridge=bridge tagged=bridge vlan-ids=120
add bridge=bridge tagged=bridge untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21 vlan-ids=1
/ip address
add address=192.168.10.1/24 interface=vlan110-Server network=192.168.10.0
add address=192.168.1.2/24 interface=bridge network=192.168.1.0
add address=192.168.1.2/24 interface=bridge network=192.168.1.0
add address=10.254.254.254 interface=NullBridge network=10.254.254.254
add address=192.168.20.1/24 interface=vlan120-Printers network=192.168.20.0
add address=192.168.99.1/24 interface=vlan99-Management network=192.168.99.0
/ip dhcp-client
add interface=bridge
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.254
add address=192.168.10.0/24 dns-server=192.168.1.202,8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.1.202,8.8.8.8 gateway=192.168.20.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set servers=192.168.1.202,8.8.8.8
/ip route
add distance=1 gateway=192.168.1.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
/routing ospf interface
add interface=bridge network-type=point-to-point
/routing ospf network
add area=backbone network=192.168.1.0/24
/system routerboard settings
set boot-os=router-os
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326 VLAN Filtering

Tue Mar 02, 2021 8:05 pm

This is the best guide for vlans using switch chip..........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

If using the bridge vlan method,
viewtopic.php?f=13&t=143620
 
khoiron81
just joined
Posts: 2
Joined: Sun Oct 17, 2021 2:50 pm

Re: CRS326 VLAN Filtering

Sun Oct 17, 2021 3:11 pm

I also have the same issue. I am running pppoe server use default setting and hotspot server use VLAN at the same bridge without problem in RB1100AHx4, but when i connect the Routerboard CRS326-24G-2S+RM in between then the VLAN can't go trough.

Who is online

Users browsing this forum: jaclaz and 41 guests