Community discussions

MikroTik App
 
mysticbiscuit
just joined
Topic Author
Posts: 2
Joined: Thu Mar 11, 2021 7:32 am
Location: Sydney, Australia

VLAN Configuration on hEX RB750Gr2  [SOLVED]

Tue Mar 16, 2021 5:00 am

Hi All

I've been trying to crack this for a few weeks now, and I've got the untagged VLANs working great but just can't get Tagged VLANs to work. Attached are very basic diagrams showing what I'm trying to do.

In simplest terms, I have 10 VLANs defined.

ether1 - ISP
ether2 - VMware ESXi host (Hybrid?)
ether3 - Ubitiqui UniFi AC-Pro Access Point (running 3x (LAN) SSIDs and 1x Guest SSID [VLAN15]) (Hybrid?)
ether4 - PC (Access)
ether5 - Router running DD-WRT (Trunk?)

So I can plug a PC into ether4 (VLAN10), I can reach the Management interfaces of the ESXi Host + AP (VLAN5). Ports ether2-5 can route over the Internet.

I've been focusing on getting VLAN10 tagged to the AP and trying to connect. This AP works on a Cisco Catalyst with VLAN5 untagged/VLAN10 tagged so I know the AP is configured correctly.

I think its fair to say that I'm not properly understanding trunk and hybrid ports on the RB750Gr2/hEX. I've downloaded and tried the sample configs from viewtopic.php?t=143620&sid=5e864578a7f8 ... e3d3792e86 but I just can't get any traffic on a VLAN that is tagged (?).

My approach has been to create a bridge per VLAN (say bridgeVLAN10), add ether4 untagged, vlan10 tagged, bridgeVLAN10 tagged and enabled VLAN filtering). I've got DHCP Servers running on the VLANs and that certainly works on these untagged ports (eg. VLAN5 + VLAN10)

At this stage I would love any advice or even a sample config (I believe if I can be shown how to do it for just one of the VLANs (eg. VLAN10) I could figure the rest out! (Ie. VLAN10 - untagged on port ether4 ONLY, tagged on port ether2,ether3, trunked over ether5 and routable by other VLANs)

I'm very grateful to the MikroTik community - you guys have certainly helped me get to this stage I just need some more guidance. Any ideas would be most welcome!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN Configuration on hEX RB750Gr2

Tue Mar 16, 2021 3:54 pm

First thing I would do is change all the subnets so they are distinct not take half a subnet for one vlan so to speak.
Second I do not understand the vlan between the modem and the router unless it is required by the ISP (like mine they deliver the data on my ethrX interface via a specified vlan number, so my vlan is created and its interface is the ethX interface)
Third I do not understand why your hex has a management IP address?? It is the router and every subnet gateway IP is the router. All the attached devices should have an associated LANIP on the management VLAN.
Lastly, thats all the speculating I will offer, for any further support you really need to provide the full config.
/export hide-sensitive file=anynameyouwish

One can only have ONE untagged vlan on a hybrid port.
The way to accomplish this is as follows, lets say one has vlans 5,6,7 tagged and vlan2 untagged going through ether2
and all vlans are going through eth1 trunked to a switch.
Eth3 is strictly an untagged port for vlan2

Bridge port setting is
add bridge=-bridge1 interface=eth2 pvid=2 (hybrid)
add bridge=bridge1 interface=eth1 allow only tagged frames (trunk)
add bridge=bridge1 interface=eth3 allow only priority and untagged frames pvid=2 (access)

Bridge vlan setting is
add bridge=bridge1 tagged=bridge1,eth1 untagged=ether2,eth3 vlan-ids=2
add bridge=bridge1 tagged=bridge1,eth2 vlan-ids=5,6,7

In other words, in bridge ports you setup the port to be an access port (but do not narrow down the frame types) and in bridge vlans, simply assign whatever tagged vlans you want on the port.
 
mysticbiscuit
just joined
Topic Author
Posts: 2
Joined: Thu Mar 11, 2021 7:32 am
Location: Sydney, Australia

Re: VLAN Configuration on hEX RB750Gr2

Mon Mar 22, 2021 11:10 pm

Hi anav

Thanks for the response - I managed to get it working after your suggestions, so I'm incredibly grateful for your time. I had a grasp of VLANs etc. but just couldn't wrap my head around how MikroTik handled it so your post was brilliant!

Just to quickly explain the other parts:

* The subnets are part of a global template
* I want to be able to present the Internet connection to a VM (probably pfSense or similar later down the road) - its more to provide that extra option in the event of future changes (its a remote site so I can't physically get there)
* The management IP got me in knots as I originally thought there was just one IP and that had to be reachable over the management VLAN only.

Thanks for explaining about the bridges - I was confused between the port and vlan setting and your reply made it MUCH clearer!

All the best!

Who is online

Users browsing this forum: mtkvvv and 24 guests