Community discussions

MikroTik App
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Does hEX S not support VLANs on trunks?  [SOLVED]

Wed Mar 17, 2021 2:07 pm

Follow this guide and it will work!!
viewtopic.php?f=13&t=143620

Edit: As pelchi noted, it is not clear if you run the hex as a router or a switch. in both cases the guide provided above gives you both view points.
Last edited by anav on Wed Mar 17, 2021 2:28 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Mar 17, 2021 2:20 pm

You can run winbox under wine on Linux or MacOS.
It is not really clear if you want to configure your hEX S as a router or as a switch.
It is easy to configure a trunk on sfp1, just add a number of VLAN sub-interfaces to it each with the proper VLAN ID.
But of course then you want to do some things with the traffic. You would want to put an IP address on each VLAN sub-interface or put a DHCP client on it.
When you really want to use it as a switch, don't do it this way but instead make a VLAN-aware bridge. That is covered in that other article.
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Does hEX S not support VLANs on trunks?

Wed Mar 17, 2021 6:48 pm

HI Ken, sounds like you are having fun.
I found the hex tops out between 700-800 so when you need to get a 1gig fibre connection going the RB4011 route is great, kicks butt.
I would stay away form MT local wifi units. I have had success with EAP245 (solid wifi5 product from tp link), may get one of their newer 620s/660s (wifi6) when they come out, hopefully soon.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Mar 17, 2021 6:57 pm

Ok you want to have the SFP1 on the "internal" side and then trunked to the switch. I understood that it would be the uplink to an existing network with VLANs.
When you want to do that it is possible to omit that VLAN aware bridge and use only VLAN subinterfaces on the SFP1 interface, then handle all traffic on those.
That is much easier to understand. Like this:

/interface vlan
add interface=sfp1 name=sfp1.vlan2 vlan-id=2
add interface=sfp1 name=sfp1.vlan6 vlan-id=6
add interface=sfp1 name=sfp1.vlan27 vlan-id=27

etc. Then put IP addresses on them:

/ip address
add address=192.168.2.1/24 interface=sfp1.vlan2
add address=192.168.6.1/24 interface=sfp1.vlan6

etc.
now you have a router that will by default pass everything.
you can now add rules in the ip firewall forward chain to block what you do not want, or rules to allow what you want and then a rule that blocks everything else.

/ip firewall filter
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward in-interface=sfp1.vlan2 out-interface=sfp1.vlan6
...
add action=drop chain=forward

You can setup "interface lists" when you want to group some interfaces together when they are to be handled the same way.
An interface list attaches a name to a set of interfaces and can be used like:
add action=accept chain=forward in-interface-list=management ....

Remember: chain=forward only affects what is forwarded by the router, chain=input affects what is sent to the router and handled by it (like the management), there is no need to have input rules to match traffic that you are forwarding.
Last edited by pe1chl on Wed Mar 17, 2021 7:00 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Mar 17, 2021 7:01 pm

I think people run 64 bit wine on MacOS, but I never use it so I don't have details.
You can use webfig when you properly firewall it (only accept input to port 80 on the management network).
One big advantage of RouterOS is that commandline, webfig and winbox offer exactly the same configuration options, there is no need to "go back to commandline" to do things that the other interfaces do not allow (except some beta stuff sometimes).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Mar 17, 2021 7:43 pm

Yes, that is correct! You only need a bridge when you:
- want multiple ports to connect to the same network
- want to use spanning tree protocols (STP/RSTP/MSTP)

With only a single trunk to a switch that handles that, you don't need a bridge and you can use the VLAN subinterfaces directly on SFP1 as explained above. Indeed much simpler.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Mar 24, 2021 10:40 am

Is this with firewall filters? And do you use connection tracking and fasttrack? Or just some matches on input/output interface?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Does hEX S not support VLANs on trunks?

Wed Apr 07, 2021 11:15 pm

Yes these boxes are the strongest products from MikroTik. Cheap and quite good performance, and RouterOS is quite good for configuring such setups.

Who is online

Users browsing this forum: No registered users and 56 guests