Community discussions

MikroTik App
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

2 links between CSR /using vlan filtering, but without LACP/

Tue Mar 30, 2021 1:50 pm

Hello,
i try to do 2 sepatare L1 conncestions between 2 CRS. Tagged vlans and untagged vlans - everything is working until i split vlans between 2 separated links i get loop. Is it possible to use vlan filtering in this scenario without LACP/bonding?

Image
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2 links between CSR /using vlan filtering, but without LACP/

Tue Mar 30, 2021 1:59 pm

You could put both vlans on one port of sw1 to one port of sw2 and then breakout the two untagged vlans on two ports on sw2. Is that what you want to do
You could also do what your diagram shows as well but typically switch to managed switch one uses one port to one port to carry the vlans.
LInking multiple lines can get a bit trickier.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 links between CSR /using vlan filtering, but without LACP/

Tue Mar 30, 2021 7:05 pm

In theory it might work with careful configuration. Can you post actual configuration of one of switches (I guess you configured both in similar fashion)? (execute /export hide-sensitive and copy-paste output here).
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

Re: 2 links between CSR /using vlan filtering, but without LACP/

Sun Apr 04, 2021 9:44 pm

my settings differs from picture above. But in general, i know it must be something to do with PVIDs. Now i am able to connect it into one bridge in "/interface bridge port". so line is working. But after sending the same tagged vlan i get loop even when vlan in not member as "tagged" on both psyhical interfaces.

I am unable to send some tagged vlan. Everytime when i try to send vlan i get multicast "storm". It is getting own mac address.
Image
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

Re: 2 links between CSR /using vlan filtering, but without LACP/

Sun Apr 04, 2021 10:09 pm

primary link:
sw1 /eth14/ connected to sw2 /eth1/
secondary:
sw1 /eth10/ connected to sw2 /eth19/

vlan99 in mngmt - when i try to send it by secondary link i get loop. Even when vlan99 is not on sw2 port eth19. This is 1st step in my mind.
vlan1233 and vlan1234 is dummy - not used anywhere - just to avoid loops.






SW1
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ]
set [ find default-name=ether2 ]
set [ find default-name=ether3 ]
set [ find default-name=ether4 ] disabled=yes poe-out=off speed=10Mbps
set [ find default-name=ether5 ]
set [ find default-name=ether6 ]
set [ find default-name=ether7 ]
set [ find default-name=ether8 ]
set [ find default-name=ether9 ]
set [ find default-name=ether10 ]
set [ find default-name=ether12 ]
set [ find default-name=ether13 ]
set [ find default-name=ether14 ]
set [ find default-name=ether15 ]
set [ find default-name=ether16 ] poe-out=off
set [ find default-name=ether17 ] poe-out=off poe-voltage=high
set [ find default-name=sfp-sfpplus1 ]
set [ find default-name=sfp-sfpplus2 ]
set [ find default-name=sfp-sfpplus3 ]
set [ find default-name=sfp-sfpplus4 ]
/interface vlan
add interface=bridge1 name=managment vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether1 pvid=22
add bridge=bridge1 interface=ether2 pvid=23
add bridge=bridge1 interface=ether3 pvid=24
add bridge=bridge1 interface=ether5 pvid=27
add bridge=bridge1 interface=ether6 pvid=40
add bridge=bridge1 interface=ether7 pvid=39
add bridge=bridge1 interface=ether8 pvid=38
add bridge=bridge1 interface=ether9 pvid=14
add bridge=bridge1 interface=ether10 pvid=1234
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12 pvid=27
add bridge=bridge1 interface=ether13 pvid=98
add bridge=bridge1 interface=ether14 pvid=1233
add bridge=bridge1 interface=ether15 pvid=98
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2
add bridge=bridge1 interface=sfp-sfpplus3
add bridge=bridge1 interface=sfp-sfpplus4
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridge1 tagged="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether11,ether12,ether13,ether14,ether1\
5,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus\
4,bridge1" vlan-ids=99
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether1 vlan-ids=22
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether2 vlan-ids=23
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether3 vlan-ids=24
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether4,ether5,ether12 vlan-ids=27
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether6 vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether8 vlan-ids=38
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether9 vlan-ids=14
add bridge=bridge1 tagged=sfp-sfpplus1,ether9,sfp-sfpplus2 vlan-ids=21
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether7 vlan-ids=39
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=42
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=3
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=4
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=5
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=6
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=7
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=8
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=11
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=12
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=13
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=17
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=18
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=19
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=25
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=26
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=28
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=29
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=31
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=32
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=33
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=34
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=37
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=41
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=43
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=44
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15,ether13 vlan-ids=51
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=52
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether15 vlan-ids=53
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=61
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=62
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=63
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=64
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=71
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=69
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=73
add bridge=bridge1 tagged=sfp-sfpplus1,ether15,sfp-sfpplus2 vlan-ids=74
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=75
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=76
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=77
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=78
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=100
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=101
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=104
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=160
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=203
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=204
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=205
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=206
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=218
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=219
add bridge=bridge1 tagged=sfp-sfpplus1,ether13,sfp-sfpplus2 vlan-ids=223
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=224
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=225
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=226
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=227
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=228
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=229
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=230
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=233
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=243
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=244
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=248
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=250
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=251
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=252
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=253
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=255
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=257
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=260
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=261
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=262
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=263
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=264
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=265
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=266
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=267
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=268
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=300
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=301
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=302
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=303
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=304
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=305
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=306
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=1001
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether13 vlan-ids=1002
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 untagged=ether13,ether14,ether15 vlan-ids=98
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=70,130
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=2
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=111
add bridge=bridge1 tagged=sfp-sfpplus1,sfp-sfpplus2,ether14 vlan-ids=45
add bridge=bridge1 tagged=sfp-sfpplus1,ether14,sfp-sfpplus2 vlan-ids=79
/ip address
add address=192.168.3.23/24 interface=managment network=192.168.3.0
SW2
/interface bridge
add fast-forward=no frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether2 ] rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether3 ] rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether4 ] poe-voltage=low speed=100Mbps
set [ find default-name=ether5 ] rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether6 ] poe-voltage=low speed=100Mbps
set [ find default-name=ether7 ] poe-out=forced-on rx-flow-control=on speed=100Mbps tx-flow-control=on
set [ find default-name=ether8 ] poe-voltage=low rx-flow-control=on tx-flow-control=on
set [ find default-name=ether9 ] poe-voltage=low speed=100Mbps
set [ find default-name=ether10 ] full-duplex=no poe-voltage=low speed=10Mbps
set [ find default-name=ether11 ] poe-voltage=low
set [ find default-name=ether12 ]
set [ find default-name=ether19 ]
set [ find default-name=ether20 ]
set [ find default-name=ether21 ]
set [ find default-name=ether22 ] advertise=10M-half,10M-full,100M-half,100M-full auto-negotiation=no speed=100Mbps
set [ find default-name=ether23 ]
set [ find default-name=ether24 ]
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-half,1000M-full auto-negotiation=no
set [ find default-name=sfp-sfpplus2 ]
/interface vlan
add interface=bridge1 name=vlan99_mngmt vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool4 ranges=192.168.10.20-192.168.10.254
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether4 pvid=30
add bridge=bridge1 interface=ether5 pvid=62
add bridge=bridge1 interface=ether6 pvid=11
add bridge=bridge1 interface=ether7 pvid=61
add bridge=bridge1 interface=ether8 pvid=63
add bridge=bridge1 interface=ether10 pvid=41
add bridge=bridge1 interface=ether1 pvid=1233
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether9 pvid=75
add bridge=bridge1 interface=ether11 pvid=10
add bridge=bridge1 interface=ether12 pvid=10
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=ether21 pvid=10
add bridge=bridge1 interface=ether22 pvid=10
add bridge=bridge1 interface=ether23 pvid=10
add bridge=bridge1 interface=ether24 pvid=10
add bridge=bridge1 interface=sfp-sfpplus2 pvid=10
add bridge=bridge1 interface=ether20 pvid=79
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether19 pvid=1234
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,sfp-sfpplus1,bridge1,ether20 vlan-ids=\
99
add bridge=bridge1 tagged=ether1,ether3 vlan-ids=6
add bridge=bridge1 tagged=ether1 untagged=ether21,ether3,ether20,ether11,ether22,ether23,ether24,ether12,sfp-sfpplus2 vlan-ids=10
add bridge=bridge1 tagged=ether1,ether3 vlan-ids=12
add bridge=bridge1 tagged=ether1,ether7 vlan-ids=25
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=30
add bridge=bridge1 tagged=ether1,ether7 vlan-ids=32
add bridge=bridge1 tagged=ether1,ether5 vlan-ids=33
add bridge=bridge1 tagged=ether1,ether5 vlan-ids=34
add bridge=bridge1 tagged=ether1 untagged=ether10 vlan-ids=41
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=42,43,44,45
add bridge=bridge1 tagged=ether1 untagged=ether7 vlan-ids=61
add bridge=bridge1 tagged=ether1 untagged=ether5 vlan-ids=62
add bridge=bridge1 tagged=ether1 untagged=ether8 vlan-ids=63
add bridge=bridge1 tagged=ether1,sfp-sfpplus1 vlan-ids=300,301,302,303,304,305,306
add bridge=bridge1 tagged=ether1 untagged=ether6 vlan-ids=11
add bridge=bridge1 tagged=ether1,ether9 vlan-ids=76,77,78
add bridge=bridge1 tagged=ether1 untagged=ether9 vlan-ids=75
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=70,130
add bridge=bridge1 tagged=ether1 untagged=ether20 vlan-ids=79
/ip address
add address=10.12.12.1/24 disabled=yes interface=ether3 network=10.12.12.0
add address=192.168.161.2/24 disabled=yes interface=ether1 network=192.168.161.0
add address=192.168.3.29/24 interface=vlan99_mngmt network=192.168.3.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=src-nat chain=srcnat disabled=yes src-address=192.168.4.0/24 to-addresses=192.168.100.100
/ip route
add distance=1 gateway=192.168.3.1
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 links between CSR /using vlan filtering, but without LACP/

Sun Apr 04, 2021 11:36 pm

So if I understand you right: currently you have VLAN 99 over primary link and everything works fine. If you start to configure VLAN 99 also for secondary link, switches detect loop? But there indeed is (a partial) loop in that case. You can have it like that (I guess you have redundancy in your mind ... if not, what is the reason for doing it?), but you will have to enable protocol-mode=mstp on both bridges. Which will make one of VLAN 99 link instances disabled (other VLANs still flowing over their designated links). In case the "running" link breaks, MSTP will detect that VLAN 99 loop doesn't exist any more and will allow VLAN 99 traffic flow over the other link.

I guess using the dummy VIDs would not be necessary if you set ingress-filtering=yes frame-types=admit-only-vlan-tagged on both interconnect ports (on both switches).
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

Re: 2 links between CSR /using vlan filtering, but without LACP/

Mon Apr 05, 2021 1:03 am

So if I understand you right: currently you have VLAN 99 over primary link and everything works fine. If you start to configure VLAN 99 also for secondary link, switches detect loop? But there indeed is (a partial) loop in that case. You can have it like that (I guess you have redundancy in your mind ... if not, what is the reason for doing it?), but you will have to enable protocol-mode=mstp on both bridges. Which will make one of VLAN 99 link instances disabled (other VLANs still flowing over their designated links). In case the "running" link breaks, MSTP will detect that VLAN 99 loop doesn't exist any more and will allow VLAN 99 traffic flow over the other link.

I guess using the dummy VIDs would not be necessary if you set ingress-filtering=yes frame-types=admit-only-vlan-tagged on both interconnect ports (on both switches).
Thank you for reply. Are you sure there is loop when connecting VLAN 99? Maybe i am missing something. because i dont have it configured on tha physical port on sw2 as tagged. I do it as a proof of concept - i wanna be able to send it /vlan99 is management/ over secondary link. Main reason is not redundancy. Main reason is because links are full. And those radios carring are not with same capacity and reliability. I wanna send only specified vlans by "secondary" link (names primary/secondary are not used correctly in this scenario. should by line1 and line2).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 links between CSR /using vlan filtering, but without LACP/

Mon Apr 05, 2021 11:29 am

I'm pretty sure VLAN99 gets into a semi-loop state when you configure two ports as members even on single end. In this moment switch (which has both ports configured as members) starts sending certain frames to both ports and the other switch (which is still configured with single port member of VLAN99) notices same frame arriving at two ports. And switch2 is currently not blocking VLAN99 frames on ingress on port 19 (it would if you had ingress-filtering=yes).

Any particular reason not to configure both links as LACP group? With that many VLANs (and probably many different concurrent connections flowing between both links) traffic would distribute between the links in almost ideal ratio.
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

Re: 2 links between CSR /using vlan filtering, but without LACP/

Mon Apr 05, 2021 12:30 pm

I'm pretty sure VLAN99 gets into a semi-loop state when you configure two ports as members even on single end. In this moment switch (which has both ports configured as members) starts sending certain frames to both ports and the other switch (which is still configured with single port member of VLAN99) notices same frame arriving at two ports. And switch2 is currently not blocking VLAN99 frames on ingress on port 19 (it would if you had ingress-filtering=yes).

Any particular reason not to configure both links as LACP group? With that many VLANs (and probably many different concurrent connections flowing between both links) traffic would distribute between the links in almost ideal ratio.
There are 2 radio lines with different capacity. And i need to balance traffic. I dont wanna experience packet loss due to 1 line will be full.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: 2 links between CSR /using vlan filtering, but without LACP/

Mon Apr 05, 2021 3:25 pm

I think that setting all 4 ports involved (two at each end) to ingress-filtering=yes frame-types=admit-only-vlan-tagged might solve your problem of switches detecting a loop when you're half way through moving VLAN99 from one link to another. The thing is in the first setting which would drop VLAN99 frames on ingress until port becomes member of VLAN99. As preparation for move make both ports tagged members of VLAN99 on one end. When you want to move VLAN99 from one link to another, change of VLAN99 membership on the other end should do the trick ... after a short outage (switches need to refresh ARP tables).
 
bugino
newbie
Topic Author
Posts: 29
Joined: Tue Aug 08, 2006 12:05 am

Re: 2 links between CSR /using vlan filtering, but without LACP/

Fri Dec 10, 2021 7:22 pm

Any particular reason not to configure both links as LACP group? With that many VLANs (and probably many different concurrent connections flowing between both links) traffic would distribute between the links in almost ideal ratio.
Do you (or anyone) have LACP (802.3ad) working with CRS over radio links? I try this option but i get one link active and second as inactive.

Who is online

Users browsing this forum: mrbroadband, nike78 and 46 guests