Community discussions

MikroTik App
 
PackElend
Member Candidate
Member Candidate
Topic Author
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Why is there "Current Tag" & "Current Untagged" in each VLAN

Sun Apr 04, 2021 10:27 pm

Hello,
besides my troubles how MK deals with VLAN tagging as described in VLAN Filter - how do ingress and egress rules work?, I'm clueless why MikorTik shows "Current Tag" & "Current Untagged".
This is very briefly mentioned in the Wiki, but it doesn't make me any smarter
Image
I would expect there is a general overview, telling me, on which port is which traffic, tagged or untagged.
Showing as shown in the picture above leaves me with the impression that is VLAN specific information. Anyone willing to make me understand this mystery?

thx
Stefan
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Sun Apr 04, 2021 11:08 pm

The best guide for vlans, is
viewtopic.php?f=23&t=143620
If you are having issues please post your config
/export hide-sensitive file=anynameyouwish
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Sun Apr 04, 2021 11:36 pm

I would expect there is a general overview, telling me, on which port is which traffic, tagged or untagged.

I think you have the information you need, be it not in the table-design you wish. This table is VLAN by VLAN, listing all the interfaces that use that VLAN.
You can add the columns "tagged" and "untagged" also, that is your input to the config. The "current tagged" and "current untagged" include the automatic added interfaces, and remove the down interfaces (like inactive WLAN interfaces).

I have no knowledge of an inverted table output , showing interface by interface what VLANs are used. (There are 4096 possible VLAN). Also SWos is showing the table VLAN by VLAN.

VLAN ID=1, is the internal reserved VLAN number, for all unspecified untagged interface traffic. It's added automatically.
 
PackElend
Member Candidate
Member Candidate
Topic Author
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Tue Apr 06, 2021 5:19 pm

...This table is VLAN by VLAN, listing all the interfaces that use that VLAN...
thx for replying but I'm still lost. I have done some research but I'm still clueless. I would expect the same but my current configuration tells me a different story.

On the CRS328-24P ether01 to ether10 are used, I was connected on ether16 as I pulled the configuration. The CRS328-24P is connected via an uplink to a CRS328-20S, which in turn is connected via an uplink to a CCR1009. At the moment, only the intercom is powered, as the network upgrade is not yet complete, final it is:
FTTH -> CCR1009 __ CRS328-20S __ CRS328-24P
        |   |      |   |         |_PoE to Intercom System
        |   |      |   | 
        |   |      |   |__fiberes to multiple Hex S with connected cAP ac (WiFi, LAN per flat)
        |   |      |__fibres to Hex PoE what powers some hAP ac3 for common area WiFi etc. 
        |   |       
        |   |__DMZ  
        |___Terminal PC for Management, accessible via remote access (set configuration, don't change a running system) 
The intercome is a mixture of 2N Devices. Some devices come with the manufacturer's OS, some with Android. The former is capable of VLAN tag, the latter unfortunately not, although Android should support this.


This results in the following settings on the ports:

Devices that are untagged are on the following ports.
VLAN ID 100 is added to them for traffic to the uplink:
ether01: untagged traffic VLAN ID=---, PVID=100
ether07: untagged traffic VLAN ID=---, PVID=100
ether08: untagged traffic VLAN ID=---, PVID=100
ether09: untagged traffic VLAN ID=---, PVID=100

add bridge=br.ether-sfp comment="UG Ost" interface=ether1 pvid=100
add bridge=br.ether-sfp comment="1.OG Ost" interface=ether7 pvid=100
add bridge=br.ether-sfp comment="1.OG West" interface=ether8 pvid=100
add bridge=br.ether-sfp comment=2.OG interface=ether9 pvid=100

Devices with VLAN TAG, VLAN ID=100, are on the following ports, PVID=1 is therefore not important:
ether02:   tagged traffic VLAN ID=100, PVID=001	   ether06:   tagged traffic VLAN ID=100, PVID=001
ether03:   tagged traffic VLAN ID=100, PVID=001	   ether10:   tagged traffic VLAN ID=100, PVID=001
ether04:   tagged traffic VLAN ID=100, PVID=001	   	     		
ether05:   tagged traffic VLAN ID=100, PVID=001	   	   

add bridge=br.ether-sfp comment="UG Nord" interface=ether2
add bridge=br.ether-sfp comment="UG West" interface=ether3
add bridge=br.ether-sfp comment="EG Ost" interface=ether4
add bridge=br.ether-sfp comment="EG Nord" interface=ether5
add bridge=br.ether-sfp comment="EG West" interface=ether6
add bridge=br.ether-sfp comment=3.OG interface=ether10  	

The bridge removes the VLAN Tag on the traffic to the devices where necessary (ether1 and ether 7-9)
add bridge=br.ether-sfp comment=Gegensprechanlage\
     tagged="ether2,ether3,ether4,ether5,ether6,ether10,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4\
     " untagged=ether1,ether7,ether8,ether9\
     " vlan-ids=100

Besides, there is Management VLAN10, available on all ports, as there is still a wait here until all installation work has been completed.
Image
Again Intercom VLAN100
Image
The dynamic VLAN is still a mystery to me, but perhaps it results from the answer to my actual question.
Image



What I would have expected now is that in the column Current Taggedonly the ports are listed on which the VLAN is used and traffic with VLAN tag is on the way. In the column Current Untagged corresponding traffic without VLAN tag is listed after is was removed in case of PVID application, as defined in
add bridge=br.ether-sfp ...
Currently, there is only VLAN100 traffic, so I wondering why there these columns are filled for the other VLANs.
Last edited by PackElend on Tue Apr 06, 2021 6:48 pm, edited 2 times in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Tue Apr 06, 2021 5:32 pm

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled. If you really want to get rid of it, set trunk (tagged only) ports with the following settings:
/interface bridge port
set [ find interface=ether2 ] frame-types=admit-only-vlan-tagged ingress-filtering=yes
(same for the rest of trunk ports).
 
PackElend
Member Candidate
Member Candidate
Topic Author
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Tue Apr 06, 2021 6:29 pm

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled.
thx but there is no traffic with VLAN-ID=1, so why are they listed?

There is active, physical link only on port 01-10 (and 16). Only traffic with VLAN ID=100 runs over port 01-10, so why does VLAN10 say that there is tagged traffic on ether 01 to 10, although some ports output UNtagged traffic?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

Tue Apr 06, 2021 9:55 pm

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled.
thx but there is no traffic with VLAN-ID=1, so why are they listed?

There is active, physical link only on port 01-10 (and 16). Only traffic with VLAN ID=100 runs over port 01-10, so why does VLAN10 say that there is tagged traffic on ether 01 to 10, although some ports output UNtagged traffic?

I don't think the screenshot you provided has anything to do with actual traffic flowing, it has to do with running configuration which (as you can see) can differ from explicit configuration. One example are the VID=1 untagged ports. The reason that they show as "dynamic" is likely this: when you configure bridge port with PVID set, it automatically becomes untagged member of corresponding bridge vlan (you don't have to add it as untagged in /interface bridge vlan). Since bridge ports come with implicit pvid=1 setting, you see all ports without pvid explicitly set (and without filter which blocks untagged frames on ingress I mentioned earlier) mentioned as dynamic untagged members of VLAN 1.

Who is online

Users browsing this forum: diasdm and 33 guests