Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Can't get VLAN network work as I need (Confusion)

Post Reply
 
lalo86
just joined
Topic Author
Posts: 5
Joined: Tue Oct 03, 2017 1:16 pm

Can't get VLAN network work as I need (Confusion)

Wed Apr 21, 2021 4:35 pm

I have read all the documentation, I also printed it, tried a lot of configuration on lab, but I cant understand how to get this working.

Scheme attached:

Config:
Code: Select all
###Identity: RT-LH ###
/interface bridge
add bridge name=bridgeLSHN

/interface bridge port
add bridge=bridgeLSHN interface=sfp1 hw=yes

/interface ethernet switch vlan
add ports=sfp1 switch=switch1 vlan-id=1
add ports=sfp1 switch=switch1 vlan-id=300

/interface ethernet switch port
set sfp1 vlan-mode=secure vlan-header=add-if-missing



###Identity: SW-CAF ###
/interface bridge
add bridge name=bridgeLSHN

/interface bridge port
add bridge=bridgeLSHN interface=sfp1 hw=yes
add bridge=bridgeLSHN interface=ether1 hw=yes

/interface ethernet switch vlan
add ports=sfp1,ether1 switch=switch1 vlan-id=1
add ports=sfp1,ether1 switch=switch1 vlan-id=300

/interface ethernet switch port
set sfp1 vlan-mode=secure vlan-header=add-if-missing
set ether1 vlan-mode=secure vlan-header=add-if-missing



###Identity: SW-NOC ###
/interface bridge
add bridge name=bridgeLSHN

/interface bridge port
add bridge=bridgeLSHN interface=ether1 hw=yes
add bridge=bridgeLSHN interface=ether2 hw=yes
add bridge=bridgeLSHN interface=ether3 hw=yes

/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=1
add ports=ether1,ether2 switch=switch1 vlan-id=300
add ports=ether2,ether3 switch=switch1 vlan-id=301

/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=add-if-missing
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=301



###Identity: SW-FAV ###
/interface bridge
add bridge name=bridgeLSHN

/interface bridge port
add bridge=bridgeLSHN interface=ether1 hw=yes
add bridge=bridgeLSHN interface=ether2 hw=yes
add bridge=bridgeLSHN interface=ether3 hw=yes

/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=1
add ports=ether2 switch=switch1 vlan-id=300
add ports=ether2,ether3 switch=switch1 vlan-id=301

/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=always-strip default-vlan-id=1
set ether2 vlan-mode=secure vlan-header=add-if-missing
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=301
Is there anything wrong??

If it is right! how can I reach from RT-LH all the mikrotik,60GHRadio,ptmp5GHz devices on 10.4.10.0/24 vlanid 1 and all the 10.4.11.0/23 vlanid 300 devices ?

I'm really not writing after half an our of testing I'm almost one week on this setup resetting and rebuilding everything from scratch.

Thanks for help!!
You do not have the required permissions to view the files attached to this post.
Top
 
tdw
Forum Guru
Forum Guru
Posts: 1847
Joined: Sat May 05, 2018 11:55 am

Re: Can't get VLAN network work as I need (Confusion)

Wed Apr 21, 2021 5:10 pm

You have not indicated which Mikrotik models you are using. The capabilities and how you configure them differ significantly so your partial configurations may be inappropriate - in particular fast ethernet (10/100Mbit) switch chips do not support hybrid ports, and not all have SFP ports connected to the switch chip.

Aside from that you have not included the switch1-cpu port in any of the configuration under /interface ethernet switch vlan, this will prevent access to the Mikrotik itself.

Also, from the documentation: "For devices with QCA8337 and Atheros8327 switch chips a default vlan-header=leave-as-is should be used. When vlan-mode=secure is configured, it ignores switch port vlan-header options. VLAN table entries handle all the egress tagging/untagging and works as vlan-header=leave-as-is on all ports. It means what comes in tagged, goes out tagged as well, only default-vlan-id frames are untagged at the egress of port."
Top
 
lalo86
just joined
Topic Author
Posts: 5
Joined: Tue Oct 03, 2017 1:16 pm

Re: Can't get VLAN network work as I need (Confusion)

Thu Apr 22, 2021 3:38 pm

I cant handle it, there are to many variables, I found out now that some devices does not have sfp connected to switch-chip.

So an other way to keep it simple and under control is to have all devices with all ports on a bridge.

So how can I obtain the same effect of SW-FAV e3 <--> SW-NOC e3 , I have a customer that need to connect to both sides and he doesnt need to see whats appening on my ports.

Is there any way to to that by IP, My net is 10.4.10.0/24 can I fix EOIP on a specific port for example e3?

Thanks
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19325
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Can't get VLAN network work as I need (Confusion)

Thu Apr 22, 2021 4:15 pm

Yes all very doable with bridges and vlans.
However use vlan99 for management vlan or any number you wish and NOT pvid=1.
That is reserved as the default vlan on all equipment and should not be used to carry data etc........
Trust me I use netgear, dlink, tplink, and mikrotik ROS for switching and routing where one keeps the bridge vlan at default=1 (in the background).

Read this article
viewtopic.php?f=23&t=143620

Each device has its own bridge
Define the vlans
assign the bridge ports and bridge vlan settings accordingly
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 75 guests
  4. RouterOS
  5. Beginner Basics