First to say that this post was not wrote only to ask questions, but also to give answers and config examples.
prolog: i have one fiber connection to ISP and block of public ip address which not routed to me, but they given by dhcp server on interface - this cause first problem because i must find solution to distribute public ip to hosts in LAN (public IP to servers). I have also dedicated fiber connection between HO and BO. Internet connection is on HO. At both location i have MikroTik routers and Cisco switches. Both location has to have separated LANs with different IP range which are routed by routers. LANs has to serve for PC, WiFI1, WiFi2, VoIP, Mngmt1,Mngmt2 etc. that is the second problem And for that purpose i decide to use VLANs. Because i have OnSite (HO) Servers and OffSite (BO) Servers and because this Servers has to have public IP i need to make L2 trunks for some VLANs to pass between location - and that is third problem
To clarify:
1- i must have L2 VLAN configuration: bridge with vlans and ethernet ports in bridge
2- i must have L3 IP configuration: all IP is on vlans
3- one port at each router must have IP, and to be allowed for access - emergency local access
First configuration i succeed was have common L2 misconfiguration: couple of bridges, vlans and ethernet in bridge, eoip and vlan in second bridge, vlans on ethernet interface ect. Obviously, i change that configuration immediately.
Current configuration uses VLANs on Bridge and VLAN Bridge filtering. At IP layer to achieved connectivity between IP ranges i decide to use OSPF routing protocols.
Topology part of config R0:
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] comment="to R1" full-duplex=no name=ether1-p2p-fo1
set [ find default-name=ether2 ] comment="to SW0-1"
set [ find default-name=ether3 ] comment="to SW0-2"
set [ find default-name=ether4 ] comment="to Rsw0-1"
set [ find default-name=ether5 ] comment="to ISP" name=ISP
set [ find default-name=ether13 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="Local Mgmt"
/interface vlan
add comment=VoIP interface=bridge-lan_vlans name=vlan4 vlan-id=4
add comment=LAN1 interface=bridge-lan_vlans name=vlan1 vlan-id=1
add comment=LAN3 interface=bridge-lan_vlans name=vlan3 vlan-id=3
add comment=LAN2 interface=bridge-lan_vlans name=vlan2 vlan-id=2
add comment=native interface=bridge-lan_vlans name=vlan999 vlan-id=999
add comment=Management interface=bridge-lan_vlans name=vlan99 vlan-id=99
add comment=WAN interface=bridge-lan_vlans name=vlan100 vlan-id=1000
add comment=p2p interface=bridge-lan_vlans name=vlan2000 vlan-id=2000
/interface bridge
add admin-mac=... auto-mac=no comment=VLANs\
fast-forward=no name=bridge-lan_vlans vlan-filtering=yes
/interface bridge port
add bridge=bridge-lan_vlans interface=ether1-p2p-fo1 pvid=2000
add bridge=bridge-lan_vlans interface=ether2 pvid=9
add bridge=bridge-lan_vlans interface=ether3 pvid=9
add bridge=bridge-lan_vlans interface=ether4 pvid=9
add bridge=bridge-lan_vlans interface=ether5-Jotel pvid=1000
/interface bridge vlan
add bridge=bridge-lan_vlans tagged=\
bridge-lan_vlans,ether1-p2p-fo1,ether2,ether3,ether4,ether5 \
vlan-ids=3
add bridge=bridge-lan_vlans tagged=\
bridge-lan_vlans,ether2,ether3,ether4,ether5 vlan-ids=1,999,99
add bridge=bridge-lan_vlans tagged=\
bridge-lan_vlans,ether1-p2p-fo1,ether3,ether4 vlan-ids=4
add bridge=bridge-lan_vlans tagged=bridge-lan_vlans,ether1-p2p-fo1,ether3 \
untagged=ether5 vlan-ids=1000
add bridge=bridge-lan_vlans tagged=\
ether1-p2p-fo1,ether3,ether5,bridge-lan_vlans vlan-ids=10
add bridge=bridge-lan_vlans tagged=bridge-lan_vlans,ether1-p2p-NOC-fo1 \
vlan-ids=2000
add bridge=bridge-lan_vlans tagged=\
bridge-lan_vlans,ether3,ether5,ether1-p2p-fo1,ether7 vlan-ids=20
add bridge=bridge-lan_vlans tagged=\
bridge-lan_vlans,ether1-p2p-NOC-fo1,ether2,ether3,ether4,ether5 \
vlan-ids=2
config Rsw1-1 and Rsw0-1 is the same and i choose to use vlans on switch chip because it will work only as a switches
Code: Select all
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-trunk
set [ find default-name=ether2 ] name=ether2-v10
set [ find default-name=ether3 ] name=ether3-v10
set [ find default-name=ether4 ] name=ether4-trunk
set [ find default-name=ether5 ] name=ether5-trunk
/interface vlan add interface=bridge1 name=vlan98 vlan-id=98
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=add-if-missing vlan-mode=secure
set 4 default-vlan-id=98 vlan-header=leave-as-is vlan-mode=secure
/interface bridge port
add bridge=bridge1 interface=ether1-trunk
add bridge=bridge1 interface=ether2-v10
add bridge=bridge1 interface=ether3-v10
add bridge=bridge1 interface=ether4-trunk
add bridge=bridge1 interface=ether5-trunk
/interface ethernet switch vlan
add ports=ether1-trunk,switch1-cpu switch=switch1 vlan-id=99
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=10
add ports=ether1-trunk,ether2-v10,ether3-v10 switch=switch1 vlan-id=10
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=4
add ports=ether1-trunk,ether4-trunk switch=switch1 vlan-id=2
/ip address
add address=192.168.98.1/29 interface=vlan98 network=192.168.98.0
/ip route
add distance=1 gateway=192.168.98.1
The problem i find here is that hw offload was not working. The problem is in fact that i have two switch chip on the RB and ports in the bridge was from both switch chip (both are 8327).
But the problem is also at R1 router which has only one switch chip (8316) where all ethernet ports are on same chip. I found that hw offload turn off at the moment when i use vlan filtering on bridge.
At Rsw0-1 and Rsw1-0 i have problems to have access to it using mgmt vlan. Also i find that RoMON don't work.
Also, i found many problems to make things working when i choose vlans on switch cip. Trying to pair devices with different switch chips (8136 and 7240 and 8227) and that is nightmare because they don't work at same way.
To be clear, the config i have now working, but i should improve it. Because of that i asking you folks how will you fulfill this ?
Does i have to configure all devices to use switch chips or to remain on bridge vlans on devices with router function (R0 and R1) and switch chip vlans on (Rsw0-1 and Rsw1-1) or to use bridge vlans on all devices?
Note that I expect high bandwidth demands on Rsw devices and it will be great to get maximum switch usage instead of cpu, because this device will act as switch.
Also I have to preserve RoMON function.
Finaly, i must to use all my ports on Rsw devices but also i should have one for local management as i said. To do that one port must be hybrid port (eg. ether5), that port and switch-cpu should be at the same vlan - I am unsuccessful to achieve that goal.
Note: Please don't recommend to use another deviceses or to buy another equipment that is not reason what i write here. I need solutions with devices which i own.