Community discussions

MikroTik App
 
JimmyRigs
just joined
Topic Author
Posts: 6
Joined: Mon May 24, 2021 8:25 pm

RB4011 - LAG, LACPs, and VLANs

Mon May 24, 2021 9:03 pm

Good day,

So earlier this year I bought an RB4011 and so far its been a really solid router. I'm still trying to figure somethings with it out though and was hoping maybe the community here could provide me some guidance or insight - apologies for a long post and if I'm sorry if some of this seems really basic; just trying to wrap my head around it and learn. This past weekend I decided to start experimenting with bonding to try and teach myself a bit about link aggregation and even more-so how mikrotik/routerboard os handles it. I ran into some issues that hopefully some people can help explain:

Bonding:
I followed the wiki article on bonding and was only able to finally get the bonds to be able to get internet connection after adding the bond under the default config's bridge as a port. This seems off to me from some of the tutorials and reading the wiki since there doesn't seem to be any mention of having to do that portion of it, is this expected behavior? If it is; is it best practice to put each bond in its own bridge or is it fine to keep them all under the same bridge?

Multiple Bonds on the RB4011
I got a little carried away and created a bond for my WAN and one for my homelab; I wanted to setup a third bond but ran into two issues:
  • When I was monitoring the slaves, only one slave appeared to be active (I was using ether 6,7,8), I don't know if this is expected behavior when the system is not under strain using 802.3 but it didn't seem right
  • After getting it setup the same way that I did the first two bonds (WAN and my Homelab); the third bond going to my switch (TP-Link SG1024DE) only had two of the 12 devices showing up under DHCP Leases. Those two devices (Linux Mint & Windows 10 computers) were also the only two devices able to reach the internet. Next weekend I might retry to build this bond to see if I just messed something up. This experience in itself gave me three questions:
    1) Is there an easy way to just pull the config of a specific section in routeros? ex. If I want to just see the configs of just the Interfaces to compare them, is there an easy way just to pull those?
    2) The switch is a managed switch but its only option for LAG is what TP-Link calls legacy LAG. Again, I'm pretty new to bonds but I was under the impression a lag describes the overall bond and LACP is the protocol that makes the lag what it is. Am I wrong in this? And if I am wrong, then any clue how to make an RB4011 work nicely with TP-Links legacy lag mode?
    3) I'm still learning some of the tools in routeros but didn't seem to see one that helped me diagnose where the failure was between the bond and the devices. Any recommendations on what I could use that might help me figure out if its a DHCP Server config issue, issue with the Bond, IP pool, etc?
VLANs and Bonds
So my first attempt at configuring things was to create a bond and then setup a vlan under the bond (I did this through interfaces, not under bridge - I haven't gotten to the part in the wiki that really explains when its appropriate to setup a vlan under one or the other), with the idea that I might setup 9 vlans on the one bond. But I couldn't for the life of me get the devices to show up in the one vlan let alone bother with the others. Is there a trick to getting VLANs to behave in bonds? It seemed like devices would only appear under the bond but not default to the vlan itself.

I'm sure any guidance or insight will give me more than enough to chew on and I appreciate any help that can be provided to steer me in the direction of further reading/research. Sorry again for the long post. Thank you.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB4011 - LAG, LACPs, and VLANs

Tue May 25, 2021 6:09 pm

Its not clear whether you are just playing with setting or have actual requirement based on your WAN connections and network.
Do you have a diagram or Config you can share and state the requirements based on users / devices without any use of words that include the config or approach.
 
JimmyRigs
just joined
Topic Author
Posts: 6
Joined: Mon May 24, 2021 8:25 pm

Re: RB4011 - LAG, LACPs, and VLANs

Wed May 26, 2021 4:06 am

Thank you for the response. Its a bit of both where I am trying to learn by playing but I want to maximize bandwidth to the two switches (which is why I'd ideally like to bond/link aggregate them) because of the volume of network activity on my LAN at times.... Picture:
Network.PNG
Green checkmark - appears to be working as expected
Red X - couldn't get it working
Multiple Lines - Bond
Single Line - Single ethernet interface
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB4011 - LAG, LACPs, and VLANs

Wed May 26, 2021 12:28 pm

Need config
/export hide-sensitive file=anynameyouwish

YOu should read this excellent resource before doing much else.....
viewtopic.php?f=23&t=143620

Hint, the only place vlan1 should be is the default settings of devices aka the bridge on the MT, and in the trunk ports on attached smart devices.
It should not be used for carrying data (aka no dhcp service etc.)

I have something similar just more switches and access points and over 15 vlans.
 
JimmyRigs
just joined
Topic Author
Posts: 6
Joined: Mon May 24, 2021 8:25 pm

Re: RB4011 - LAG, LACPs, and VLANs

Thu May 27, 2021 2:40 am

Thank you for that advice, I don't have time to mess with it tonight (my work is taking away from my hobby :( ) but I am going to take a really good look through that link and get back to you tomorrow if thats ok?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB4011 - LAG, LACPs, and VLANs

Thu May 27, 2021 3:35 am

No worries, similar exercise helping in thread LAN Port 10Mbps only........
except he has a DLINK switch LOL. I happen to have both a dlink and a TPLINK jetstream.
 
JimmyRigs
just joined
Topic Author
Posts: 6
Joined: Mon May 24, 2021 8:25 pm

Re: RB4011 - LAG, LACPs, and VLANs

Wed Jun 09, 2021 6:19 am

Sorry for taking so long to respond. I haven't had much time but when I have sat down to play with things I find myself pulling my hair out trying to figure out little hiccups I keep having. I still am not understanding why the TP-Link switch won't behave with the LAG/Bond I've created and now I've been trying to figure out why the minecraft server I setup won't display as a LAN game (you might notice in the config below I'm missing a few firewall rules because I've been trying to eliminate the potential that something is happening there with it).

At this point I think I just messed it all up trying to implement little things here and there to try and make it work the way I want to make it work.
# jun/08/2021 21:07:02 by RouterOS 6.48.2
# software id = [b]**Removed**[/b]
#
# model = RB4011iGS+
# serial number = [b]**Removed**[/b]
/interface bridge
add admin-mac=X:X:X:X:X:X auto-mac=no comment=defconf name=bridge
/interface bonding
add comment="Main Home LACP" min-links=1 mode=802.3ad mtu=1504 name=Home-Main \
    slaves=ether7,ether8 transmit-hash-policy=layer-2-and-3
add comment="Homelab LACP" min-links=1 mode=802.3ad mtu=1504 name=Homelab \
    slaves=ether3,ether4,ether5,ether6 transmit-hash-policy=layer-2-and-3
add comment="WAN LACP" mode=802.3ad name="WAN LACP" slaves=ether1,ether2 \
    transmit-hash-policy=layer-2-and-3
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges="192.168.88.10-192.168.88.254,192.168.1.10-192.16\
    8.1.254,192.168.2.10-192.168.2.254"
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp disabled=no interface=bridge name=\
    defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge interface=Home-Main pvid=2
add bridge=bridge interface=Homelab trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface="WAN LACP" list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.1.1/24 comment="Homelab IP Address Range" interface=\
    Homelab network=192.168.1.0
add address=192.168.2.1/24 comment=\
    "Main Home IP Address Range - Trusted Static IPs" interface=Home-Main \
    network=192.168.2.0
/ip dhcp-client
add comment=defconf disabled=no interface="WAN LACP"
/ip dhcp-server lease
[i]**Removed**[/i]
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,1.1.1.1,1.0.0.1 gateway=\
    192.168.1.1
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
[b]**Removed**[/b]
add action=dst-nat chain=dstnat comment="Minecraft Server - Bedrock Ports" \
    dst-port=19132 in-interface="WAN LACP" protocol=udp to-addresses=\
    192.168.1.40 to-ports=19132
/ip firewall raw
add action=notrack chain=prerouting comment=\
    "Let devices talk between subnets" dst-address=192.168.1.0/24 \
    src-address=192.168.88.0/24
add action=notrack chain=prerouting comment=\
    "Let devices talk between subnets" dst-address=192.168.1.0/24 \
    src-address=192.168.2.0/24
add action=notrack chain=prerouting comment=\
    "Let devices talk between subnets" dst-address=192.168.2.0/24 \
    src-address=192.168.1.0/24
add action=notrack chain=prerouting comment=\
    "Let devices talk between subnets" dst-address=192.168.88.0/24 \
    src-address=192.168.1.0/24
/system clock
set time-zone-name=America/[b]**Removed**[/b]
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Who is online

Users browsing this forum: oscar120584 and 36 guests