Community discussions

MikroTik App
 
nertskull
just joined
Topic Author
Posts: 3
Joined: Wed Jun 09, 2021 1:58 am

Winbox won't connect from VLAN

Wed Jun 09, 2021 3:16 pm

I just got a CRS326 to learn on, and I'm trying to set up VLANs. I appear to have that part working. I can get connected from various computers on the appropriate VLAN. I pretty much used this tutorial, which was great. Also relied some on this and the examples there.

But whenever I'm on a computer connected on one of the VLAN ports, I can not for the life of me figure out how to connect to the switch. Winbox won't connect, the WebGUI doesn't work. I've tried MAC and IP addresses. I've turned off all firewalls. Nothing. I'm sure it's some simple setting I'm missing, can anyone point me in the right direction?

Here is my current setup
/interface bridge
add admin-mac=08:55:31:D9:A5:35 auto-mac=no comment=defconf name=bridge
add name=bridgeVLAN vlan-filtering=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridgeVLAN interface=ether9
add bridge=bridgeVLAN interface=ether12
add bridge=bridgeVLAN interface=ether10 pvid=101
add bridge=bridgeVLAN interface=ether11 pvid=101
/interface bridge vlan
add bridge=bridgeVLAN tagged=ether9 untagged=ether10,ether11,ether12 vlan-ids=101
/ip address
add address=10.11.11.2/24 comment=defconf interface=bridge network=10.11.11.0
add address=10.11.101.2/24 interface=bridgeVLAN network=10.11.101.0
/system routerboard settings
set boot-os=router-os
If I'm on a cable on ether10, for example, I can not connect using 10.11.101.2 or the mac address.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Winbox won't connect from VLAN

Wed Jun 09, 2021 4:05 pm

Because you have only configured the VLAN on the external bridge ports and missed the implicit bridge-to-CPU port setup for management access per https://wiki.mikrotik.com/wiki/Manual:I ... figuration, see viewtopic.php?f=2&t=173692 for a detailed explanation.

Using more than one bridge is not recommended as on CRS3xx you loose hardware offload for ports attached to anything other than the first bridge.
 
nertskull
just joined
Topic Author
Posts: 3
Joined: Wed Jun 09, 2021 1:58 am

Re: Winbox won't connect from VLAN

Wed Jun 09, 2021 6:22 pm

That was helpful reading, thank you. But I'm not quite there yet. I reduced down to one bridge and just two ports. Like so:
/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=TEST vlan-id=111
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether9 pvid=111
/interface bridge vlan
add bridge=bridge1 tagged=ether2 untagged=ether9 vlan-ids=111
/ip address
add address=10.11.111.2/24 interface=TEST network=10.11.111.0
/system routerboard settings
set boot-os=router-os
Still no connection when on ether9. I tried following this section, using the bullet point "In case VLAN filtering is used and access from trunk and/or access ports with tagged traffic is desired".

I think(?) that the issue might be the fact that that section says it should be 'tagged' traffic. But I have my /interface bridge vlan setup as 'tagged=ether2 untagged=ether9'.

But in the next bullet point on that page for the "untagged traffic" it wants you to set the ports to pvid=1. But I want them to be access ports, so I don't think that's right.

Thanks for the help, I read those links and things are making more sense, but I'm clearly still not quite understanding something.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Winbox won't connect from VLAN  [SOLVED]

Wed Jun 09, 2021 7:57 pm

All of the /interface bridge vlan settings, plus the pvid= settings under /interface bridge and /interface bridge port have no effect unless vlan-filtering=yes

You have also still omitted the bridge-to-CPU interface from /interface bridge vlan so packets are unable to pass from the switch-like role of the bridge to any services provided by the CPU, it should be:
add bridge=bridge1 tagged=bridge1,ether2 untagged=ether9 vlan-ids=111

The untagged= settings are unnecessary, if omitted they will be added dynamically based on the port pvid= settings, and it prevents you manually creating a mismatch leading to communication problems.
 
nertskull
just joined
Topic Author
Posts: 3
Joined: Wed Jun 09, 2021 1:58 am

Re: Winbox won't connect from VLAN

Thu Jun 10, 2021 10:01 pm

All of the /interface bridge vlan settings, plus the pvid= settings under /interface bridge and /interface bridge port have no effect unless vlan-filtering=yes

You have also still omitted the bridge-to-CPU interface from /interface bridge vlan so packets are unable to pass from the switch-like role of the bridge to any services provided by the CPU, it should be:
add bridge=bridge1 tagged=bridge1,ether2 untagged=ether9 vlan-ids=111

The untagged= settings are unnecessary, if omitted they will be added dynamically based on the port pvid= settings, and it prevents you manually creating a mismatch leading to communication problems.
Thank you so much for your patience. That made it work, and I get what you mean now by the bridge-to-CPU. That wasn't really clicking until now, or at least clicking better. Seriously thank you again, I had spent so many hours trying to figure that out.

Who is online

Users browsing this forum: jharig, koolandrew, lurker888 and 48 guests