Community discussions

MikroTik App
 
apan
just joined
Topic Author
Posts: 10
Joined: Sat May 22, 2010 9:54 am

RB750G no traffic on VLAN interface

Tue Aug 10, 2021 2:58 am

I've an old RB750G that I've used as a NAT gateway and CAPsMAN manager, no problem with that for years. But now I'm trying to develop the setup by separating my devices to different networks with VLAN which is harder that I though. Since it's an older device but still has a switch chip(atheros8316) I figured that I shall be able to use this guide as beginning https://wiki.mikrotik.com/wiki/Manual:Switch_Router.

I've basically copy pasted that guide but can't get it to fly. I can get traffic to flow via different untagged ports but I can't get traffic to or from the VLAN interfaces, it's like they not connected to the bridge. So in the current setup devices connected to ether2 and ether3 doesn't get DHCP, and I see no request coming in to the corresponding VLAN interface.


Apritiate if anyone could give me a hand here. :cry:

/interface bridge
add name=bridge1
/interface vlan
add interface=bridge1 name=VLAN10 vlan-id=10
add interface=bridge1 name=VLAN20 vlan-id=20
/interface ethernet switch port
set 1 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure
/ip pool
add name=POOL10 ranges=192.168.10.100-192.168.10.200
add name=POOL20 ranges=192.168.20.100-192.168.20.200
/ip dhcp-server
add address-pool=POOL10 disabled=no interface=VLAN10 name=DHCP10
add address-pool=POOL20 disabled=no interface=VLAN20 name=DHCP20
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/interface ethernet switch rule
add dst-address=192.168.20.0/24 new-dst-ports="" ports=ether2 switch=switch1
add dst-address=192.168.10.0/24 new-dst-ports="" ports=ether3 switch=switch1
/interface ethernet switch vlan
add ports=ether2,switch1-cpu switch=switch1 vlan-id=10
add ports=ether3,switch1-cpu switch=switch1 vlan-id=20
/ip address
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
/ip dhcp-client
add !dhcp-options disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: RB750G no traffic on VLAN interface

Tue Aug 10, 2021 8:30 am

I do not use the switch in RB750G r3.

Here is a long post about Mikrotik VLAN and this visio show more or less my final test setup.
viewtopic.php?p=681516#p681516
 
apan
just joined
Topic Author
Posts: 10
Joined: Sat May 22, 2010 9:54 am

Re: RB750G no traffic on VLAN interface

Tue Aug 10, 2021 10:59 pm

Thanks, pity I didn't find that thread before I posted.
I'm a little concerned running everything on the CPU but I'll give it a try and see how it preforms.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: RB750G no traffic on VLAN interface

Wed Aug 11, 2021 12:07 am

Using the switch chip only bypasses the CPU for traffic between ethernet ports within the same VLAN, traffic between VLANs and NAT will always be handled by the CPU. Unless you have significant traffic within the same VLAN on different ethernet ports it is much simpler to use a VLAN-aware bridge.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: RB750G no traffic on VLAN interface

Wed Aug 11, 2021 2:15 am

Unless you have significant traffic within the same VLAN on different ethernet ports it is much simpler to use a VLAN-aware bridge.

None of my routers have any traffic between different Ethernet ports on the same VLAN because there are none. Routers are used exclusively as routers and switches are used for switching functions. 4 of the 5 ports on both of my RB750 series routers immediately plug into ports on a CSS326 switch. The switch handles all the switching and VLAN splitting as needed.
And in case you are wondering why only 4 of the 5 ports of the two routers - the 5th port is a tie between the two routers for traffic that comes into one router and leaves via the other router. And I used to run that connection through the switch (even though it served no useful purpose), but I was running out of switch ports, so by running directly between the two routers, I freed up two switch ports...
 
apan
just joined
Topic Author
Posts: 10
Joined: Sat May 22, 2010 9:54 am

Re: RB750G no traffic on VLAN interface

Fri Aug 13, 2021 12:53 am

It was easy to get going with the VLAN filtering bridge. Unfortunately it uses to much CPU, when I connect my Firewalla the RB750G more or less stops responding due to high CPU load with also takes down CAPsMAN I guess sinse the WiFi also goes down :shock: . Not really sure what the Firewalla does to trigger that but it does not happen when I'm using hardware offloading. Besides the Firewalla issue there will from time to time be large traffic in the same VLAN so I need it to perform decent. Not necessary line rate but at least half.

I was just about to call it the day and accept that the RB750G is an old pice and not up for the game when I tried to add a VLAN on top of the untagged bridge. Basically just adding this.
/interface vlan
add interface=bridge name=VLAN10 vlan-id=10
/interface ethernet switch vlan
add ports=switch1-cpu,ether5 switch=switch1 vlan-id=10
I shouldn't be surprised since AFAIK it should work like that but I haven't managed to get it to work before, and sound like more have been struggling with it. I'll continue to build up the network based on this and see how it holds.

Who is online

Users browsing this forum: Bing [Bot] and 36 guests