Community discussions

MikroTik App
 
OctalBush
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:27 am

Can't get a simple bridge vlan to work

Sun Aug 29, 2021 6:34 am

Hello, I just got my RB4011 yesterday and am trying to configure it so that ether1 is my WAN, and ether2-10 are my LAN, with ether9 being an access port to VLAN60 and ether2 being a hybrid port for VLAN60, seeing as it is an AP that has SSIDs with VLAN60 and native VLAN.

Here is my config:
[dspencer@MikroTik] > export
# jan/02/1970 15:14:35 by RouterOS 7.1rc1
# software id = AJNK-CMEV
#
# model = RB4011iGS+
# serial number = REDACTED
/interface bridge
add admin-mac=2C:C8:1B:B3:11:F7 auto-mac=no comment=defconf ingress-filtering=no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan60 vlan-id=60
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=guest-dhcp ranges=192.168.60.100-192.168.60.200
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
add address-pool=guest-dhcp interface=vlan60 name=vlan60dhcp
/routing table
add fib name=""
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf ingress-filtering=no interface=ether10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge comment=defconf ingress-filtering=no interface=ether9 pvid=60
/ip neighbor discovery-settings
set discover-interface-list=none
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=ether2 untagged=ether9 vlan-ids=60
/interface l2tp-server server
set l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.60.1 interface=vlan60 network=192.168.60.0
/ip dhcp-client
add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.15 comment="HDHomeRun Tuner" mac-address=redacted server=defconf
add address=192.168.1.90 comment="Wireguard" mac-address=redacted server=defconf
/ip dhcp-server network
add address=192.168.60.0/24 gateway=192.168.60.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=2200
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system resource irq rps
set sfp-sfpplus1 disabled=no
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

I've tried this several different ways and have followed the bridge vlan guide on help.mikrotik.com but this just hasn't worked. I can't get DHCP to work when plugged into ether9. Can anyone offer some advice please?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 4:24 pm

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 4:28 pm

If the access point can read vlan tags, then you dont need to send it any untagged vlans just tagged vlans.
What access point is it?
 
OctalBush
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:27 am

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 4:31 pm

It's a Ruckus R610. It will be plugged in to ether2. ether9 will be a workstation that I want only on VLAN60, hence the untagged ether9.
 
OctalBush
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:27 am

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 4:51 pm

BartoszP,

I read those articles, from what I can tell, my config matches the second link? I used separate VLAN interfaces instead of the bridge like it said. I'm not sure where I messed up.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 5:00 pm

Compare your IP address commands. Your vlan60 is missing the subnet mask.
 
OctalBush
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:27 am

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 5:20 pm

Thanks biomesh, I missed that. I changed it, but I am still unable to get DHCP resolution on ether9 for whatever reason.
 
OctalBush
just joined
Topic Author
Posts: 5
Joined: Sun Aug 29, 2021 6:27 am

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 5:31 pm

So I got my own issue to work by tagging the bridge port as well as ether2... although I don't understand why I had to tag the bridge, can anyone explain?

/interface bridge vlan
add bridge=bridge tagged=ether2,bridge untagged=ether9 vlan-ids=60
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Can't get a simple bridge vlan to work

Sun Aug 29, 2021 6:32 pm

A bridge has multiple roles, see viewtopic.php?f=2&t=173692 for a good explanation.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Can't get a simple bridge vlan to work

Mon Aug 30, 2021 1:36 am

This is also an excellent reference for vlans.....
viewtopic.php?f=23&t=143620

Who is online

Users browsing this forum: wirelesslywired and 40 guests