Community discussions

MikroTik App
 
svein
just joined
Topic Author
Posts: 4
Joined: Mon Nov 08, 2021 3:14 pm

Question about vlan and bridge interfaces

Mon Nov 08, 2021 3:45 pm

I have a CRS326-24G-2S+ and I'm trying to wrap my brain around how vlan configuration work on mikrotik routeros.

I have implemented vlan following this tutorial viewtopic.php?t=143620

I have a router connected to the uplink port, with vlan 10,20 and 99. I can ping and ssh the router on all gateways 192.168.10.1, 192.168.20.1 and 192.168.99.1 from the serial console on CRS326-24G-2S+, but if I connect a pc to another interface with untagged vlan, I cannot get a ip from dhcp server on router, or if I set ip manually with gateway address 10.1 or 20.1 I cannot ping the gateway.
Two pc on each untagged vlan port on the same vlan seems to work though, so something as worked.

I have even tested with adding static routes /ip route add distance=1 gateway 192.168.20.1, without any luck.
 
svein
just joined
Topic Author
Posts: 4
Joined: Mon Nov 08, 2021 3:14 pm

Re: Question about vlan and bridge interfaces

Fri Nov 12, 2021 4:32 pm

I have created a interface on the router without vlan. When I connect to this interface with a pc I can both ping and ssh to the switch that is connected to the uplink interface on the rounter. So the routing from native vlan to vlan 99 seems to work as well as traffic from one interface to another. For some reason the other way is not working though.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Question about vlan and bridge interfaces

Fri Nov 12, 2021 4:51 pm

A Mikrotik bridge has two roles, one is like a switch connecting a number of interface ports together and the other like an interface port connecting traffic between the switch and serives running on the CPU, see viewtopic.php?t=173692 for an in-depth explanation.

Generally on a Mikrotik which is being used as a switch you do not require multiple /interface vlan entries, typically you would have one for remote management access to the Mikrotik, they are not required for VLANs which are being switched between the external interface ports.

As ever, post the output of /export hide-sensitive from a terminal window in a code block (the [] icon above the message box when posting).
 
svein
just joined
Topic Author
Posts: 4
Joined: Mon Nov 08, 2021 3:14 pm

Re: Question about vlan and bridge interfaces

Fri Nov 12, 2021 5:20 pm

Sorry about not including the output. Here it is:
# jan/06/1970 03:07:12 by RouterOS 6.48.4
# software id = MKXB-E4RM
#
# model = CRS326-24G-2S+
# serial number = 
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge1 name=BASE_VLAN vlan-id=99
/interface list
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether1 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether7 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether8 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether9 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether10 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether11 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether12 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether13 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether14 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether15 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether16 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether17 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether18 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether19 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether20 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether21 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether22 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether23 pvid=20
add bridge=bridge1 comment=uplink frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether24
add bridge=bridge1 comment=downlink frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus2
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether24,sfp-sfpplus2 vlan-ids=99
/interface list member
add
add interface=BASE_VLAN
add interface=BASE_VLAN list=BASE
/ip address
add address=192.168.99.3/24 interface=BASE_VLAN network=192.168.99.0
/ip route
add distance=1 gateway=192.168.99.1
/ip ssh
set strong-crypto=yes
/system routerboard settings
set boot-os=router-os
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Question about vlan and bridge interfaces  [SOLVED]

Fri Nov 12, 2021 5:44 pm

You need the to tag the other VLANs on the bridge trunk ports too
/interface bridge vlan
add bridge=bridge1 tagged=ether24,sfp-sfpplus2 vlan-ids=10
add bridge=bridge1 tagged=ether24,sfp-sfpplus2 vlan-ids=20

add bridge=bridge1 tagged=bridge1,ether24,sfp-sfpplus2 vlan-ids=99
 
svein
just joined
Topic Author
Posts: 4
Joined: Mon Nov 08, 2021 3:14 pm

Re: Question about vlan and bridge interfaces

Fri Nov 12, 2021 6:36 pm

Perfect, that did the trick. Thank you so much

Who is online

Users browsing this forum: BioMax, PBondurant and 36 guests