2011UAS VLAN tagging etc

dmalotte · Mon Apr 01, 2013 10:37 pm

I have been working with setting up VLANs on the RB2011. I was investigating using the switch chip to handle some VLAN trunking but was unable to get things to work as desired. It seems that setting the VLAN ID is unsupported (only the 8316 supports Trunking???) so I have set it up using VLAN interfaces and Bridge groups. I have a working setup but there is one minor problem that I would like to resolve. I have three VLANs trunking through ether1, 1, 20 and 192. If I set the VLANs up and point them to ether1 then all three will work as TAGGED VLANS to my switches. I would really like VLAN 1 to be untagged. I tried to set ether1 as a port on the VLAN1 bridge but when I do that I lose connectivity to the router. Here's an excerpt of my config that works IF i wanted to leave VLAN1 and tagged. What is the preferred way to trunk VLANS in the 2011 series?

I thought that using the switch chip would have been better than this config but it didn't seem that the rules would handle the forwarding as the documentation suggested was necessary.

Thanks
Dwane

/interface bridge
add l2mtu=1594 name=VLAN20Bridge
add l2mtu=1594 name=VLAN192Bridge
add l2mtu=1594 name=VLAN1Bridge
/interface ethernet
set 0 name=sfp1-gateway
set 1 name=ether1
/interface vlan
add interface=ether1 l2mtu=1594 name=VLAN20-UplinkPort vlan-id=20
add interface=ether1 l2mtu=1594 name=VLAN192-UplinkPort vlan-id=192
add interface=ether1 l2mtu=1594 name=VLAN1-UplinkPort vlan-id=1

/interface bridge port
add bridge=VLAN20Bridge interface=ether10
add bridge=VLAN20Bridge interface=VLAN20-UplinkPort
add bridge=VLAN192Bridge interface=VLAN192-UplinkPort
add bridge=VLAN192Bridge interface=ether9
add bridge=VLAN1Bridge interface=VLAN1-UplinkPort
add bridge=VLAN1Bridge interface=ether2
/ip address
add address=192.168.20.25/24 comment="Management IP for VLAN 20" interface=\
    VLAN20Bridge

/ip neighbor discovery
set sfp1-gateway disabled=yes
set ether1-gateway disabled=yes
set VLAN20-UplinkPort disabled=yes
set VLAN192-UplinkPort disabled=yes
set VLAN1-UplinkPort disabled=yes
/ip route
add distance=1 gateway=192.168.20.1
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6
add disabled=no interface=ether7
add disabled=no interface=ether8
add disabled=no interface=ether9
add disabled=no
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6
add interface=ether7
add interface=ether8
add interface=ether9
add

quicky2g · Tue Apr 02, 2013 12:38 am

I've been searching around for the same type of config. I just found this. Maybe it will help you too:

http://forum.mikrotik.com/viewtopic.php?f=2&t=69912

CelticComms · Tue Apr 02, 2013 12:47 am

When you attach a VLAN interface to a physical Ethernet interface in RouterOS the VLAN traffic is always tagged. If you want to access the untagged traffic you can do so via the physical Ethernet interface itself.

Although Cisco gear comes with untagged trunk traffic set to VLAN 1, it is good security practice to change that - make the native VLAN an unused VLAN number and only use identified VLANs for data and management. It also happens to make for more intuitive inter-working with RouterOS.

2011UAS VLAN tagging etc

2011UAS VLAN tagging etc

Re: 2011UAS VLAN tagging etc

Re: 2011UAS VLAN tagging etc

Who is online