Community discussions

 
papaki
just joined
Topic Author
Posts: 5
Joined: Thu Aug 29, 2013 5:39 pm

One eth to "see" multiple VLANs

Thu Aug 29, 2013 5:52 pm

Hello, I have the following setup with two RB750GL:

At RB750GL "A"
- eth1=VLAN10, where is connected a PC "A10"
- eth2=VLAN20, where is connected a PC "A20"
- eth5=TRUNK, which goes to RB750GL "B"

At RB750GL "B"
- eth1=VLAN10, where is connected a PC "B10"
- eth2=VLAN20, where is connected a PC "B20"
- eth5=TRUNK, which goes to RB750GL "A"

Everything works as expected:
- PC "A10" can only see PC "B10", and vice-versa
- PC "A20" can only see PC "B20", and vice-versa

I need to connect a PC "A30" at eth3 of RB750GL "A", and be able to see all other PCs (A10, A20, B10, B20).
I'm stuck, how can I do it?
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: One eth to "see" multiple VLANs

Fri Aug 30, 2013 1:04 pm

It depends on your IP configuration and firewall filter rules
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
User avatar
nickshore
Member
Member
Posts: 472
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: One eth to "see" multiple VLANs

Fri Aug 30, 2013 3:49 pm

Make a bridge and put eth3 and both vlans into it.

On each vlan in the bridge ports set the horizon to be the same value eg 1

Then the vlans won't be able to talk to each other, but they will both be able to communicate with the pc on eth3.

Nick.
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
papaki
just joined
Topic Author
Posts: 5
Joined: Thu Aug 29, 2013 5:39 pm

Re: One eth to "see" multiple VLANs

Fri Aug 30, 2013 3:59 pm

It depends on your IP configuration and firewall filter rules
I didn't setup any IPs, I have to make it work on L2.
Both RB750GL were reset to nothing. Not even default config.
Then I just added these:

ros code

add interface=eth5 name=vlan-10 vlan-id=10
add interface=eth5 name=vlan-20 vlan-id=20

/interface bridge
add name=br-vlan10
add name=br-vlan20
/interface bridge port
add bridge=br-vlan10 interface=vlan-10
add bridge=br-vlan10 interface=eth1
add bridge=br-vlan20 interface=vlan-20
add bridge=br-vlan20 interface=eth2
It does what is supposed to do, I just need now to make eth3 to "see" all VLANs and computers belonging to them.
Make a bridge and put eth3 and both vlans into it.
On each vlan in the bridge ports set the horizon to be the same value eg 1
Then the vlans won't be able to talk to each other, but they will both be able to communicate with the pc on eth3.

Nick.
Nick, can't do that - or at least it doesn't allow me to do it, since I have already bridged vlan-10 with br-vlan10 and vlan-20 with br-vlan20 (see config above).
 
papaki
just joined
Topic Author
Posts: 5
Joined: Thu Aug 29, 2013 5:39 pm

Re: One eth to "see" multiple VLANs

Fri Aug 30, 2013 4:44 pm

Based on Nick's concept, I tried this:

ros code

/interface vlan
add interface=eth5 name=vlan-10 vlan-id=10
add interface=eth5 name=vlan-20 vlan-id=20

/interface bridge
add name=br-multi
/interface bridge filter
add action=drop chain=forward in-interface=eth1 out-interface=eth2
add action=drop chain=forward in-interface=eth2 out-interface=eth1
/interface bridge port
add bridge=br-multi horizon=1 interface=vlan-10
add bridge=br-multi interface=eth1
add bridge=br-multi horizon=1 interface=vlan-20
add bridge=br-multi horizon=1 interface=eth2
add bridge=br-multi horizon=2 interface=eth3
I had to add the bridge filters, since I noticed traffic between eth1<->eth2, which must be avoided.
I played with the "Horizon" values (don't know what this does exactly :( ), but never succeeded to make it work as needed.

So, with the config above:
- I can "see" everything from eth3 (Great!)
- On eth5 I get duplicated the traffic from eth1: one as VLAN10 and a copy as VLAN20.
- If I switch Horizon values between eth1 and eth2, I get (on eth5) duplicated the traffic from eth2.

Am I on the right path? :cry:
 
papaki
just joined
Topic Author
Posts: 5
Joined: Thu Aug 29, 2013 5:39 pm

Re: One eth to "see" multiple VLANs

Fri Aug 30, 2013 5:13 pm

OK, I tried this:

ros code

/interface vlan
add interface=eth5 name=vlan-10 vlan-id=10
add interface=eth5 name=vlan-20 vlan-id=20

/interface bridge
add name=br-multi
/interface bridge port
add bridge=br-multi horizon=1 interface=vlan-10
add bridge=br-multi horizon=1 interface=eth1
add bridge=br-multi horizon=1 interface=vlan-20
add bridge=br-multi horizon=1 interface=eth2
add bridge=br-multi horizon=2 interface=eth3
add bridge=br-multi horizon=2 interface=eth5
...and I am getting on eth5 traffic from eth1 as VLAN10 and from eth2 as VLAN20. Plus, I can "see" everything from eth3.
Now I have to figure out what to do on the other RB750GL "B", which receives this mess and must split VLAN10 traffic to it's eth1, VLAN20 to eth2, and still be able to "see" everything from eth3 of RB750GL "A"...

EDIT:
Correction: Outgoing traffic of eth5 is the sum of eth1 + eth2, but VLAN tagging is missing... (Torch speaking)
 
papaki
just joined
Topic Author
Posts: 5
Joined: Thu Aug 29, 2013 5:39 pm

Re: One eth to "see" multiple VLANs

Sat Aug 31, 2013 12:08 am

Well, I can't make it work. :(
I did something which I'm not proud of: Since VLAN tagging was missing on traffic sent by eth5 of the RB750GL "A", I used Bridge filters (source MAC address based) to separate traffic at the RB750GL "B". It works, but this is an unorthodox solution.

Perhaps my needs can't accomplished with RB750GL, don't know...

Who is online

Users browsing this forum: No registered users and 8 guests