Community discussions

MikroTik App
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

CRS312, VLANs cannot talk with outside of the switch

Tue Mar 02, 2021 10:04 pm

Hello
I've set up a simple VLAN configuration in SWOS, without any special settings. Seems it isn't possible either from RouterOS, but haven't spend a lot of time there.
The management port is completely accessible, and I've set up a trunk to the Mikrotik from my EdgeSwitch, with a single SFP port.
I've seen Lawrence Systems video: https://youtu.be/bUmIzmuWtEs?t=568, and he does not even need the Switch to know of any VLANs, to get it to work. Also following the short guide from this page: https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
In the hosts tab, I am able to see the DHCP servers MAC adresses, and they are discovered on the correct VLANs aswell.
I've attached the config file (changed to txt), as well as screenshots of the following tabs: VLAN, VLANs, Hosts.

I hope someone can figure out what's the cause of this.

Thanks in advance!

Nikodar
You do not have the required permissions to view the files attached to this post.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: CRS312, VLANs cannot talk with outside of the switch

Fri Mar 05, 2021 6:45 pm

SwitchOS handles VLANs just fine. I am using multiple VLANs on all of my switches. Most of my ports are not VLAN tagged - but are assigned to a VLAN, but there is at least one VLAN trunk port, and several of the switches have one or more other ports that are VLAN tagged.

Based on the hosts tab, you only have one connection to the switch - port 12. What are you trying to accomplish?

You don't have VLAN 1 assigned to any ports on the VLANs tab. BTW, I generally recommend against using VLAN 1 unless you really have to. Here are a couple screen captures of on of my switches. That may give you some hints.

Image

Image
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Fri Mar 05, 2021 7:32 pm

Thanks for your reply k6ccc!

Yeah, I'm not new to VLANS, just not worked with Mikrotik before, but the SwitchOS should just do the job with VLANs, which is why I'm wondering why the vlan config does not work. Only changing the default VLAN ID on the port, to the desired VLAN, which did not result in anything seen in this video here: https://youtu.be/bUmIzmuWtEs?t=568.

Port 12 is my uplink a different switch, which sends the VLANS through a trunk. Blackhole vlan is untagged, and vlan 10, 20 is tagged. However, just untagging a single vlan, does not give me a different result as the client on my Mikrotik Switch. The hosts is just most of other devices on my network, in their respective VLANs, COMBO4 #3 and #4 (from top), is my Firewall/DHCP Server, on both VLAN 10 & 20.
Port 1 is my client, which I am trying to allow vlan 20.

I've avoided the use of VLAN 1, as I it is generally not a good idea, to have VLAN 10 in production. Hence why I'm using my own VLANs. Just didn't care to change all non-active ports vlan to blackhole, as I'm still testing.

As I can see on your config, you have different settings in VLAN mode and VLAN receive. On any port, do you have a client, ex win10 machine? I've tried playing with VLAN Mode, Optional, Enabled, and Strict, and on VLAN Receive, any and untagged, but my client device still cannot communicate with anything (except the switch itself, if IP is staticly set).

I then see you do not have Port Isolation. I'm not sure whether to keep this enabled, or disable this, but in Mikrotiks own Wiki, they don't change this, and seems to get it to work.

I'm just struggling to figure out, why a completely simple config does not work. Brand new, running SWOS 2.12, just faulty?

Thanks!
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: CRS312, VLANs cannot talk with outside of the switch

Fri Mar 05, 2021 11:41 pm

No, I do not normally use the port isolation capability - just different VLANs to keep things apart.

On your port 1, on the VLAN tab, change VLAN mode to disabled and VLAN Receive to Only untagged. Off hand, I suspect that the switch is trying to send VLAN tagged traffic to your client PC - which likely will not work.

Yes, On my config, any port that will have a non-VLAN aware device (most end devices) have VLAN mode disabled, and VLAN receive set to Untagged only. The default VLAN for that port is set to the desired VLAN and on the VLANs tab, only that one VLAN is set on that port. On trunk ports (1, 24, 25, & 26), the VLAN mode is set to strict, the VLAN receive is tagged only and the default VLAN is a dummy number. On the VLANs tab, all the desired VLANs are enabled on the trunk ports. The only odd-balls are the ports (23 & 21) set up for my managed WiFi which uses a untagged LAN for management and VLAN tagged LANs for each SSID. Those are set to VLAN mode of strict, VLAN receive mode to any, and the default VLAN to whatever VLAN will be used for untagged management. On the VLANs all five VLANs (one management and four SSIDs) are allowed on the port.

And yes, most DUMB switches will pass VLAN tagged traffic through them without altering the packets.

BTW, what version of SwitchOS are you running?
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sat Mar 06, 2021 12:30 am

Hi k6ccc

Thanks again!

I’ll be trying a few things tomorrow, of what I can see from your config and your recommendations.
What I’ve meant with vlan traffic to my client, would be untagged traffic, as, of course, it has no idea what a vlan is.
But from what you mentioned, vlan mode should be disabled to clients? (Now when I think over it, it makes more sense than enabled, or other).

I’ll take a closer look at your message tomorrow. However, any trunk configuration seems to confuse me with MikroTik, as the name “trunk” (or other as different vendors call them different things), does not seem to be mentioned anywhere in either RouterOS or SWOS. Although configuring multiple VLANs on one port usually is a trunk, which it seems MikroTik does not mention in their OS, I’d usually select the trunk method when configuring. (been using HP/Aruba and Ubiquiti).

I’m running the latest SWOS 2.12, also tried re-upgrading the firmware, in case the installed one was faulty, although no change happened.

I’ll update with any new findings.

Thanks.
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sat Mar 06, 2021 3:21 pm

So I've disabled port isolation, and changed my VLAN config, as you can see in the attachment.
Still no luck..

Would downgrading the Firmware be a possible idea? - although 2.12 looks to be stable since release..
You do not have the required permissions to view the files attached to this post.
 
l2629
just joined
Posts: 1
Joined: Sun Mar 07, 2021 10:09 am

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 11:58 am

im new to mikrotik either and mine two just purchaised cs312 are still in boxes.
and i must agree mikrotik's "style" is weird, seems like " we dont wonna be like others", but ok.
as far as i understand if want 12th port as trunk -you dont have to assing "default vlan" on port 12, translating to mikrotik "yoda" language - your 12 port is untagged for 2 vlans simultaneously what is nonsense.
and set vlan mode "enable" on 12 port
Last edited by l2629 on Sun Mar 07, 2021 12:09 pm, edited 2 times in total.
 
ropeguru
newbie
Posts: 26
Joined: Tue Mar 18, 2014 9:55 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 3:21 pm

So I've disabled port isolation, and changed my VLAN config, as you can see in the attachment.
Still no luck..

Would downgrading the Firmware be a possible idea? - although 2.12 looks to be stable since release..
So the one thing we haven't seen is the configuration from the Edgeswitch. Just want to make sure we are seeing what we expect coming the the Edgeswitch.

Can you post the config for the port feeding the Mikrotik? ONe thing I have run into with Juniper, is that you cannot put a default vlan on a port (untagged) and then also put that same vlan in as tagged. This bit me a couple of times until I learned.
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 3:59 pm

Hi Ropeguru

I've taken a look through my EdgeSwitch.
See the attached images from my EdgeSwitch. Neatly edited to only show the requested port / vlans.

The Vlan Port Configuration, shows all 3 VLANs, 10, 20, 666, here 10 and 20 is tagged, with 666 untagged.

The VLAN configuration, shows my trunk, set up with vlan 10, 20, 666, with 10, 20 tagged, 666 untagged.

Now.. The Port Summary, should display the same as the other tabs?? Apparently not. This displays untagged vlan 10, and tagged vlan 20, 666. (Keep in mind changing the Port VLAN ID, did not change any results of the tagged/untagged vlans).
This shouldn't differ from the other configurations?

Hope this is what you've asked for (not sending config because of UNMS, etc.)

Thanks
You do not have the required permissions to view the files attached to this post.
 
ropeguru
newbie
Posts: 26
Joined: Tue Mar 18, 2014 9:55 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 6:30 pm

Hi Ropeguru

I've taken a look through my EdgeSwitch.
See the attached images from my EdgeSwitch. Neatly edited to only show the requested port / vlans.

The Vlan Port Configuration, shows all 3 VLANs, 10, 20, 666, here 10 and 20 is tagged, with 666 untagged.

The VLAN configuration, shows my trunk, set up with vlan 10, 20, 666, with 10, 20 tagged, 666 untagged.

Now.. The Port Summary, should display the same as the other tabs?? Apparently not. This displays untagged vlan 10, and tagged vlan 20, 666. (Keep in mind changing the Port VLAN ID, did not change any results of the tagged/untagged vlans).
This shouldn't differ from the other configurations?

Hope this is what you've asked for (not sending config because of UNMS, etc.)

Thanks
The last image in your post with the VLAN Port Summary is showing vlan 10 as untagged. Can you test setting the Port VLAN ID to 666? I am thinking that the vlan 10 being defined as the Port VLAN ID is causing the frames to come across untagged and on the Mikrotik side, you need them to be tagged.
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 6:33 pm

Thanks again.

Very quick answer, it does not change the tagged/untagged VLANs. Neither does changing default vlan on the Mikrotik switch.
See the attachment.

Also just adding to it all, just untagging a single VLAN and not trunking, does not work either. To me it doesn't seem like a VLAN misconfiguration, just the two switches not understanding eachother?


Thanks
You do not have the required permissions to view the files attached to this post.
 
ropeguru
newbie
Posts: 26
Joined: Tue Mar 18, 2014 9:55 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 9:06 pm

I still think there is an issue with your edge switch and the fact that vlan 10 is still showing as untagged and 20 and 666 are showing as tagged even though you specifically called out 10 to the tagged and 666 to be untagged.

This is why vlan 20 works but 10 doesn't.
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Sun Mar 07, 2021 9:11 pm

I see why it should work with vlan 20, but none of my vlans work. As mentioned, it does not work with a single vlan untagged either.

Tagging and untagging vlans doesn't seem to be a problem with anything else than this.
Currently everything else I have, is running off my EdgeSwitch.
 
Nikodar
just joined
Topic Author
Posts: 8
Joined: Tue Mar 02, 2021 12:57 pm

Re: CRS312, VLANs cannot talk with outside of the switch

Tue Mar 09, 2021 8:11 pm

I've made a small picture in paint, showing the most simple Vlan setup doesn't work.

Network send to the Mikrotik Switch, is directly from my Firewall.
Here I untag the network to Vlan30, and untag Vlan 30 to the client port.
My Client cannot receive a DHCP address (gives itself an APIPA), and I cannot communicate out from the Switch, with a static IP.

If I select my Switch to obtain it's IP through DHCP, it will get an IP, which means the connection to the Switch works, but it seems it cannot direct it to my clients.
Changing around with VLAN mode and VLAN Receive, does nothing, and at all times the VLAN member ports are selected (port isolation disabled).

It's unfortunate, but if it's faulty I'll have it replaced, if not it will probably be returned.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 10 guests