Community discussions

MikroTik App
 
sdchristensen
just joined
Topic Author
Posts: 6
Joined: Thu Jun 10, 2021 6:21 am

Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 1:28 am

I have a RB4011 and two VLAN aware managed switches.
I have ether8 configured with VLAN1 and VLAN10.
Ether8 is connected to port 8 SWITCH1 which has VLAN1 and VLAN10 (T)agged.
VLAN1 is assigned 192.168.1.1/24 and VLAN10 is assigned 192.168.10.1/24
Everything is working.

I want to add another "trunk" from the RB4011 to SWITCH2 to carry VLAN1 and VLAN10.
Under Interfaces\VLAN I can only assign VLAN10 and VLAN20 to one port (currently ether8).

I tried creating a bridge VLAN-BRIDGE, assigning VLAN1 and VLAN10 to the bridge instead of ether8.
I assigned interfaces VLAN1 and VLAN10 as ports on the bridge.
Didn't work.
I assigned interfaces 7 and 8 as ports on the bridge.
Didn't work.
I tried creating VLANs on the BRIDGE instead of the INTERFACE tab.
Didn't work.
All "drop" firewall rules were disabled.

Searched the internet and wiki and couldn't find help on what I am looking for.

Thanks,

Steve
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 2:19 am

I will be glad to help once you have understood and tried to apply some of the basics from the following excellent link.
Hint 1: Do not use vlan1 ID for traffic or anything but the default pvid for the bridge itself.
Hint2: Only need one bridge.

viewtopic.php?f=23&t=143620

PS. I could write the correct config but then you wouldnt really learn anything. Its best accomplished by a little knowledge some effort and perseverance.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
sdchristensen
just joined
Topic Author
Posts: 6
Joined: Thu Jun 10, 2021 6:21 am

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 6:26 am

Definitely read that post long before I posted my question, just re-read and still am not seeing it. Where in that post do you think it addresses it? Specifically? I am aware some systems have problems with VLAN1, but it is necessary do to the limitations of some of the other hardware I am using (VLAN1 and PVID1 and 192.168.1.0/24 are hard coded and can't be changed). Give me a hint... one bridge with what ports assigned?

Thanks,

Steve
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 1:41 pm

Well for example this line.
add bridge=bridge10 interface=vlan10 pvid=10

What is wrong with this bridge port setting??
ITS NOT A BRIDGE PORT ( a bridge port is a physical interface be it ether1 or wlan1)
Show me ONE example in the document linked where a VLAN is a bridge port............................ to illustrate that you need to try harder. :-)

In the meantime I will have a closer look at the config
Why does your WAN port ether1 have a dhcp pool??? and and DHCP SERVER etc???????????????
Why does one of your vlans not have a pool and not have a DHCP server etc. ??????????
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 1:54 pm

Hi Steve, keeping vlan1 as the default pvid on the bridge has worked for all my uses with other vendors equipment.
What is the specific case in your situation what equipment at the other end of the trunk port is being used??

Also what is going with your WAN port, is it a private IP or a public IP etc??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
sdchristensen
just joined
Topic Author
Posts: 6
Joined: Thu Jun 10, 2021 6:21 am

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 10:53 pm

The WAN port is just getting public IP via DHCP from the ISP cable modem and should just be a DHCP Client. Shouldn't be a DHCP SERVER on that (or pool)...

OK... so I can only assign a physical interface to a bridge? Thank you, I was unclear on that.

My VLAN1 issue was that on the switch I connect to, you don't assign the management IP to a physical port, you assign the IP address to to the default VLAN, which is VLAN1 PVID1. I can't find a way to create a management VLAN (like VLAN99) on the device and assign an IP address to it instead.

Thanks,

Steve
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Thu Jun 24, 2021 11:02 pm

Hi Steve which switch make and model is being a pain in the buttocks, I will look into it.

In general, on most switch brands, pvid=1 is the default setting for all ports regardless if tagged or not.
This gets changed to the pvid if the port is hybrid or an access port in other words going to a dumb or partially dumb device.
Otherwise for trunk ports one tags the appropriate vlans that are going to a smart device.
Finally the switch gets an IP either assigned manually or dhcp from the vlan subnet that is the management subnet.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
sdchristensen
just joined
Topic Author
Posts: 6
Joined: Thu Jun 10, 2021 6:21 am

Re: Double VLAN Trunk to two Switches from Router

Fri Jun 25, 2021 4:14 am

The switch that isn't playing nice is a Zyxel XGS1250-12. It is a sweet switch with 4x10GB ports (3 RG45 and one SPF+) for just over $200 USD but any time I deviate from PVID 1 I need to factory reset it to get back access.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Fri Jun 25, 2021 5:19 am

pvid1 only needs to be on the trunk port from the router or any other port going to a smart device,
It does not need to be tagged or untagged just be the pvid.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Fri Jun 25, 2021 5:44 pm

zyxswitch.JPG
Now this is quite easy to do.
SO lets take the top ROW (per port view)
The only entries requiring a PVID of 1 are
a. trunk port coming from router
b. trunk port (carrying one or more tagged vlans to smart devices).
Change the PVID of 1 for
a. all access ports going to dumb devices aka vlan2 to guest users, vlan3 to kids, vlan4 for media device, vlan5 for iot devices etc.........
b. for all port not trunk or access (not used) just leave as is.

For the Bottom Row and this is per VLANID (as where the top row was per port).
For each VLAN ensure all trunk ports requiring carrying the vlan are tagged (trunk port from router would be all vlans coming to the switch)
For each VLAN ensure that all access ports are UNTAGGED
For each VLAN ensure that there is no tagging if the port is NOT relevant.
You do not have the required permissions to view the files attached to this post.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
sdchristensen
just joined
Topic Author
Posts: 6
Joined: Thu Jun 10, 2021 6:21 am

Re: Double VLAN Trunk to two Switches from Router

Sat Jun 26, 2021 9:47 pm

Thank you! I got the Zyxel switch working and am no longer using VLAN1. I had made a new vlan (11) and tagged the trunk port as PVID 11. The step I missed was going to the Management interface page (link on the top right) and on that page you can change the management PVID!

The other thing I am not clear on though... you can't DELETE VLAN1. The option is N/A. Should I just make all the ports a non-member?
ZyXel Management Page.jpg
As far as the MikroTik I am also making progress. I didn't get much help from the Wiki's but this post and your advice got me going in the right direction..
viewtopic.php?t=168531

I wasn't understanding that you had to create a bridge, then create VLANs under the bridge, then create VLANs under Interface and connect them to the bridge. Then assign the IP address to the bridge (in that order)

I had also tried to do something similar under the switch, but that is equally confusing and I don't think is supported on the RB4011 because the 8367 chipset does not support VLAN tables so I abandoned that.

I currently have ISP-CABLE MODEM-SFP+ via DHCP on Interface List WAN.
Port 8 is a trunk to the ZyXel switch and carries VLAN10 and VLAN11
As recommended there are only physical interfaces in the bridge.

Port 10 has a wireless access point on it that is for retail consumers and doesn't allow much configuration. The WAN port of the wireless AP gets a DHCP address and then the AP does its own thing on the LAN side. Nothing is configurable.. can't assign static IP WAN or LAN addresses, change the LAN subnet or DHCP scope, or put in bridge mode. But it works and only supports wireless IOT devices.

Now I want to make port 7 a second trunk to a different switch. Do I just need to do:

set [ find default-name=ether7 ] name=P7_Ether-Trunk

/interface bridge vlan
add bridge=Br_VLAN tagged=Br_VLAN,P8_Ether-Trunk,P7_Ether-Trunk vlan-ids=11
add bridge=Br_VLAN tagged=Br_VLAN,P8_Ether-Trunk,P7_Ether-Trunk vlan-ids=10

Lastly since I made the changes the terminal is slower then it has been and WinBox is a little flakey. Thoughts?

Thanks,

Steve



-Steve
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Sun Jun 27, 2021 6:44 pm

Config comments....
Did you read this reference aka the bible??
viewtopic.php?f=23&t=143620

(1) Bridge settings change pvid back from 11 to 1, remove ingress filtering and admit only vlan tagged.
The only thing that needs to be done on the main bridge setting is the checkbox ENABLED.

(2) Config structure makes little sense for example you only have two vlans........... are you sure you need vlans?
Plus your IP pool settings make little sense with duplicates and the fact that one pool has only one address????
add name=dhcp_pool27 ranges=192.168.2.2
add name=dhcp_pool28 ranges=192.168.10.150-192.168.10.200
add name=dhcp_pool29 ranges=192.168.2.2
add name=dhcp_pool30 ranges=192.168.10.150-192.168.10.200

(3) The entire bridge P1-7.9 except is for vlan10 and only one IP address according to the pool info is used on P10 for V11
Besides being very weird, clearly the bridge port rule for port10 is nonsensical as well, you have it set with PVID11 but then say admit only vlan tags indicating you know really know what you are doing yet............. Time to reread the reference. Even if you meant P10 to be a hybrid port then you would not tag it on the bridge vlan fitering rules........ it would be untagged see (5)

(4) where is the sfp plus trunk port??

(5) IF pvid11 on p10 is meant to be a hybrid port then
add bridge=Br_VLAN frame-types=admit all hw=no \
ingress-filtering=yes interface=P8_Ether-Trunk pvid=11
and
add bridge=Br_VLAN tagged=Br_VLAN, vlan-ids=11
add bridge=Br_VLAN tagged=Br_VLAN,P8-Ether-Trunk vlan-ids=10


Further I prefer to manually put in all the untagged settings so.it would look like
add bridge=Br_VLAN tagged=Br_VLAN, untagged=P8-Ether_Trunk vlan-ids=11
add bridge=Br_VLAN tagged=Br_VLAN,P8-Ether-Trunk untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether9 vlan-ids=10



(6) What is going on with WAN hub p10 setting on IP DHCP server. WAN and IP DCHP server should have no relationship.......
WAN is either set by IP DHCP CLIENT, a PPPOE-client setting, or simply if fixed and IP ADDRESS entry???????


Overall, your config appears to me to be confused and incomplete with no firewall rules either????
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7844
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Double VLAN Trunk to two Switches from Router

Sun Jun 27, 2021 6:45 pm

Lets try another network diagram to see what you really want to do and put in all devices, vlans and wlans etc that you want to have.
The approach so far is taking too long and is too confused and please read carefully the link provided.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: cooling and 87 guests