Page 1 of 1

VLANs on 3011 (without bridge) - strange problems

Posted: Mon Mar 21, 2016 3:15 pm
by slv
Hello

I have brand new RB3011 (ROS 6.34.3 - latest one of the moment of writing this post). This router is connected to uplink port of Netgear switch (uplink with few VLAN tagged on it) and laptop connected directly to port on switch2 of Mikrotik that port is untagged on Mikrotik.

Computer connected to Netgear are working properly (can ping internet and etc) byt connected to local port behavie strange:
- can get DHCP response
- can ping LAN gateway
- almost 99% ping dosnt get response.
same computer reconected to any of port of Netgear (with same IP) working properly. Tested on WIndowsXP and VM with CentOS.

Help me please ...a read many topic, I saw MUM presentations and so on ...

My config looks like:
[slawek@Router] > interface ethernet print 
Flags: X - disabled, R - running, S - slave 
 #    NAME                       MTU MAC-ADDRESS       ARP        MASTER-PORT                     SWITCH                    
 0 R  LAN                       1500 E4:8D:8C:0C:06:27 enabled    none                            switch2                   
 1 R  WAN                       1500 E4:8D:8C:0C:06:21 enabled    none                            switch1                   
 2    _Mgmt                     1500 E4:8D:8C:0C:06:25 enabled    none                            switch1                   
 3    ether2                    1500 E4:8D:8C:0C:06:22 enabled    none                            switch1                   
 4    ether3                    1500 E4:8D:8C:0C:06:23 enabled    none                            switch1                   
 5    ether4                    1500 E4:8D:8C:0C:06:24 enabled    none                            switch1                   
 6 RS ether7                    1500 E4:8D:8C:0C:06:28 enabled    LAN                             switch2                   
 7 RS ether8                    1500 E4:8D:8C:0C:06:29 enabled    LAN                             switch2                   
 8  S ether9                    1500 E4:8D:8C:0C:06:2A enabled    LAN                             switch2                   
 9  S ether10                   1500 E4:8D:8C:0C:06:2B enabled    LAN                             switch2                   
10    sfp1                      1500 E4:8D:8C:0C:06:26 enabled    none                           
[slawek@Router] > interface ethernet print 
Flags: X - disabled, R - running, S - slave 
 #    NAME                       MTU MAC-ADDRESS       ARP        MASTER-PORT                     SWITCH                    
 0 R  LAN                       1500 E4:8D:8C:0C:06:27 enabled    none                            switch2                   
 1 R  WAN                       1500 E4:8D:8C:0C:06:21 enabled    none                            switch1                   
 2    _Mgmt                     1500 E4:8D:8C:0C:06:25 enabled    none                            switch1                   
 3    ether2                    1500 E4:8D:8C:0C:06:22 enabled    none                            switch1                   
 4    ether3                    1500 E4:8D:8C:0C:06:23 enabled    none                            switch1                   
 5    ether4                    1500 E4:8D:8C:0C:06:24 enabled    none                            switch1                   
 6 RS ether7                    1500 E4:8D:8C:0C:06:28 enabled    LAN                             switch2                   
 7 RS ether8                    1500 E4:8D:8C:0C:06:29 enabled    LAN                             switch2                   
 8  S ether9                    1500 E4:8D:8C:0C:06:2A enabled    LAN                             switch2                   
 9  S ether10                   1500 E4:8D:8C:0C:06:2B enabled    LAN                             switch2                   
10    sfp1                      1500 E4:8D:8C:0C:06:26 enabled    none                           
[slawek@Router] > interface vlan print     
Flags: X - disabled, R - running, S - slave 
 #    NAME                                           MTU ARP        VLAN-ID INTERFACE                                       
 0 R  LAN1                                      1500 enabled        220 LAN                                             
 1 R  LAN2                                          1500 enabled        180 LAN                                             
 2 R  LAN3                                         1500 enabled        190 LAN                                             
 3 R  Mgmt                                          1500 enabled         50 LAN                                             
 4 R LAN4                                   1500 enabled        250 LAN                                             
[slawek@Router] > interface ethernet switch print 
Flags: I - invalid 
 #   NAME                   TYPE            MIRROR-SOURCE                   MIRROR-TARGET                   SWITCH-ALL-PORTS
 0   switch1                QCA-8337        none                            none                           
 1   switch2                QCA-8337        none                            none                           
[slawek@Router] > interface ethernet switch vlan print 
Flags: X - disabled, I - invalid 
 #   SWITCH                                                   VLAN-ID PORTS                                                 
 0   switch2                                                      250 ether7                                                
                                                                      LAN                                                   
                                                                      switch2-cpu                                           
 1   switch2                                                      220 ether8                                                
                                                                      LAN                                                   
                                                                      switch2-cpu                                           
 2   switch2                                                      190 ether9                                                
                                                                      LAN                                                   
                                                                      switch2-cpu                                           
 3   switch2                                                      180 ether10                                               
                                                                      LAN                                                   
                                                                      switch2-cpu                                           
 4   switch2                                                       50 LAN                                                   
                                                                      switch2-cpu    

I used code to configure it:
/interface ethernet
set ether7 master-port=LAN
set ether8 master-port=LAN
set ether9 master-port=LAN
set ether10 master-port=LAN

/interface ethernet switch port
set ether7 vlan-mode=secure vlan-header=always-strip default-vlan-id=250
set ether8 vlan-mode=secure vlan-header=always-strip default-vlan-id=220 
set ether9 vlan-mode=secure vlan-header=always-strip default-vlan-id=190 
set ether10 vlan-mode=secure vlan-header=always-strip default-vlan-id=180 
set switch2-cpu vlan-mode=secure
set LAN vlan-mode=secure


/interface ethernet switch vlan
add ports=ether7,LAN,switch2-cpu independent-learning=yes switch=switch2 vlan-id=250
add ports=ether8,LAN,switch2-cpu independent-learning=yes switch=switch2 vlan-id=220
add ports=ether9,LAN,switch2-cpu independent-learning=yes switch=switch2 vlan-id=190 
add ports=ether10,LAN,switch2-cpu independent-learning=yes switch=switch2 vlan-id=180
add ports=LAN,switch2-cpu independent-learning=yes switch=switch2 vlan-id=50
Screenshot from Wireshark:
Schowek02.jpg
as You can see there is a lot of retransmission. I'm not a pro - but I have one idea - are the packet coming from Mirkotik are without VLAN tag? how to verify that?

Have You idea whats wrong in my configuration?

Help me please.

Regards
SLawek

Re: VLANs on 3011 (without bridge) - strange problems

Posted: Tue Mar 22, 2016 10:01 am
by slv
Hello

I'm asking You for help because Mikrotik support can't/wouldn't help me. We exchange few emails but we didn't do any progress ...

Few minuts ago I did netinstall, and restored .rsc file. I have the same problem as before.


Regards
Slawek

Re: VLANs on 3011 (without bridge) - strange problems

Posted: Tue Mar 22, 2016 10:38 am
by pe1chl
Tagging with the switch inside the MikroTik is always a little tricky to get working.
I recommend to first try just creating a few VLAN interfaces on the port to the external switch.

Re: VLANs on 3011 (without bridge) - strange problems

Posted: Wed Mar 30, 2016 12:05 pm
by slv
Hello

I updated my router with 6r35rc43 (lastest one, on rc42 I had isssue) -still I have same problems.
Upgarde to this version was recomended by support. Accroding to changelog there are fixes related to 3011 but still my problem isn't corected.