Community discussions

MUM Europe 2020
 
jd6strings
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 20, 2005 8:24 pm

VLAN tagging question

Tue Jul 12, 2016 5:42 pm

Hello all:

I have a relatively simple configuration but I can't seem to figure out egress VLAN tagging on a RB2011U running v6.35.4.  I assume it has something to do with the switching on the board.

The routerboard is configured with a VLAN (ID 12) on the SFP interface which is the WAN interface.  I simply want the packets tagged with ID 12 as they egress the interface and stripped as they ingress.  I assumed that simply creating VLAN12 on the SFP interface would do this but it is not working for some reason. What do I need to configure in the routerboard switch mechanism to make this work?

Thanks!!!
 
kujo
Member Candidate
Member Candidate
Posts: 158
Joined: Sat Jun 18, 2016 10:17 am
Location: Ukraine

VLAN tagging question

Tue Jul 12, 2016 6:55 pm

Hi, set IP conf on vlan interface!
/interface vlan
add name=vlan-wan12 vlan-id=12 interface=sfp1
/ip address 1.1.1.12 interface=vlan-wan12


Have a good day!
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: VLAN tagging question

Tue Jul 12, 2016 7:10 pm

VLANs in a MikroTik are handled in the same way that Linux handles VLANs. It is considered a virtual interface that can be addresses, and run any service on top of like any other physical interface.

So assign the VLAN to the interface, then assign the IP addresses and any other service that you want to that VLAN interface. Any traffic leaving the interface will have the appropriate VLAN tag, and any traffic coming into that VLAN will be passed to the CPU for routing.
 
jd6strings
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 20, 2005 8:24 pm

Re: VLAN tagging question

Tue Jul 12, 2016 7:58 pm

This is exactly what I have but it's not working...
 /interface vlan> print
Flags: X - disabled, R - running, S - slave 
 #    NAME                     MTU ARP        VLAN-ID INTERFACE              
 0 R  vlan12                  1500 enabled         12 sfp1  

 /ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                               
 0   172.27.27.2/30     172.27.27.0     vlan12     

I am unable to ping 172.27.27.1/30 on the other side of vlan 12.  The interesting thing is that this config works perfectly on a CCR but not on the RB2011.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: VLAN tagging question

Tue Jul 12, 2016 8:42 pm

What's on the other side? Do they have VLAN12 assigned as well? If you run torch on SFP1 with the VLAN tag switched on, does it show the traffic coming in tagged as it should, or leaving as it should? Have you cleared the ARP cache of the other device?
 
jd6strings
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 20, 2005 8:24 pm

Re: VLAN tagging question

Tue Jul 12, 2016 8:48 pm

On the other side is a Brocade 2024f with a virtual interface of 12.  ARP cache has been cleared.  Like I said if I put a CCR in place of the RB2011, the config works that's why I assume it has something to do with the switch config in the 2011.  The CCR has a CPU assigned to each port.  If I torch the SFP interface and toggle VLAN ID 12, I do NOT see any ICMP packets traversing the SFP interface. 
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: VLAN tagging question

Tue Jul 12, 2016 9:00 pm

Just have the VLAN toggled on the SFP interface with any set. This will allow you to see if the traffic is even coming in at all or not, don't narrow it down as what should be coming in will be minimal while testing.

The SFP is not part of the switch chip as far as I remember, and as long as ports don't have a master-port assigned, all of their traffic is directed at the CPU, so it shouldn't be the issue. If there is no traffic showing up on the interface at all, then I would check into the SFP/cable to make sure those are working correctly.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: VLAN tagging question

Tue Jul 12, 2016 11:02 pm

Actually, the SFP port is connected to switch1.
Make sure that sfp1 has master-port set to none.
Also make sure that the NAT rules reference the vlan interface, and also that the firewall rules, mangle rules, dhcp-client, etc - are all assigned to the vlan interface and not to the sfp interface itself.

Also - I don't know if you've made any setting changes in the switch menu, but the defaults should work for what you want.
vlan mode = disabled, vlan header = leave as is, no default vlan ID set.

Finally, ensure that neither the SFP interface itself, nor the vlan virtual interface are connected to a bridge. If they are, then the bridge is your WAN interface, not the vlan interface.
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: No registered users and 51 guests