Page 1 of 1

VLAN tagging question

Posted: Tue Jul 12, 2016 5:42 pm
by jd6strings
Hello all:

I have a relatively simple configuration but I can't seem to figure out egress VLAN tagging on a RB2011U running v6.35.4.  I assume it has something to do with the switching on the board.

The routerboard is configured with a VLAN (ID 12) on the SFP interface which is the WAN interface.  I simply want the packets tagged with ID 12 as they egress the interface and stripped as they ingress.  I assumed that simply creating VLAN12 on the SFP interface would do this but it is not working for some reason. What do I need to configure in the routerboard switch mechanism to make this work?

Thanks!!!

VLAN tagging question

Posted: Tue Jul 12, 2016 6:55 pm
by kujo
Hi, set IP conf on vlan interface!
/interface vlan
add name=vlan-wan12 vlan-id=12 interface=sfp1
/ip address 1.1.1.12 interface=vlan-wan12


Have a good day!

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 7:10 pm
by Feklar
VLANs in a MikroTik are handled in the same way that Linux handles VLANs. It is considered a virtual interface that can be addresses, and run any service on top of like any other physical interface.

So assign the VLAN to the interface, then assign the IP addresses and any other service that you want to that VLAN interface. Any traffic leaving the interface will have the appropriate VLAN tag, and any traffic coming into that VLAN will be passed to the CPU for routing.

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 7:58 pm
by jd6strings
This is exactly what I have but it's not working...
 /interface vlan> print
Flags: X - disabled, R - running, S - slave 
 #    NAME                     MTU ARP        VLAN-ID INTERFACE              
 0 R  vlan12                  1500 enabled         12 sfp1  

 /ip address> print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                               
 0   172.27.27.2/30     172.27.27.0     vlan12     

I am unable to ping 172.27.27.1/30 on the other side of vlan 12.  The interesting thing is that this config works perfectly on a CCR but not on the RB2011.

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 8:42 pm
by Feklar
What's on the other side? Do they have VLAN12 assigned as well? If you run torch on SFP1 with the VLAN tag switched on, does it show the traffic coming in tagged as it should, or leaving as it should? Have you cleared the ARP cache of the other device?

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 8:48 pm
by jd6strings
On the other side is a Brocade 2024f with a virtual interface of 12.  ARP cache has been cleared.  Like I said if I put a CCR in place of the RB2011, the config works that's why I assume it has something to do with the switch config in the 2011.  The CCR has a CPU assigned to each port.  If I torch the SFP interface and toggle VLAN ID 12, I do NOT see any ICMP packets traversing the SFP interface. 

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 9:00 pm
by Feklar
Just have the VLAN toggled on the SFP interface with any set. This will allow you to see if the traffic is even coming in at all or not, don't narrow it down as what should be coming in will be minimal while testing.

The SFP is not part of the switch chip as far as I remember, and as long as ports don't have a master-port assigned, all of their traffic is directed at the CPU, so it shouldn't be the issue. If there is no traffic showing up on the interface at all, then I would check into the SFP/cable to make sure those are working correctly.

Re: VLAN tagging question

Posted: Tue Jul 12, 2016 11:02 pm
by ZeroByte
Actually, the SFP port is connected to switch1.
Make sure that sfp1 has master-port set to none.
Also make sure that the NAT rules reference the vlan interface, and also that the firewall rules, mangle rules, dhcp-client, etc - are all assigned to the vlan interface and not to the sfp interface itself.

Also - I don't know if you've made any setting changes in the switch menu, but the defaults should work for what you want.
vlan mode = disabled, vlan header = leave as is, no default vlan ID set.

Finally, ensure that neither the SFP interface itself, nor the vlan virtual interface are connected to a bridge. If they are, then the bridge is your WAN interface, not the vlan interface.