Community discussions

MikroTik App
  4. RouterOS
  5. General

CRS Tagged and Untagged loop

Post Reply
 
User avatar
0012nish
newbie
Topic Author
Posts: 32
Joined: Mon Jun 27, 2016 1:15 pm
Location: Stockholm

CRS Tagged and Untagged loop

Thu Oct 13, 2016 9:35 pm

Hi
I'm trying to configurate my CRS with tagged and unntagged vlan, and I'm facing a loop problem, witch i did not understand where this loop is in my configuration.
Can any expert here see and help me with this?
Code: Select all
interface ethernet
set [ find default-name=ether1 ] master-port=sfpplus2
set [ find default-name=ether2 ] master-port=sfpplus2
set [ find default-name=ether3 ] master-port=sfpplus2
set [ find default-name=ether4 ] master-port=sfpplus2
set [ find default-name=ether5 ] master-port=sfpplus2
set [ find default-name=ether6 ] master-port=sfpplus2
set [ find default-name=ether7 ] master-port=sfpplus2
set [ find default-name=ether8 ] master-port=sfpplus2
set [ find default-name=ether9 ] master-port=sfpplus2
set [ find default-name=ether10 ] master-port=sfpplus2
set [ find default-name=ether11 ] master-port=sfpplus2
set [ find default-name=ether12 ] master-port=sfpplus2
set [ find default-name=ether13 ] master-port=sfpplus2
set [ find default-name=ether14 ] master-port=sfpplus2
set [ find default-name=ether15 ] master-port=sfpplus2
set [ find default-name=ether16 ] master-port=sfpplus2
set [ find default-name=ether17 ] master-port=sfpplus2
set [ find default-name=ether18 ] master-port=sfpplus2
set [ find default-name=ether19 ] master-port=sfpplus2
set [ find default-name=ether20 ] master-port=sfpplus2
set [ find default-name=ether21 ] master-port=sfpplus2
set [ find default-name=ether22 ] master-port=sfpplus2
set [ find default-name=ether23 ] master-port=sfpplus2
set [ find default-name=ether24 ] master-port=sfpplus2







/interface vlan
add interface=sfpplus2 name=VLAN4078 vlan-id=4078
add interface=sfpplus2 name=VLAN1919 vlan-id=1919
add interface=sfpplus2 name=VLAN2016 vlan-id=2016
add interface=sfpplus2 name=VLAN2001 vlan-id=2001
add interface=sfpplus2 name=VLAN2009 vlan-id=2009
add interface=sfpplus2 name=VLAN798 vlan-id=798
add interface=sfpplus2 name=VLAN782 vlan-id=782
add interface=sfpplus2 name=VLAN783 vlan-id=783
add interface=sfpplus2 name=VLAN790 vlan-id=790
add interface=sfpplus2 name=VLAN784 vlan-id=784
add interface=sfpplus2 name=VLAN786 vlan-id=786
add interface=sfpplus2 name=VLAN785 vlan-id=785


/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,sfpplus2,ether24,ether23,ether1 vlan-id=4078
add tagged-ports=switch1-cpu,sfpplus2,ether24,ether1 vlan-id=1919
add tagged-ports=switch1-cpu,sfpplus2,ether24,ether1 vlan-id=2001
add tagged-ports=switch1-cpu,sfpplus2,ether24,ether1 vlan-id=2016
add tagged-ports=switch1-cpu,sfpplus2,ether24,ether1 vlan-id=2009
add tagged-ports=switch1-cpu,sfpplus2,ether23 vlan-id=798
add tagged-ports=switch1-cpu,sfpplus2,ether23,ether1 vlan-id=782
add tagged-ports=switch1-cpu,sfpplus2,ether23,ether1 vlan-id=783
add tagged-ports=switch1-cpu,sfpplus2,ether22,ether1 vlan-id=790
add tagged-ports=switch1-cpu,sfpplus2,ether22,ether1 vlan-id=785
add tagged-ports=switch1-cpu,sfpplus2,ether22,ether1 vlan-id=784
add tagged-ports=switch1-cpu,sfpplus2,ether22,ether1 vlan-id=786


/interface ethernet switch egress-vlan-translation
add customer-vid=2001 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8 service-vlan-format=untagged-or-tagged
add customer-vid=1919 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether9,ether10 service-vlan-format=untagged-or-tagged
add customer-vid=2009 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether11,ether12 service-vlan-format=untagged-or-tagged
add customer-vid=2016 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether13,ether14 service-vlan-format=untagged-or-tagged
add customer-vid=798 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether15,ether1 service-vlan-format=untagged-or-tagged
add customer-vid=782 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether16 service-vlan-format=untagged-or-tagged
add customer-vid=783 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether17 service-vlan-format=untagged-or-tagged
add customer-vid=790 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether18 service-vlan-format=untagged-or-tagged
add customer-vid=785 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether19 service-vlan-format=untagged-or-tagged
add customer-vid=784 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether20 service-vlan-format=untagged-or-tagged
add customer-vid=786 customer-vlan-format=untagged-or-tagged new-customer-vid=0 ports=ether21 service-vlan-format=untagged-or-tagged



/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=2001 ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8
add customer-vid=0 new-customer-vid=1919 ports=ether9,ether10 
add customer-vid=0 new-customer-vid=2009 ports=ether11,ether12 
add customer-vid=0 new-customer-vid=2016 ports=ether13,ether14
add customer-vid=0 new-customer-vid=798 ports= ether15
add customer-vid=0 new-customer-vid=782 ports= ether16
add customer-vid=0 new-customer-vid=783 ports= ether17
add customer-vid=0 new-customer-vid=784 ports= ether20
add customer-vid=0 new-customer-vid=785 ports= ether19
add customer-vid=0 new-customer-vid=786 ports= ether21
add customer-vid=0 new-customer-vid=790 ports= ether18





/interface ethernet switch vlan
add ports=switch1-cpu,sfpplus2,ether24 vlan-id=4078
add ports=switch1-cpu,sfpplus2,ether24,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-id=2001
add ports=switch1-cpu,sfpplus2,ether24,ether9,ether10 vlan-id=1919
add ports=switch1-cpu,sfpplus2,ether24,ether11,ether12 vlan-id=2009
add ports=switch1-cpu,sfpplus2,ether24,ether13,ether14 vlan-id=2016
add ports=switch1-cpu,sfpplus2,ether23,ether15 vlan-id=798
add ports=switch1-cpu,sfpplus2,ether23,ether16 vlan-id=782
add ports=switch1-cpu,sfpplus2,ether23,ether17 vlan-id=783
add ports=switch1-cpu,sfpplus2,ether22,ether20 vlan-id=784
add ports=switch1-cpu,sfpplus2,ether22,ether19 vlan-id=785
add ports=switch1-cpu,sfpplus2,ether22,ether21 vlan-id=786
add ports=switch1-cpu,sfpplus2,ether22,ether18 vlan-id=790





/system routerboard settings
set protected-routerboot=disabled
Top
 
skuykend
Member Candidate
Member Candidate
Posts: 274
Joined: Tue Oct 06, 2015 7:28 am

Re: CRS Tagged and Untagged loop

Fri Oct 14, 2016 4:17 am

For one, it looks like port Ether1 is messed up, you're tagging the output of all your vlans to Ether1 (even though most aren't in the vlan table for Ether1), but also have an igress rule to mark incoming untagged to vlan 2001. Outgoing 2001 is still tagged though, so something is bound to get confused.

Also, in my experience you don't need any of your egress-translation rules that set vlan to 0. Since those ports are not in the egress-vlan-tag table, the tags get stripped as they go out the port.

Also if you haven't already, you may need to lock down the switch to vlans authorized the vlan table by setting either:
Code: Select all
/interface ethernet switch
 set  forward-unknown-vlan=no

or adding the ports to:
Code: Select all
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=
Top
 
User avatar
0012nish
newbie
Topic Author
Posts: 32
Joined: Mon Jun 27, 2016 1:15 pm
Location: Stockholm

Re: CRS Tagged and Untagged loop

Sun Oct 16, 2016 10:44 am

Hey skuykend....
Yes I think the problem is exactly as you said VLAN2001 is tagged and untagged in the same port :) this was a big mistake of mine.
Thank you.
For one, it looks like port Ether1 is messed up, you're tagging the output of all your vlans to Ether1 (even though most aren't in the vlan table for Ether1), but also have an igress rule to mark incoming untagged to vlan 2001. Outgoing 2001 is still tagged though, so something is bound to get confused.

Also, in my experience you don't need any of your egress-translation rules that set vlan to 0. Since those ports are not in the egress-vlan-tag table, the tags get stripped as they go out the port.

Also if you haven't already, you may need to lock down the switch to vlans authorized the vlan table by setting either:
Code: Select all
/interface ethernet switch
 set  forward-unknown-vlan=no

or adding the ports to:
Code: Select all
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=
Top
Post Reply

Who is online

Users browsing this forum: Exabot [Bot], johnson73, Kanzler, litogorospe, MrDeepFreeze, nescafe2002, Renfrew, vitaliy91 and 117 guests
  4. RouterOS
  5. General