Community discussions

MikroTik App
 
noakley
newbie
Topic Author
Posts: 29
Joined: Sat Sep 23, 2006 2:46 am

Cisco to MT VLAN trunking

Fri Oct 20, 2006 9:54 pm

I believe I am trying to do something very simple but cannot for some reason get it to work. I have a MT 532 linked via ether1 to a 802.1Q trunk port on a cisco 2900 switch . I have tried every variant of setting VLAN ID's on the MT but cannot get the MT to respond to pings on the trunk port. Ideally what I want to do is have the MT bridge the VLANS on the Cisco via the trunk port. Has anyone got this to work and if so please can you share with me how you configured it.

Thanks
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sat Oct 21, 2006 4:27 pm

Could you post the relevant sections of your RouterOS and your Cisco configuration here, please?

--Tom
 
noakley
newbie
Topic Author
Posts: 29
Joined: Sat Sep 23, 2006 2:46 am

Mon Oct 23, 2006 9:27 pm

Thanks Tom, I have made some progress here as I have now got routing between VLAN's working but I cannot get them to bridge.

The cisco is straightforwardly configured as an 802.1Q trunk port connected to ether1 on the MT and works fine when routing VLANS. I have two VLAN's configured on the switch, 101 and 102

I have tried a variety of configurations on the MT and I cannot seem to get any of them to work either bridging packets between the VLAN's or accessing the MT. I suspect I am making a basic error but can't find it

I have tried:

1) assigning an IP address 192.168.1.2 to ether1, creating 2 VLANS 101 and 102 under ether1, creating a bridge, bridge1, and then adding the two vlans to the bridge ports

2) assigning an IP address 192.168.1.2 to ether1, creating a bridge, bridge1, creating 2 VLAN's 101 and 102 under the bridge, also tried it with them added and not added as bridge ports

3) same as 2 but no IP address on ether1 and assigning the IP address to the bridge

I always get the same result can't access MT management and won't pass packets.

I have successfully tried adding the VLAN's to ether1 assigning them IP subnets and routing them

Thanks
 
eflanery
Member
Member
Posts: 382
Joined: Fri May 28, 2004 10:11 pm
Location: Moscow, ID
Contact:

Mon Oct 23, 2006 10:52 pm

I have tried:

1) assigning an IP address 192.168.1.2 to ether1, creating 2 VLANS 101 and 102 under ether1, creating a bridge, bridge1, and then adding the two vlans to the bridge ports
Bridging VLANs that reside on the same parent interface is usually a bad idea.

Many devices will get quite confused if they see a packet with a given source MAC address returning on the same physical port they sent it on (even with a different VLAN tag), if those devices keep only a single learn table, as most do.

If what you are trying to do is prevent hosts within the same subnet from communicating, then it can work.

The VLANs will need to be sub-interfaces of the ethernet port, and members of the bridge. You will need to assign the IP address to the bridge interface, and add a bridge firewall rule that drops everything in the forward chain for that bridge. This can produce a reasonable wired ethernet approximation of a "station-isolate" wireless network, or a PtMP ATM cloud.

For example:
/int vlan add name=V101 interface=ether1 disabled=no
/int vlan add name=V102 interface=ether1 disabled=no
/int bridge add name=bridge1 disabled=no
/int bridge filter add chain=forward in-bridge=bridge1 out-bridge=bridge1 action=drop
/int bridge port add interface=V101 bridge=bridge1
/int bridge port add interface=V102 bridge=bridge1
/ip address add address=192.168.1.2/24 interface=bridge1
There are still a number of things that can go wrong however, so be very careful.
2) assigning an IP address 192.168.1.2 to ether1, creating a bridge, bridge1, creating 2 VLAN's 101 and 102 under the bridge, also tried it with them added and not added as bridge ports
Unless the VLANs are created on the physical interface, or the ethernet port is a member of the bridge, there is nothing to associate the VLANs with the physical port. In addition, putting the VLANs on the bridge (assuming that the ethernet port is a member of the bridge) does nothing but abstract the interface back a level. There is rarely a use for a bridge interface with a single member port.

Also, using a VLAN as both a member of a bridge, and as sub-interface of that bridge, will create a recursive interface situation (VLAN->bridge->VLAN->bridge->etc...) which is a very bad thing.
3) same as 2 but no IP address on ether1 and assigning the IP address to the bridge
Same problems as number 2, excpet that you got the IP on the right interface.
I always get the same result can't access MT management and won't pass packets.

I have successfully tried adding the VLAN's to ether1 assigning them IP subnets and routing them

Thanks
I would suggest rethinking what you are trying to do here, bridging together VLANs on the same physical interface is an unusual configuration, and will rarely work correctly.

The only reason I have had to use such a setup, is to simulate a "partial mesh"-like network using ethernet, for testing OSPF PtMP mode. It works, but it is weird.

It is much easier to use distinct broadcast domains for each VLAN, with a separate subnet for each, and just route between them.

Good luck,
--Eric
 
noakley
newbie
Topic Author
Posts: 29
Joined: Sat Sep 23, 2006 2:46 am

Tue Oct 24, 2006 10:32 pm

Eric thank you so much for such a comprehensive reply, this is very helpful. I am actually migrating a complex network over to a new VLAN switched based configuration and was considering bridging as an interim step. However I have decided given your input that it will be much simpler to go straight to the final configuration which will involve routing the VLAN's. Again thank you very much... Nigel
 
nikhil
Member Candidate
Member Candidate
Posts: 262
Joined: Wed Dec 22, 2004 5:04 pm
Location: US

Fri Nov 03, 2006 2:28 am

I would like to know how you got the cisco to trunk and the MT to route the trunks ?

Have similar setup but would like to do intervlan routing

Who is online

Users browsing this forum: Google Feedfetcher, mirk, tovi and 115 guests