Community discussions

MUM Europe 2020
 
User avatar
TFyre
just joined
Topic Author
Posts: 14
Joined: Wed Jan 13, 2010 3:37 pm
Contact:

ROS 6.38.1 RSTP + Secure VLAN

Thu Feb 09, 2017 10:25 am

Good morning,

With regards to the new RSTP implementation in ROS 6.38, how would one setup the following?

1) 3x Mikrotik AP's running WDS & Virtual AP to split guest network
2) CRS where Everything gets together
3) CCR with Router-On-A-Stick configuration

How do you mix bridged Wifi-VLAN RSTP with PVRSTP?

When I install 6.38.1 on the CRS, the RSTP on the AP's cant see each other through the CRS anymore, adding the bridge on the main interface just lets everything fall flat, no mac-telnet or anything. It looks like RSTP is fighting someway and going into blocking/forwarding states where it shouldnt

There are explicit loops in the network because of WDS, but RSTP should be sorting it out

VLANS are used to split the network
VLAN10: Local + Management Network
VLAN11: ADSL Modem in Bridgemode
VLAN12: Internet Uplink
VLAN13: Guest Network


AP1 RB2011(Connected to CRS)
/interface bridge
add admin-mac=D4:CA:6D:18:CC:CE auto-mac=no name=bridge-guest priority=0x1000
add admin-mac=D4:CA:6D:18:CC:CE auto-mac=no name=bridge-local priority=0x1000
/interface vlan
add interface=sfp1-crs name=vlan10-sfp1-local vlan-id=10
add interface=sfp1-crs name=vlan13-sfp1-guest vlan-id=13
/interface ethernet
set [ find default-name=ether2 ] master-port=sfp1-crs
set [ find default-name=ether3 ] master-port=sfp1-crs
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 vlan-mode=secure
set 2 default-vlan-id=11 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 4 vlan-mode=secure
set 5 vlan-mode=secure
set 6 vlan-mode=secure
set 7 vlan-mode=secure
set 8 vlan-mode=secure
set 9 vlan-mode=secure
set 10 vlan-mode=secure
set 11 default-vlan-id=0 vlan-mode=secure
set 12 vlan-mode=secure
/interface bridge port
add bridge=bridge-local interface=wlan-local
add bridge=bridge-local interface=vlan10-sfp1-local
add bridge=bridge-local edge=no external-fdb=no interface=wds-local-ap2 path-cost=100 point-to-point=yes
add bridge=bridge-local interface=wds-local-ap3 path-cost=100
add bridge=bridge-guest interface=wlan-guest
add bridge=bridge-guest interface=vlan13-sfp1-guest
add bridge=bridge-guest edge=no external-fdb=no interface=wds-guest-ap2 path-cost=100 point-to-point=yes
add bridge=bridge-guest interface=wds-guest-ap3 path-cost=100
/interface ethernet switch vlan
add independent-learning=no ports=ether3,sfp1-crs,switch1-cpu,ether1 switch=switch1 vlan-id=10
add independent-learning=no ports=ether2,sfp1-crs switch=switch1 vlan-id=11
add independent-learning=no ports=ether1,sfp1-crs,switch1-cpu switch=switch1 vlan-id=13
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=bridge-local
AP2 mAP(Connected to CRS)
/interface bridge
add admin-mac=4C:5E:0C:41:30:B5 auto-mac=no name=bridge-guest
add admin-mac=4C:5E:0C:41:30:B5 auto-mac=no name=bridge-local
/interface vlan
add interface=ether1 name=vlan10-e1-local vlan-id=10
add interface=ether1 name=vlan13-e1-guest vlan-id=13
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 vlan-mode=secure
set 2 vlan-mode=secure
/interface bridge port
add bridge=bridge-local interface=vlan10-e1-local
add bridge=bridge-local interface=wlan-local
add bridge=bridge-local edge=no external-fdb=no interface=wds-local-ap1 path-cost=100 point-to-point=yes
add bridge=bridge-local edge=no external-fdb=no interface=wds-local-ap3 path-cost=100 point-to-point=yes
add bridge=bridge-guest interface=wlan-guest
add bridge=bridge-guest interface=vlan13-e1-guest
add bridge=bridge-guest edge=no external-fdb=no interface=wds-guest-ap1 path-cost=100 point-to-point=yes
add bridge=bridge-guest edge=no external-fdb=no interface=wds-guest-ap3 path-cost=100 point-to-point=yes
/interface ethernet switch vlan
add ports=ether1,switch1-cpu switch=switch1 vlan-id=10
add ports=ether1,switch1-cpu switch=switch1 vlan-id=13
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=bridge-local

AP3 mAP(Not Connected to CRS, only WDS)
/interface bridge
add name=bridge-guest
add name=bridge-local
/interface bridge port
add bridge=bridge-guest edge=no external-fdb=no interface=wds-guest-ap1 path-cost=100 point-to-point=yes
add bridge=bridge-guest edge=no external-fdb=no interface=wds-guest-ap2 path-cost=100 point-to-point=yes
add bridge=bridge-guest interface=wlan-guest
add bridge=bridge-local edge=no external-fdb=no interface=wds-local-ap1 path-cost=100 point-to-point=yes
add bridge=bridge-local edge=no external-fdb=no interface=wds-local-ap2 path-cost=100 point-to-point=yes
add bridge=bridge-local interface=wlan-local
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=bridge-local
CRS
/interface ethernet
set [ find default-name=ether1 ] name=ether1-uplink
set [ find default-name=ether2 ] master-port=ether1-uplink name=ether2-uplink
set [ find default-name=ether3 ] master-port=ether1-uplink name=ether3-ap2
set [ find default-name=ether24 ] master-port=ether1-uplink name=ether24-internet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no master-port=ether1-uplink name=sfp1-ap1 speed=1Gbps
set [ find default-name=sfpplus2 ] l2mtu=9000 master-port=ether1-uplink name=sfp2-ccr
/interface vlan
add interface=ether1-uplink name=vlan10-e1 vlan-id=10
add interface=ether1-uplink name=vlan12-e1 vlan-id=12
/interface ethernet switch
set forward-unknown-vlan=no
/interface ethernet switch trunk
add member-ports=ether1-uplink,ether2-uplink name=trunk1
/interface ethernet switch egress-vlan-tag
add tagged-ports=trunk1,switch1-cpu,ether3-ap2,sfp2-ccr,sfp1-ap1 vlan-id=10
add tagged-ports=trunk1,sfp2-ccr,sfp1-ap1 vlan-id=11
add tagged-ports=trunk1,sfp2-ccr vlan-id=12
add tagged-ports=trunk1,ether3-ap2,sfp2-ccr,sfp1-ap1 vlan-id=13
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=10 ports="ether4,ether5"
add customer-vid=0 new-customer-vid=12 ports=ether24-internet
/interface ethernet switch vlan
add ports="trunk1,switch1-cpu,ether3-ap2,ether4,ether5,sfp2-ccr,sfp1-ap1" vlan-id=10
add ports=trunk1,sfp2-ccr,sfp1-ap1 vlan-id=11
add ports=trunk1,ether24-internet,sfp2-ccr vlan-id=12
add ports=trunk1,ether3-ap1,sfp2-ccr,sfp1-ap2 vlan-id=13
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=vlan10-e1
CCR
/interface vlan
add interface=sfp1-ccr name=vlan10-e1-local vlan-id=10
add interface=sfp1-ccr name=vlan11-e1-adsl vlan-id=11
add interface=sfp1-ccr name=vlan12-e1-internet vlan-id=12
add interface=sfp1-ccr name=vlan13-e1-guest vlan-id=13

Who is online

Users browsing this forum: imglombok and 90 guests