" Packets without vlan tag are treated just like if they had a vlan tag with port default-vlan-id. This means that if "vlan-mode=check or secure" to be able to forward packets without vlan tags you have to add a special entry to vlan table with the same vlan id set according to default-vlan-id. "
Can we have an example??
Also, following your example of hybrid+access+trunk ports, MAC server breaks... even on ports that aren't part of switch VLAN WHEN switch1-cpu vlan-mode=secure. FINE with fallback. Although its unclear if fallback is what i want.
ALSO are we suppose to add switch1-cpu to ALL switch vlans? PLEASE CLARIFY
Can MIKROTIK please revisit the wiki and make sure everything works perfect?
Just trying to have NORMALLY working trunk+access ports on CRS326. Can't imagine it's that hard.
ether1 - no vlans, no switch vlans, no nothing. only want WINBOX on this (in case of emergency)
ether2 - master for the rest of the ports. access port 99 with mac winbox
ether3 - trunk, 10,20,90,99
ether4 - trunk, 10,20,90,99
ether5 - access 90 with mac winbox
ether6 - access 90 with mac winbox
SERIOUSLY, how? I've tried NUMEROUS combinations. i think vlan-mode=secure is causing difficulties.
Re: ANNOYED by MT wiki on switch chip features
I wish MikroTik switching UI was more like Cisco's.
While I find MikroTik's routing stuff super intuitive, switching is like being made by another company completely. Everything switching related is pretty un-intuitive and complex IMHO.
Let's just hope that all these issues will be ironed out as time passes since they are now focused on UI improvements for switching (using bridges/hw offloading).
While I find MikroTik's routing stuff super intuitive, switching is like being made by another company completely. Everything switching related is pretty un-intuitive and complex IMHO.
Let's just hope that all these issues will be ironed out as time passes since they are now focused on UI improvements for switching (using bridges/hw offloading).
Re: ANNOYED by MT wiki on switch chip features
They had better fix it in 6.41. I'm not even doing anything complex.
I've seen other quirkiness with switch vlan, which i can't explain in simple words.
When I specify mac server on ether1, i expect it to just work. ESPECIALLY when the port is not assigned to any vlan. or any service or anything.
I've seen other quirkiness with switch vlan, which i can't explain in simple words.
When I specify mac server on ether1, i expect it to just work. ESPECIALLY when the port is not assigned to any vlan. or any service or anything.
Re: ANNOYED by MT wiki on switch chip features
Hello,
Here is an example for the statement about vlan-mode "check" and "secure" to allow forwarding of untagged packets. The port default vlan-id is 1, therefore it has to be added to VLAN table before enabling "check" or "secure" mode.
Probably, the missing VLAN entry and vlan-mode "secure" is the reason why MAC server stops working.
And the ports which are not part of the switched port group still communicate through "switch1-cpu" port. Switch1-cpu port has to be configured for all VLAN traffic which is supposed to be forwarded to device itself to access management and RouterOS services.
Since RouterOS v6.41rc, there is a new VLAN configuration for CRS3xx switches. Please consider using it instead of the old one.
https://wiki.mikrotik.com/wiki/Manual:C ... s_switches
https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering
Here is an example for the statement about vlan-mode "check" and "secure" to allow forwarding of untagged packets. The port default vlan-id is 1, therefore it has to be added to VLAN table before enabling "check" or "secure" mode.
Code: Select all
[admin@MikroTik] > interface ethernet switch port print
Flags: I - invalid
# NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID
0 ether1 switch1 fallback leave-as-is 1
1 ether2 switch1 fallback leave-as-is 1
2 ether3 switch1 fallback leave-as-is 1
3 ether4 switch1 fallback leave-as-is 1
4 ether5 switch1 fallback leave-as-is 1
[admin@MikroTik] /interface ethernet switch vlan> add switch=switch1 vlan-id=1 \
ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu
[admin@MikroTik] /interface ethernet switch vlan> print
Flags: X - disabled, I - invalid
# SWITCH VLAN-ID PORTS
0 switch1 1 ether1
ether2
ether3
ether4
ether5
switch1-cpu Probably, the missing VLAN entry and vlan-mode "secure" is the reason why MAC server stops working.
And the ports which are not part of the switched port group still communicate through "switch1-cpu" port. Switch1-cpu port has to be configured for all VLAN traffic which is supposed to be forwarded to device itself to access management and RouterOS services.
Since RouterOS v6.41rc, there is a new VLAN configuration for CRS3xx switches. Please consider using it instead of the old one.
https://wiki.mikrotik.com/wiki/Manual:C ... s_switches
https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering
Re: ANNOYED by MT wiki on switch chip features
I currently have a CRS326 and RouterOS 6.40.4.
Based on your recommendation, reviewing theWiki page for using bridging on access and trunk ports CRS3xx switches; should we not add VLANs to the Master port any longer? Instead add the VLANs to the bridge instead of the master port??
If I am understanding correctly, I am looking at VLAN example #1 Trunk and access ports (Manual:Interface/Bridge Wiki), if I have trunk ports slaved to the master port with three VLANS(as an example) , the bridging example will not work? I am trying to get my head wrapped around this.
Strong recommendation to move to 6.41rc instead of 6.40.4?
Thanks
John
Based on your recommendation, reviewing theWiki page for using bridging on access and trunk ports CRS3xx switches; should we not add VLANs to the Master port any longer? Instead add the VLANs to the bridge instead of the master port??
If I am understanding correctly, I am looking at VLAN example #1 Trunk and access ports (Manual:Interface/Bridge Wiki), if I have trunk ports slaved to the master port with three VLANS(as an example) , the bridging example will not work? I am trying to get my head wrapped around this.
Strong recommendation to move to 6.41rc instead of 6.40.4?
Thanks
John
Re: ANNOYED by MT wiki on switch chip features
Hello, yes, we strongly recommend using RouterOS v6.41rc on CRS3xx switches.
Although RouterOS v6.41 is still in release candidate stage, the switch VLAN features for CRS3xx switches in it provide more fuctionality, they are well tested and work stable.
Any switch VLAN configuration works with as many VLAN trunks as needed - master-port is one, slave ports can also be VLAN trunks. The same applies to bridging by specifying multiple "tagged" ports.
Although RouterOS v6.41 is still in release candidate stage, the switch VLAN features for CRS3xx switches in it provide more fuctionality, they are well tested and work stable.
Any switch VLAN configuration works with as many VLAN trunks as needed - master-port is one, slave ports can also be VLAN trunks. The same applies to bridging by specifying multiple "tagged" ports.
Re: ANNOYED by MT wiki on switch chip features
Is this ever going to work on the bridge on the CRS125 without it disabling Hardware Offload when enabling VLAN filtering?Since RouterOS v6.41rc, there is a new VLAN configuration for CRS3xx switches. Please consider using it instead of the old one.
Or are we stuck forever with having to use the Switch chip programming as in the past?
Who is online
Users browsing this forum: raiser and 212 guests