Community discussions

 
tuxtlequino
newbie
Topic Author
Posts: 32
Joined: Tue Feb 16, 2016 12:46 am

Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip

Wed May 02, 2018 11:55 pm

I had this router using the new bridge vlan configuration found in 6.41, but I was loosing the hardware acceleration so I decided to do the Switch conf. Here is what I have,
/interface bridge
add comment="VLANs bridge" name=br-switch vlan-filtering=no protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] comment="MainRouter Trunk - VLAN20, 99"
set [ find default-name=ether2 ] comment="Trunk - VLAN20, 99"
set [ find default-name=ether3 ] comment="Trunk - VLAN20, 99"
set [ find default-name=ether4 ] comment="Trunk - VLAN20, 99"
set [ find default-name=ether5 ] comment="Management - VLAN99"

/interface vlan
add interface=br-switch name=VLAN20 comment=Houses vlan-id=20
add interface=br-switch name=VLAN99 comment=Management vlan-id=99

/interface bridge port
add bridge=br-switch interface=ether1 hw=yes 
add bridge=br-switch interface=ether2 hw=yes
add bridge=br-switch interface=ether3 hw=yes
add bridge=br-switch interface=ether4 hw=yes
add bridge=br-switch interface=ether5 hw=yes

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=VLAN99
Now, in the normal switch configuration, one would do the following,
/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=20
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=20
set ether4 vlan-mode=secure vlan-header=always-strip default-vlan-id=20
set ether5 vlan-mode=secure vlan-header=always-strip default-vlan-id=99
set switch1-cpu vlan-mode=secure vlan-header=leave-as-is
But since this is a Gigabyte switch, one cannot set the "vlan-header" and I have to do the following,
/interface ethernet switch port
set ether1 vlan-mode=secure
set ether2 vlan-mode=secure
set ether3 vlan-mode=secure
set ether4 vlan-mode=secure
set ether5 vlan-mode=secure default-vlan-id=99
set switch1-cpu vlan-mode=secure
The problem is that now the trunks are working well, but not the ether5 interface. Since Mikrotik is kind of a mess when trying to figure out VLANs and the switch chip, I even tried adding the bridge vlan configuration in case that was the thing missing,
/interface bridge vlan
add bridge=br-vlans tagged=br-vlans,ether1,ether2,ether3,ether4 vlan-ids=20
add bridge=br-vlans tagged=br-vlans,ether1,ether2,ether3,ether4 untagged=ether5 vlan-ids=99
But nothing gives me access to the VLAN99 in ether5. Has someone managed to get this working?
 
sindy
Forum Guru
Forum Guru
Posts: 3809
Joined: Mon Dec 04, 2017 9:19 pm

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip  [SOLVED]

Thu May 03, 2018 12:40 am

The key here is the datasheet of the switch chip. I don't own RB750Gr3 myself so I haven't looked for it, but I do own some hAP ac lite so I've had a look at the AR8227 used there and it can use the pvid to tag tagless packets on ingress, but on egress, you can choose to keep tags untouched, untag everything, or tag everything, but you cannot selectively untag by one particular vlan ID. So you cannot create a hybrid port which is an access one for a single VLAN and a trunk one for any number of other VLANs.

According to another topic it appears that MT7621 is not VLAN-aware at all, so it is physically impossible to have hardware switching and tagging/untagging on a single port at the same time, leaving aside different VLAN topologies.

hAP ac² also supports hardware encryption but its AR8327 is much more VLAN-friendly.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1736
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip

Thu May 03, 2018 1:03 am

if you dont intend to use new bridge implementation try routeros 6.40.8
 
tuxtlequino
newbie
Topic Author
Posts: 32
Joined: Tue Feb 16, 2016 12:46 am

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip

Thu May 03, 2018 1:33 am

According to another topic it appears that MT7621 is not VLAN-aware at all, so it is physically impossible to have hardware switching and tagging/untagging on a single port at the same time, leaving aside different VLAN topologies.

hAP ac² also supports hardware encryption but its AR8327 is much more VLAN-friendly.
They should have a wiki for every one of the routers/switches that Mikrotik offers with examples. You are right about MT7621 not being VLAN-aware. I wonder if that is something they will fix sometime in the future. For now, the router is working well. I am thinking that I may be able to accomplish what I want by having a Hybrid trunk as the main trunk configure in the router upstream so that when I connect to the ether5, I get the tagger port. It will be more for curiosity sake since the VLAN I want is my management VLAN and I wouldn't want someone to just connect to this VLAN by connecting to an open port somewhere.

Again, thank you!
 
tuxtlequino
newbie
Topic Author
Posts: 32
Joined: Tue Feb 16, 2016 12:46 am

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip

Thu May 03, 2018 1:34 am

if you dont intend to use new bridge implementation try routeros 6.40.8
I would think that the problem would persist since as mentioned above, it has something to do with the actual chip used here. For now I will leave it as it is.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1736
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip

Thu May 03, 2018 2:42 am

The key here is the datasheet of the switch chip. I don't own RB750Gr3 myself so I haven't looked for it, but I do own some hAP ac lite so I've had a look at the AR8227 used there and it can use the pvid to tag tagless packets on ingress, but on egress, you can choose to keep tags untouched, untag everything, or tag everything, but you cannot selectively untag by one particular vlan ID. So you cannot create a hybrid port which is an access one for a single VLAN and a trunk one for any number of other VLANs.

According to another topic it appears that MT7621 is not VLAN-aware at all, so it is physically impossible to have hardware switching and tagging/untagging on a single port at the same time, leaving aside different VLAN topologies.

hAP ac² also supports hardware encryption but its AR8327 is much more VLAN-friendly.

yes ar8327 is best

supports independent learning on each vlan

Who is online

Users browsing this forum: MSN [Bot] and 83 guests