Hi,

I need some help to get this setup to work. Both routers are RB2011UAS-2HnD

Router A (192.168.80.1)
ISP A | ISP B. |
wan1 | wan2 |
-------------------------------------
eth1 | (eth2, valn1) | eth3-eth10
-------------------------------------
|
|
|
Router B | (192.168.88.1)
-------------------------------------
eth1 | (eth2, valn1) | eth3-eth10
-------------------------------------
wan1 (ISP B)

Router A has two wan ports, eth1 and eth2. I have successfully configured dual wan using PCC. Router A is working according to what I wanted.

On Router B eth1 (wan) and eth2 will route internet to Router A via eth2. This part is simple. What I need help is to configure a switch on Router B. Both routers have vlan1 on eth2. I want to use vlan1 to connect the routers. Router B should have a bridge (bridge-LAN) with ports from vlan1 and eth3-eth10. Router B bridge-LAN should be a switch to Router A. So Router B bridge-LAN should be under 192.168.80.0/24.

I don't know how to get the switch part configured.

Thanks

Jake

What is the vlan id of vlan1? Don't use vlan id 1, use something else to keep from getting confused. Vlan 1 is the default vlan and generally shouldn't be used if you're doing vlans.

I'm hoping this is right, from memory:

Create the vlan interface using a physical interface as it's "interface". That interface now has a tagged vlan on it ("trunked" in Cisco language). Do the same with the other router. You would connect the 2 routers together using those ports.

Any other physical ports you want on that vlan (in "Access" mode in Cisco language) you would create a bridge device and add the vlan device and the physical ports you want on that vlan.

Put your IP address(es) on the vlan interface.

That should do it.

Just thought of a few things:

What I just said is not the only way to do it. There are other ways. Testing on test devices helps. hAP-lite or hAP-mini devices are fantastic for testing...

You may have to "undo" the default bridge setup to get this to work. Mikrotik assumes on some devices that you want it set up like a "regular" home router which has 1 wan port and the LAN ports are all bridged. Your device isn't really a home device so I'm not sure what the default setup is.

Thank you.

But I cannot get VLAN working. I have named VLAN on both routers as VLAN-100 set on interface eth2, tagged, VLAN ID 100. Connected the two routers on port eth2. Set the ip address on

RouterA VLAN-100 192.168.80.2/24, network 192.168.80.0
RouterB VLAN-100 192.168.80.3/24, network 192.168.80.0

I cannot ping Router A to B or B to A. Both VLANs are not in bridge.

What am I doing wrong.

That should work.

Make sure eth 2 isn't part of another bridge, if it is and you have other cables connected to the router you might have a spanning tree loop.

Send exports:

/interface vlan export
/interface bridge export
/ip address export

I suppose it would be useful to set eth2 on both sides as a standalone interface, remove the vlan, and put the IP addresses right on the interface and test to make sure it can work. Then if you set the vlan-100 on eth2 and move the ip address to the vlan interface, it should "just work"...

Anything to do with switch vlan?

Router A

[admin@MikroTik] > /interface vlan export
# jun/02/2018 16:36:30 by RouterOS 6.42.1
# software id = YSFQ-H9GG
#
# model = 2011UAS-2HnD
# serial number = 419E0125FDC1
/interface vlan
add interface=ether2 name=vlan-100 use-service-tag=yes vlan-id=100
add interface=ether10 name=vlan-200 use-service-tag=yes vlan-id=200

[admin@MikroTik] > /interface bridge export
# jun/02/2018 16:37:11 by RouterOS 6.42.1
# software id = YSFQ-H9GG
#
# model = 2011UAS-2HnD
# serial number = 419E0125FDC1
/interface bridge
add fast-forward=no name=bridge-lan
add admin-mac=00:0C:42:F8:A5:78 auto-mac=no comment=defconf name=bridge-wan
/interface bridge port
add bridge=bridge-wan comment=defconf interface=ether2
add bridge=bridge-lan comment=defconf interface=ether3
add bridge=bridge-lan comment=defconf interface=ether4
add bridge=bridge-lan comment=defconf interface=ether5
add bridge=bridge-lan comment=defconf interface=ether6
add bridge=bridge-lan comment=defconf interface=ether7
add bridge=bridge-lan comment=defconf interface=ether8
add bridge=bridge-wan comment=defconf interface=ether9
add bridge=bridge-wan comment=defconf disabled=yes interface=sfp1
add bridge=bridge-wan comment=defconf interface=wlan1
add bridge=bridge-wan disabled=yes interface=ether10
add bridge=bridge-lan interface=vlan-100

[admin@MikroTik] > /ip address export
# jun/02/2018 16:37:30 by RouterOS 6.42.1
# software id = YSFQ-H9GG
#
# model = 2011UAS-2HnD
# serial number = 419E0125FDC1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge-wan network=192.168.88.0
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=10.10.10.5/24 interface=vlan-100 network=10.10.10.0
add address=192.168.80.11/24 interface=ether10 network=192.168.80.0
add address=192.168.80.21/24 interface=vlan-200 network=192.168.80.0

Router A
[admin@MT-MAIN] > interface vlan export
# jun/02/2018 16:38:09 by RouterOS 6.42.3
# software id = 6I1X-92CP
#
# model = 2011UAS-2HnD
# serial number = 402602239286
/interface vlan
add interface=eth2 name=vlan-100 use-service-tag=yes vlan-id=100
add interface=ether10-slave-local name=vlan-200 use-service-tag=yes vlan-id=200

[admin@MT-MAIN] > /interface bridge export
# jun/02/2018 16:38:32 by RouterOS 6.42.3
# software id = 6I1X-92CP
#
# model = 2011UAS-2HnD
# serial number = 402602239286
/interface bridge
add fast-forward=no name=COOKST
add admin-mac=D4:CA:6D:97:45:9F auto-mac=no fast-forward=no mtu=1500 name=bridge-local
/interface bridge port
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local disabled=yes interface=ether10-slave-local
add bridge=bridge-local interface=vlan-100

[admin@MT-MAIN] > ip address export
# jun/02/2018 16:38:46 by RouterOS 6.42.3
# software id = 6I1X-92CP
#
# model = 2011UAS-2HnD
# serial number = 402602239286
/ip address
add address=192.168.80.1/24 comment="default configuration" interface=bridge-local network=192.168.80.0
add address=10.0.0.1/24 interface=COOKST network=10.0.0.0
add address=10.10.10.3/24 interface=vlan-100 network=10.10.10.0
add address=192.168.80.10/24 interface=ether10-slave-local network=192.168.80.0
add address=192.168.80.2/24 interface=vlan-200 network=192.168.80.0

As far as I know, switch vlan is the old way to do it.

You said before you were using 192.168.80.x/24 on vlan100, but in this case it's 10.10.10.x/24.

Not sure you need the service tag. Try without it.

Your wan bridge is doing something not 100% clear in regards to eth2. You probably don't want eth2 in that bridge but I'm not sure what you're trying to accomplish with that. If you put eth2 in the bridge, the "native" interface will be bridged, and I'm not sure what is happening to the tagged vlan traffic with the bridge. Someone smarter than me would have to answer that.

Do you really want to do something separate with eth2 and vlan 100 going down eth2?

Hi,

I finally got the vlan working. The problem was with the switch configuration. I reset my router to default. Added VLAN their ip address. It is working fine. Thank you.