Community discussions

 
Kazek
just joined
Topic Author
Posts: 24
Joined: Mon Feb 12, 2018 12:53 pm

VLANs with "stacked" switches

Fri Aug 03, 2018 5:25 pm

Hi,
I'm having an issue with VLANs. The setup:
RB3011UiAS-RM + multiple CRS326-24G-2S+RM

All machines were reseted to no default configuration and set up from the beginning.
Router:
eth0 - WAN
eth1-5 - bridge1 (LAN1)
eth6-10 - bridge_VLAN50 (LAN2)
sfp1 - LAN1 + tagged LAN2 (VLAN50)
DHCP server for VLAN50

Each switch:
eth1-16 - bridge1
eth17-24 - bridge_VLAN50
sfp1, sfp2 - LAN1 + tagged LAN2 (VLAN50) - trunk ports

The problem is that if I connect router + 1 switch everything works, but if I connect second switch the VLAN50 does not work anymore (on switch1 nor switch2). Unplug second switch everything works again normal.

Router code:
# jan/02/1970 03:52:13 by RouterOS 6.42.6
# software id = Z6Q3-2HFT
#
# model = RouterBOARD 3011UiAS
/interface bridge
add fast-forward=no name=bridge1
add fast-forward=no name=bridge_VLAN
/interface ethernet
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
/interface vlan
add interface=sfp1 name=vlan_50 vlan-id=50
/interface ethernet switch port
set 5 default-vlan-id=0 vlan-mode=fallback
set 6 default-vlan-id=0 vlan-mode=fallback
set 7 default-vlan-id=0 vlan-mode=fallback
set 8 default-vlan-id=0 vlan-mode=fallback
set 9 default-vlan-id=0 vlan-mode=fallback
set 11 default-vlan-id=0 vlan-mode=fallback
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_VLAN ranges=10.10.10.2-10.10.10.100
/ip dhcp-server
add address-pool=pool_VLAN disabled=no interface=bridge_VLAN name=server_VLAN
/interface bridge port
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge_VLAN interface=ether6
add bridge=bridge_VLAN interface=ether7
add bridge=bridge_VLAN interface=ether8
add bridge=bridge_VLAN interface=ether9
add bridge=bridge_VLAN interface=ether10
add bridge=bridge_VLAN interface=vlan_50
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=87.xxx.yy.182/30 interface=ether1 network=87.xxx.yy.180
add address=87.xxx.y.153/29 interface=ether2 network=87.xxx.y.152
add address=10.10.10.1/24 interface=bridge_VLAN network=10.10.10.0
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=87.zzz.yy.181
/system routerboard settings
set silent-boot=no
Switch code:
 # aug/03/2018 13:23:40 by RouterOS 6.42.6
# software id = BGBI-LLID
#
# model = CRS326-24G-2S+
/interface bridge
add admin-mac=CC:2D:E0:E0:3C:B2 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=bridge_VLAN
/interface vlan
add interface=sfp-sfpplus1 name=vlan50_sfp1 vlan-id=50
add interface=sfp-sfpplus2 name=vlan50_sfp2 vlan-id=50
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge_VLAN comment=defconf interface=ether17
add bridge=bridge_VLAN comment=defconf interface=ether18
add bridge=bridge_VLAN comment=defconf interface=ether19
add bridge=bridge_VLAN comment=defconf interface=ether20
add bridge=bridge_VLAN comment=defconf interface=ether21
add bridge=bridge_VLAN comment=defconf interface=ether22
add bridge=bridge_VLAN comment=defconf interface=ether23
add bridge=bridge_VLAN comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge_VLAN interface=vlan50_sfp1
add bridge=bridge_VLAN interface=vlan50_sfp2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge
/system clock
set time-zone-name=Europe/Amsterdam
/system routerboard settings
set boot-os=router-os silent-boot=no

Any suggestions what am I missing here?
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: VLANs with "stacked" switches

Fri Aug 03, 2018 6:48 pm

I don't know if this is an issue, but if I were doing it, the trunks between routers and switches would have nothing but VLAN tagged traffic - no untagged traffic. That's how I'm doing it at home with my three routers and five switches.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: VLANs with "stacked" switches

Sun Aug 05, 2018 4:43 am

I don't know if this is an issue, but if I were doing it, the trunks between routers and switches would have nothing but VLAN tagged traffic - no untagged traffic. That's how I'm doing it at home with my three routers and five switches.

It's a best practice to use a non-routable VLAN as the untagged VLAN. Ideally, it be kept at VLAN1. A common usage for this is standards based spanning-tree which is a loop prevention protocol amongst others. While MikroTik is capable of packaging STP BPDUs as untagged packets for VLANs in a manner consistent with Cisco's per-VLAN spanning-tree protocols it is not standards based and not a best practice.

I imagine you're either running in the per-VLAN based mode or do not have STP correctly running. I haven't actually sniffed a link without an untagged VLAN defined to see if MikroTik hides this fault to keep networks working despite the best effort of their admins.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: VLANs with "stacked" switches

Sun Aug 05, 2018 7:51 am

I imagine you're either running in the per-VLAN based mode or do not have STP correctly running. I haven't actually sniffed a link without an untagged VLAN defined to see if MikroTik hides this fault to keep networks working despite the best effort of their admins.

Of course I know what Spanning Tree is, but I am not using it at all. One of these days I do plan on creating a LAG between two of the switches, but never planned on STP.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: VLANs with "stacked" switches

Sun Aug 05, 2018 5:41 pm

I imagine you're either running in the per-VLAN based mode or do not have STP correctly running. I haven't actually sniffed a link without an untagged VLAN defined to see if MikroTik hides this fault to keep networks working despite the best effort of their admins.
[/quote


Of course I know what Spanning Tree is, but I am not using it at all. One of these days I do plan on creating a LAG between two of the switches, but never planned on STP.

I'd argue to keep with the best practice and use STP or the new MSTP implementation. It's just good common sense loop protection.

That said it looks like you're using the old way VLANs where done but not in a complete way. I'd urge you to migrate to the VLAN aware bridging approach. It's documented on the wiki.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: VLANs with "stacked" switches

Sun Aug 05, 2018 9:55 pm

I'd argue to keep with the best practice and use STP or the new MSTP implementation. It's just good common sense loop protection.

That said it looks like you're using the old way VLANs where done but not in a complete way. I'd urge you to migrate to the VLAN aware bridging approach. It's documented on the wiki.

I do not claim to be an expert here, but my understanding has always been that STP takes 30 seconds or more to switch if a link fails whereas a LAG responds almost instantly. Please correct me if I'm wrong. Here is a simplified drawing of my home LAN. It leaves out all the drops to local devices and only shows the routers and switches. The links between switches are all VLAN trunk ports.
Image

I am using routers EXCLUSIVELY as routers and switches exclusively as switches. Each port on a router is either a single non-tagged LAN or a VLAN trunk with two or more VLANs. In general terms, the DSL internet is the WAN for the RB750r2 and the Cable internet is the WAN for the RB750Gr3. There are about a half dozen LANs on the LAN side of each router (some with a dedicate physical port and some on a VLAN trunk port). The switches sort out the LANs to the required end device ports. Port 5 of each router is a tie line between the two for traffic that needs to get from a cable based LAN to a DSL based LAN. Neither router has a bridge configured and there would be no reason to add one for my purpose since no traffic enters either router on any given LAN and leaves on the same LAN - it ALWAYS leaves on a different LAN (except for traffic terminating on the router itself). All traffic through the router is Layer 3 routed. Again, correct me if I'm wrong, but a bridge in either router would be pointless.

As you can see, the link between the Garage and Family room is rather critical. If it goes down, pretty much everything stops working. My plan was to add a second link between the Garage and Family room switches that will be diverse physical routing. Then put both links into a LACP group. Speed is not the issue (both links are gigabit), redundancy is.

BTW, the HP switch in the garage will soon be replaced with a CSS326-24G-2S (today if I'm inspired enough to go out to the hot garage to do it). That will replace my last 10/100 switch. The HPs have worked flawlessly for years, but when I got internet faster than the DSL, I needed to start upgrading the infrastructure to go with it...

One more thing, a little apology to the original poster of this thread as we've somewhat hijacked your post, but I suspect you will learn stuff from it that at least somewhat relates to your original question.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
Kazek
just joined
Topic Author
Posts: 24
Joined: Mon Feb 12, 2018 12:53 pm

Re: VLANs with "stacked" switches

Sun Aug 05, 2018 10:08 pm

With all due respect k6ccc could you please stop kidnaping my topic?
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 1:26 am

@Kazek, to the best of my knowledge you cannot use an ethernet interface which is a member port of a bridge as a carrier interface of an /interface vlan. It somehow "half works" but with a lot of unexpected surprises. So you should implement the correct setup with a common bridge for all VLANs with vlan-filtering=yes and the associated settings if you want to use the SFP ports as hybrid ones (where one VLAN goes tagless and one or more others go tagged), or you should use another tag for the currently tagless VLAN. In the second case, you would remove the SFPs from the bridge named bridge, add another (pair of) /interface vlan with interface=sfpX and that additional VLAN ID, and make these /interface vlan member ports of the bridge named bridge.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Kazek
just joined
Topic Author
Posts: 24
Joined: Mon Feb 12, 2018 12:53 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 12:15 pm

I imagine you're either running in the per-VLAN based mode or do not have STP correctly running. I haven't actually sniffed a link without an untagged VLAN defined to see if MikroTik hides this fault to keep networks working despite the best effort of their admins.
[/quote


Of course I know what Spanning Tree is, but I am not using it at all. One of these days I do plan on creating a LAG between two of the switches, but never planned on STP.

I'd argue to keep with the best practice and use STP or the new MSTP implementation. It's just good common sense loop protection.

That said it looks like you're using the old way VLANs where done but not in a complete way. I'd urge you to migrate to the VLAN aware bridging approach. It's documented on the wiki.
OK, I've changed the setup to VLAN aware function. How do I assign my DHCP server now to VLAN because obviously if I put it on one only bridge I have it will work for VLAN1, not my VLAN50
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 12:54 pm

Any and all of the IP configuration for each VLAN, including /ip dhcp-server, has to be attached to the tagless sides of the /interface vlan in this case.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Kazek
just joined
Topic Author
Posts: 24
Joined: Mon Feb 12, 2018 12:53 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 1:15 pm

Any and all of the IP configuration for each VLAN, including /ip dhcp-server, has to be attached to the tagless sides of the /interface vlan in this case.
Taggless meaning one of untagged ports, correct? If so that's not possible since they are a slave ports
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 1:23 pm

No. /interface vlan is a pipe whose one end is connected to the underlying interface and receives and sends tagged frames, and its other end is an interface itself which sends and receives tagless frames. The pipe just cares about tagging and untagging. So if you have, say, /interface vlan name=vlanA interface=bridge vlan-id=25, you set /ip address add address=10.10.10.10/27 interface=vlanA and /ip dhcp-server add interface=vlanA ....
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Kazek
just joined
Topic Author
Posts: 24
Joined: Mon Feb 12, 2018 12:53 pm

Re: VLANs with "stacked" switches

Mon Aug 06, 2018 3:51 pm

No. /interface vlan is a pipe whose one end is connected to the underlying interface and receives and sends tagged frames, and its other end is an interface itself which sends and receives tagless frames. The pipe just cares about tagging and untagging. So if you have, say, /interface vlan name=vlanA interface=bridge vlan-id=25, you set /ip address add address=10.10.10.10/27 interface=vlanA and /ip dhcp-server add interface=vlanA ....
Thanks sindy! I could not make it work so I went with the second solution. Removed the sfp from bridge and tagged both networks on sfp ports. Seems to be working now, thanks!

Who is online

Users browsing this forum: No registered users and 101 guests