Community discussions

MikroTik App
  4. RouterOS
  5. General

VLAN on RB750Gr3

Post Reply
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3300
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

VLAN on RB750Gr3

Wed Aug 15, 2018 6:32 pm

I am still confused on how to setup VLAN on Mikrotik. I do know ho to do it on Cisco/HP and other but what is correct, I am not sure.
RB750Gr3 Running 6.42.6

If I do search for MikroTik and VLAN, this page shows up:
https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

Some more search, and I find this:
https://wiki.mikrotik.com/wiki/Manual:S ... p_Examples

In top of the same page, I do see that RB750Gr3 uses MT7621 chip.
In the table above its listed no under VLAN table, so it does not support VLAN??????

So what is correct.
Should I use bridge like the first link, or since RB750Gr3 has switch chip, should I use the second.

Can I actually use both solution?

In the Switch chip solution how do I connect IP to my VLAN.


Here is an example I would like to have explained.

Port 1- Wan
Port 2 - Untagged vlan 1, Tagged vlan 20 and 30
Port 3 - Untagged vlan 20
Port 3 - Untagged vlan 1 Tagged 30

IP Vlan 1 192.168.88.1/24 (This is setup default)
IP VLan 20 192.168.20.1/24
IP Vlan 30 192.168.30.1/24
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLAN on RB750Gr3

Wed Aug 15, 2018 11:11 pm

In the table above its listed no under VLAN table, so it does not support VLAN??????
...
Here is an example I would like to have explained.

Port 1- Wan
Port 2 - Untagged vlan 1, Tagged vlan 20 and 30
Port 3 - Untagged vlan 20
Port 4 - Untagged vlan 1 Tagged 30

IP Vlan 1 192.168.88.1/24 (This is setup default)
IP VLan 20 192.168.20.1/24
IP Vlan 30 192.168.30.1/24
The 7621 switch chip does not support VLANs, so you have to use an all-software solution using the bridge.

Assuming you have a single bridge named bridge:
Code: Select all
/interface bridge port
add bridge=bridge interface=ether2 pvid=10
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether4 pvid=10

/interface bridge vlan
add vlan-ids=10 tagged=bridge untagged=ether2,ether4
add vlan-ids=20 tagged=bridge untagged=ether3
add vlan-ids=30 tagged=bridge,ether2,ether4

/interface vlan
add name=vlan10 vlan-id=10 interface=bridge
add name=vlan20 vlan-id=20 interface=bridge
add name=vlan30 vlan-id=30 interface=bridge

/ip address
add address=192.168.88.1/24 interface=vlan10
add address=192.168.20.1/24 interface=vlan20
add address=192.168.30.1/24 interface=vlan30

/interface bridge set bridge vlan-filtering=yes
Use of VLAN ID 1 is somehow mysterious, so I suggest to use VLAN ID 10 instead. To use VLAN ID 1, you would have to do some modifications to the above.
Top
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3300
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 8:04 am

Thank you, I will try that out.

Why do you set pvid 10 on ethernet 2 and 4? should it noe be pvid=1

Why do RB750Gv3 then have the swtich menu with both port and VLAN?
So since the table here
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
does not show vlan table for MT7621, it does not support switch vlan?

And the small 941-2nd with chip Atheros8227 does support it?

Could you use bot type of VLAN on 941-2nd?
Top
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1281
Joined: Tue Jun 23, 2015 2:35 pm

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 9:52 am

Hi sindy,
same question where did you find that 7621 switch chip does not support VLANs?
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 11:00 am

where did you find that 7621 switch chip does not support VLANs?
nichky, somewhere on this forum someone of the Mikrotik staff mentioned hardware VLAN support on hEX r3 "in future", but I am unable to find that post now.

So I gave @Jotne the instruction how to do it in software. To see a menu item in Winbox/WebFig/sometimes even CLI does not always mean that the feature actually works. So try to configure something like /interface ethernet switch port set ether5 vlan-mode=secure or /interface ethernet switch vlan add vlan-id=20 ports=ether5 switch=switch1. You either get an error message, which means that the "future" mentioned in that post has not come yet, or you'll get no error message and subsequent print will show the command has changed the settings, which will mean that future is here and the manual has not been updated.

Jotne, I wrote the reasons why I've suggested use of VLAN ID 10 instead of VLAN ID 1 in the end of that post. Basically it is because Mikrotik supports the idea of "hybrid" bridge where tagless frames can exist inside the bridge, something you won't find on switches like Cisco Catalyst. Normally, if you set some pvid value in /interface bridge port item, tagless frames get tagged on ingress with the VLAN ID specified this way. But if that pvid value matches the pvid value set on the bridge itself, they get in tagless.

So the same configuration with VID 1 used instead of VID 10 should look the following, but it is without any warranty and you have to test yourself:
Code: Select all
/interface bridge port
add bridge=bridge interface=ether2 pvid=1
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether4 pvid=1

/interface bridge vlan
add vlan-ids=1 untagged=bridge,ether2,ether4
add vlan-ids=20 tagged=bridge untagged=ether3
add vlan-ids=30 tagged=bridge,ether2,ether4

/interface vlan
add name=vlan20 vlan-id=20 interface=bridge
add name=vlan30 vlan-id=30 interface=bridge

/ip address
add address=192.168.88.1/24 interface=bridge
add address=192.168.20.1/24 interface=vlan20
add address=192.168.30.1/24 interface=vlan30

/interface bridge set bridge vlan-filtering=yes
On Atheros8227, the VLAN support is weird in terms that it cannot selectively untag only frames belonging to port's pvid on egress. This makes it impossible to use true hybrid ports where the access VLAN would be tagged internally, but you can make use of the fact that tagless frames may exist internally to have pseudo-hybrid ports for one "tagless VLAN" while the rest of VLANs are tagged, and still have hardware switching.
Top
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3300
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 11:18 am

@sindy
Thanks a lot for your response.

I am starting to understand why so many have problem with VLAN on the MT boxes.
It does not show how to do it on the different devices and some device support different ways to do it.
I would guess that using switch chip (hardware) would be faster than software.
If so, that should clearly be stated along with what VLAN types work with what hardware.

On the RB750Gv3 I did try this line on port3 since its not in use:
Code: Select all
/interface ethernet switch vlan add vlan-id=30 ports=ether3 switch=switch1
No error message was given, and I can also see the VLAN showed up in GUI under Switch->VLAN
So does it mean that it works?
Int the log I do see this:
Code: Select all
U switch vlan added                        myuser                                write
I will test out the software VLAN later when I have some more time.
On Atheros8227, the VLAN support is weird in terms that it cannot selectively untag only frames belonging to port's pvid on egress.
Where do you find that information?
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
It does not give any hint there that VLAN for this device has some restriction.
Top
 
msatter
Forum Guru
Forum Guru
Posts: 2912
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 11:27 am

That about vlan support in the future for the RB750Gr3/RB760iGS is to be found here:
viewtopic.php?t=113724&start=50#p567533
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: VLAN on RB750Gr3

Thu Aug 16, 2018 1:25 pm

No error message was given, and I can also see the VLAN showed up in GUI under Switch->VLAN
So does it mean that it works?
It gives some hope, but you'd have to do a complete setup and see how it behaves. I don't have that box anywhere, as for all my applications the hAP ac² is as good as it and in some aspects superior to it.

On Atheros8227, the VLAN support is weird in terms that it cannot selectively untag only frames belonging to port's pvid on egress.
Where do you find that information?
https://wiki.mikrotik.com/wiki/Manual:S ... p_Features
It does not give any hint there that VLAN for this device has some restriction.
It does but well hidden between the lines. In the "VLAN Example 1 (Trunk and Access Ports)", the following is stated:
Setting "vlan-mode=secure" ensures strict use of VLAN table.
Setting "vlan-header=always-strip" for access ports removes VLAN header from frame when it leaves the switch chip.
Setting "vlan-header=add-if-missing" for trunk port adds VLAN header to untagged frames.
"Default-vlan-id" specifies what VLAN ID is added for untagged ingress traffic of the access port.
So nothing about specific handling of default-vlan-id on egress, which means that none such behaviour happens. Confirmed by practical experiments and study of the switch chip datasheet which miraculously can be found on the web for the 8227.

In the "VLAN Example 2 (Trunk and Hybrid Ports)", there is:
In Gigabit switch chips when "vlan-mode=secure", it ignores switch port "vlan-header" options. VLAN table entries handle all the egress tagging/untagging and works as "vlan-header=leave-as-is" on all ports.
It means what comes in tagged, goes out tagged as well, only "default-vlan-id" frames are untagged at the egress of port.
So the 8327 supports real hybrid ports.

My experience with Mikrotik documentation is that it is usually exact and when it seems to you that something is missing in the documentation by mistake, it is caused by your wishful thinking because it is actually missing in the product.
Top
 
mbrentlinger
just joined
Posts: 4
Joined: Sun Apr 26, 2020 4:31 pm

Re: VLAN on RB750Gr3

Mon Apr 27, 2020 4:14 pm

I just want to say thank you for this post.
I struggled with a similar problem and got completely lost in the documentation.
This simple example was just what I needed.
Also... I agree the default vlan1 behaves very mysteriously (at least to me) on Mikrotik devices.


...
Here is an example I would like to have explained.

Port 1- Wan
Port 2 - Untagged vlan 1, Tagged vlan 20 and 30
Port 3 - Untagged vlan 20
Port 4 - Untagged vlan 1 Tagged 30

IP Vlan 1 192.168.88.1/24 (This is setup default)
IP VLan 20 192.168.20.1/24
IP Vlan 30 192.168.30.1/24
The 7621 switch chip does not support VLANs, so you have to use an all-software solution using the bridge.

Assuming you have a single bridge named bridge:
Code: Select all
/interface bridge port
add bridge=bridge interface=ether2 pvid=10
add bridge=bridge interface=ether3 pvid=20
add bridge=bridge interface=ether4 pvid=10

/interface bridge vlan
add vlan-ids=10 tagged=bridge untagged=ether2,ether4
add vlan-ids=20 tagged=bridge untagged=ether3
add vlan-ids=30 tagged=bridge,ether2,ether4

/interface vlan
add name=vlan10 vlan-id=10 interface=bridge
add name=vlan20 vlan-id=20 interface=bridge
add name=vlan30 vlan-id=30 interface=bridge

/ip address
add address=192.168.88.1/24 interface=vlan10
add address=192.168.20.1/24 interface=vlan20
add address=192.168.30.1/24 interface=vlan30

/interface bridge set bridge vlan-filtering=yes
Use of VLAN ID 1 is somehow mysterious, so I suggest to use VLAN ID 10 instead. To use VLAN ID 1, you would have to do some modifications to the above.
Top
Post Reply

Who is online

Users browsing this forum: gigabyte091, raiser and 214 guests
  4. RouterOS
  5. General