Community discussions

MikroTik App
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Two VLANS to another place. Voip + Data

Fri Nov 16, 2018 1:51 pm

I have a little trouble and I will explain first.
The ISP at my friend location installed a Switch with 12 ports. 6 ports are only for VoIP (this own PBX) and the other 6 are for normal data.

My friend has a little far away room (200 mts) we linked using Ubiquiti Nano.... but the Voip is not working. of course.... because is a different network (from port 1 to 6).

The ISP say... install another Internet in the room and you can have our VoIP.... GRRRRR

Then. I want to do the following...

In the main office, I installed this: CRS109-8G-1S-2HnD-IN (192.168.1.5)
For having many ports and wireless. All like switch
Eth2 = link to the ISP switch in data ports
Eth7 = link to the ISP switch in voip portd (vlan 200)
Eth8 = link to the room with ONE cable with vlans

The the room, I installed this in switch mode (no wan port) hAP lite (192.168.1.6)
eth 1 = link coming from the other switch. Receiving two vlans
eth 2-3 = data for pc
eth 4 = voip phone (must be linked with vlan 200 and connecting to eth7 in the other switch)

But I can´t do it. I think I am doing correctly. The best I can is good ping in DATA without good tcp data stream. Only ping...

Here the config.... any advise and I will be super happy.

192.168.1.5:

/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name=bridge
add name=voip-bg
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=voip-bg interface=ether7 pvid=200
add bridge=bridge disabled=yes interface=ether8
add bridge=bridge interface=sfp1
add bridge=bridge interface=eth8-vlan100 pvid=100
add bridge=voip-bg interface=eth8-vlan200 pvid=200
add bridge=bridge interface=wlan2
/interface bridge vlan
add bridge=voip-bg untagged=ether7 vlan-ids=200

/interface vlan
add interface=ether8 name=eth8-vlan100 use-service-tag=yes \
vlan-id=100
add interface=ether8 name=eth8-vlan200 use-service-tag=yes vlan-id=200

----------------------------
Now 192.168.1.6

/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=voip-bg
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=wlan1
add bridge=bridge disabled=yes hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=eth1-vlan100 pvid=100
add bridge=voip-bg interface=eth1-vlan200 pvid=200
add bridge=voip-bg interface=ether4 pvid=200
/interface bridge vlan
add bridge=voip-bg vlan-ids=200
add bridge=bridge vlan-ids=100

/interface vlan
add interface=ether1 name=eth1-vlan100 use-service-tag=yes \
vlan-id=100
add interface=ether1 name=eth1-vlan200 use-service-tag=yes vlan-id=200

----------------------------------

Thank you for any advise...
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: Two VLANS to another place. Voip + Data

Fri Nov 16, 2018 4:52 pm

Your VLAN configuration doesn't look totally correct.
Maybe this will help: https://wiki.mikrotik.com/wiki/Manual:L ... idged_VLAN

But if the routers are the only network equipment, then why use VLANs at all? Just make two bridges and route them normally.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 16, 2018 7:09 pm

Nice spot, with our snowfall this morning I wish I was there - visited Aguilas for two weeks (and drove to Grenada for a day) in the summer.
{Edit, I should explain that I noticed the OP was from Fuengirola Spain, and am very curious about a place I have never heard of before, Concur it was not thread centric, but did it really bother you that much??}

As for the thread, its a very interesting situation and it seems the op is trying to use a VLAN over a wireless connection.
Since many WISPs operate in the wifi realm, I would imagine this is in some cases a normal way of operating.

If one can translate the wifi connection as being 'similar' to joining by cable, then we have two devices at either end that need configuring.
Much like the case I can relate to at home with a hex router and a capAC. In this case both have their own bridges and it works just fine and thus why a little confused that the advice of one bridge would be applicable here?? (to me the ubiquiti unit acts like an ethernet cable and just transfers whatever flows in at one end to the other end)?
Last edited by anav on Sat Nov 17, 2018 5:40 pm, edited 1 time in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 16, 2018 8:36 pm

Thank you my friend for your answer.
In the example is only with ONE bridge.
I need to bridges, coming from different ETH... JOIN in a single ETH (I think 2 VLANS) and after in the another equipment, SEPARATE it.

I will disable RSTP.... but, I don;t understand something from the example..

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether2 vlan-ids=10


How can I put in one side, for example ETH3 to bridge2? and after put together for example in eth5?

Is this?

/interface bridge
add name=bridge2 vlan-filtering=yes
/interface bridge port
add bridge=bridge2 interface=ether3
/interface bridge vlan
add bridge=bridge2 tagged=ether3 vlan-ids=20

And if is correct.... how can I join both vlan in the eth5?

And remember, the traffic from eth1, 2 and 3 is without any tag!

Thank you a lot.

Your VLAN configuration doesn't look totally correct.
Maybe this will help: https://wiki.mikrotik.com/wiki/Manual:L ... idged_VLAN

But if the routers are the only network equipment, then why use VLANs at all? Just make two bridges and route them normally.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 12:27 pm

This should be the switching part, IP is set on the default VLAN (1) . Needs 6.41+ Router OS
Data goes untagged between the two switches. Voice is tagged with VLAN 200

192.168.1.5:
/interface bridge
add name=bridge vlan-filtering=yes

/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether7 pvid=200
add bridge=bridge interface=ether8

/interface bridge vlan
add bridge=bridge tagged=bridge,ether8 untagged=ether7 vlan-ids=200

/ip address
add address=192.168.1.5/24 interface=bridge network=192.168.1.0
192.168.1.6
/interface bridge
add name=bridge vlan-filtering=yes

/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3 pvid=200
add bridge=bridge interface=ether4 pvid=200

/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=ether4 vlan-ids=200

/ip address
add address=192.168.1.6/24 interface=bridge network=192.168.1.0
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 1:26 pm

Thank you, maybe I will try today. but a question
Does it means I will have only ONE bridge?
Not two bridges?
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 5:10 pm

My friend. If I do this (I am trying now) I got a big one loop and in the logs, before the disconnection I got:

ethe3: bridge port received packet with own address as source (cc:2d:e0:2f:07:61), probably a loop

I think the switch from the ISP has the same mac address in different ports
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 5:27 pm

Only one bridge. Since 6.41+ bridges on RouterOS is VLAN aware.
Why you get loop, I am not sure.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 7:15 pm

I am confused by many things in the post (or unknowns) because VOIP is a bit unfamiliar and the configuration is weird.

VOIP
The fact that the ISP switch already has VOIP ports out -
Does that mean each port goes to a specific VOIP device (phone) with a different phone number per port?
or
Does one take one VOIP port and then take it to a phone switch panel and then a whole bunch of phones share that line.
Where is the VOIP modem in this scenario.

ROUTING
What is being attempted is to use the ISPs VOIP in a separate room, but the switch VOIP output is not expected to go through the router (only the data) and is why the ISP is trying to get you into another account.

WORK AROUND
From what i see, the suggestion is to pretend the VOIP output switch port is LIKE a PC device with zero vlan tagging (an access port scenario).
Thus on the router in the office you want to bring a VOIP port into the router ethX, and then tag it with VLANID
Then using the ubiquiti transfer (think of it as a dummy wireless cable that is simply a conduit), at the other end capture the VLAN data coming through
and route it to a voip modem or voip device etc.............

In this case, the one bridge concept does not seem necessary, nor does it make sense from my limited experience. The connecting feature for networking connectivity is the VLAN, not the bridge (we have two routers remember). I will only focus on the key elements for the VOIP.

configuration proposed was off the mark and removed.......
Last edited by anav on Mon Nov 19, 2018 5:41 pm, edited 2 times in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:11 pm

First, I will answer something and after I will explain what did I discover today

1.- The first 8 ports in the ISP switch are allowed to use VoIP. If I connect the ISP pre-configured phones to others ports, it doesn't work. It must be only in the first 8 ports.


But I discovered if I connect a computer to the first 8 ports, I have internet and the same network that the other ports, but if I connect the phone here, I got 172.16.x.x IP in the phone (only access in the menu in the phone for watching the IP)..

Then... the phone is using a VLAN that is ONLY WORKING in the first 8 ports ONLY.

I don't know this tag, but I need to allow a device "far away" to use this VLAN (I don't know the tag), using the previus situation. TWO switch linked by ONE wire....

How can I allow "transparent" traffic with/without vlan tag...

Thank you!!!!
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:19 pm

Exactly I didn't know but thinking the ISP switch has "not different" between the "voip ports" and the normal ports, just the "voip ports" have a VLAN allowed.. then, when I connect this port to the MK Switch TWO times in the same bridge, I am getting the loop.

GRRRRR Hating movistar with their super close and proprietary solutions for getting and getting money....

They say. Do you want the phone in the room. Contract another fiber, Cloud PBX, one extension and about 100 eur/month...
Only one bridge. Since 6.41+ bridges on RouterOS is VLAN aware.
Why you get loop, I am not sure.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:34 pm

But I discovered if I connect a computer to the first 8 ports, I have internet and the same network that the other ports, but if I connect the phone here, I got 172.16.x.x IP in the phone (only access in the menu in the phone for watching the IP)..
So it seems that first 8 ports are - what we call them here - hybrid ports with internet untagged and VoIP tagged, while the rest of ports are access ports with only internet.
The trick now is to discover which VLAN ID is used for VoIP. You can try to find that info from phone's menus (VLAN ID is a number between 1 and 4000-something).
If you won't be able to find it, you could try to get it the hard way: plug RB between phone and VoIP port (use two ports on RB that are members of bridge, disable HW offload so that traffic will pass RB's CPU) and sniff traffic off the port where phone is plugged in. Even though registration might fail, there will be some tries using the right VLAN ID.

Edit: seems that on FTTH movistar is using VLAN ID 6 for internet and VLAN ID 3 for VoIP. It is reasonable to expect that internet would get untagged on CPE devices while VoIP (and IPTV) would remain tagged with same VLAN ID even on customer's side of CPE as it is expected to use specialized equipment for those services.
Last edited by mkx on Sat Nov 17, 2018 8:42 pm, edited 1 time in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:39 pm

Thank you Mr.
Is the way... you are right, they are hybrid ports.
The menu in the phone is very very small (it has an admin access with 16 digits password jajajaja).
and yes, I need to discover the ID.
And I will try the next week to do the sniffer. Thank you for the HW offload. I didn't know it.
Super

But I discovered if I connect a computer to the first 8 ports, I have internet and the same network that the other ports, but if I connect the phone here, I got 172.16.x.x IP in the phone (only access in the menu in the phone for watching the IP)..
So it seems that first 8 ports are - what we call them here - hybrid ports with internet untagged and VoIP tagged, while the rest of ports are access ports with only internet.
The trick now is to discover which VLAN ID is used for VoIP. You can try to find that info from phone's menus (VLAN ID is a number between 1 and 4000-something).
If you won't be able to find it, you could try to get it the hard way: plug RB between phone and VoIP port (use two ports on RB that are members of bridge, disable HW offload so that traffic will pass RB's CPU) and sniff traffic off the port where phone is plugged in. Even though registration might fail, there will be some tries using the right VLAN ID.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:43 pm

It can be one of two thing going on.
1. ISP as a tagged VLAN on port 1-8 and phone used the tagged VLAN.
2. ISP are using auto sense, so that when a phone is connected it change to an different VLAN (we do use these option on out work, mac authentication)

If the first option is used, you need to find out what VLAN is sent as a tagged VLAN. It may be sniffed out using wireshark.
Then setup the MT to use untagged VLAN as a PC net and then add the same VLAN as the ISP is using for VoIP to your Router as a tagged VLAN.
You can then send VoIP VLAN to the other router and setup a tagged port for the phone there.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 8:47 pm

Yes Mr. I will try it maybe the next week. I hope is not auto sense.... just VLAN pre configured in the phone.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:04 pm

The proposed config was incorrect and removed:
Last edited by anav on Mon Nov 19, 2018 5:40 pm, edited 1 time in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:08 pm

Thank you my friend for your interest. But... for whats is this?
Sorry if I don't understand
Since the ISP cannot guarantee what devices may or may not be able to do (feature set), then I would suggest its a hard coded VLAN number (as mkx suggested).
If so then for for the setup I would use the following:

192.168.1.5: (OFFICE ROUTER)
/interface vlan
add interface=voip-bg name=VOIP-VLAN vlan-id=200
add interface=voip-bg name=Data-VLAN vlan-id=100
add interface=voip-bg name=ISP-vlan vlan-id=3
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name= \
voip-bg protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
/interface bridge vlan
add bridge=voip-bg tagged=voip-g,ether7,ether8 \
vlan-ids=200,100,3

----------------------------
Now 192.168.1.6
/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=Roombridge \
vlan-filtering=yes
/interface bridge port
add bridge=Roombridge interface=ether1
add bridge=Roombridge interface=ether4
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,ether1,ether4 \
vlan-ids=200,100,3
/interface vlan
add interface=Roombridge name=VOIP-VLAN vlan-id=200
add interface=Roombridge name=Data-VLAN vlan-id=100
add interface=Roombridge name=ISP-vlan vlan-id=3
...

I will assume there is no need to assign DHCP settings for VLAN3 as the voip modem or systems will take care any assignment requirements???
Also, if this is a vlan ISP connection then the op would have to:
a. create an ethernet interface for the ISP (ISP INTERNET)
b. create vlan6 with the parent interface being the ethernet interface in a. (ISP INTERNET)

Otherwise how is the OP getting internet???
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:12 pm

Sorry I must be replying to a different thread.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:21 pm

Noo, I think is for me.... but, what do you want to do with this config?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:37 pm

It looks like he tries to get all data from the ISP using tagged VLAN, but that would not work, since we already know that connecting a PC gives you a data network. So at least the Data VLAN goes untagged.

You need to find what VLAN the ISP does use to send VoIP data. When you have that we may be able to make a configuration.

PS you should remove your Signatur. It just shows up as links like this: (t changed in the http)
+ if it works, it makes the page loads slower due to need of opening third part sites.
[img size=100]h**p://speedtest.ookla.com/result/2186635528.png[/img]
[img size=100]h**p://www.speedtest.net/result/6406510704.png[/img]
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 9:52 pm

Yes my friend. I will try to find the ID of the VLAN

I know about my signature, how can I put the image for the signature?

Thank youuuuuu
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 17, 2018 11:06 pm

Yes, the config is for you and assumes the router port connected to the ISP switch is ether7, and the router port connected to the ubiquiti is ether8.

The question remains, why vlan100, and I assume its because you want the data from the ROOM connection to go straight to the internet and not have access to your LAN necessarily.. If so, then you have to be able to tag the ROOM data (PCs) with vlan100. We can replace the vlan200 with Vlan3 and no requirement for DHCP is my conclusion????

Therefore I see two cases.
One can use one port for both data and voip or you can use one port for data and one port for voip (probably better for traffic separation troubleshooting and cconfiguration).
In Case A, I potentially see a problem of duplicating/conflicting internet traffic from two sources in Case B we can isolate due to using vlan for data. Assuming voip vlan is on vlan id:3
Room router has ubiquite connection on ether1 and data going to etherports2,3 and VOIP going on ether4. Case A below describes one big happy LAN that all users share - no separation.
Case B describes the ROOM network as vlan100 and totally separate from the rest of the LAN. If you want to enable any routing between VLAN100 and the regular LAN or vice versa it can be done with firewall rules.

Case A. One LAN, One VLAN for VOIP (ONE PORT FROM SWITCH to PORT 7 of main router, data travels on default VlanID:1)

.15
/interface vlan
add interface=voip-bg name=VOIP-VLAN vlan-id=3
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name= \
voip-bg protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
/interface bridge vlan
add bridge=voip-bg tagged=voip-g,ether7,ether8 \
vlan-ids=3

.16

/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=Roombridge \
vlan-filtering=yes
/interface bridge port
add bridge=Roombridge interface=ether1
add bridge=Roombridge interface=ether2
add bridge=Roombridge interface=ether3
add bridge=Roombridge interface=ether4 ingress filtering=yes pvid=3
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,eth1 \
 untagged=eth4 vlan-ids=3
/interface vlan
add interface=Roombridge name=ISP-vlan vlan-id=3

Case B - OneLAN, One VLAN for data, One VLan for VOIP
Two ports from the switch are used into the main router ports 6,7 but we isolate port 6 just for lan-internet data (on vlan100 for other room) and port7 mainly for voip. {edit: I should add, the eth7 port accepts both the already tagged voip data from the provider as well as data (on default vlanid:1) and thus this serves the need of lan-internet data on the main router.}
{recently fixed to reflect the need for two /interface bridge vlan rules as required}
.15
/interface vlan
add interface=voip-bg name=Data-VLAN vlan-id=100
add interface=voip-bg name=ISP-vlan vlan-id=3
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name= \
voip-bg protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=eth6 ingress filtering=yes pvid=100
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
/interface bridge vlan
add bridge=voip-bg tagged=voip-g,ether8 \
untagged=eth6  vlan-ids=100
/interface bridge vlan
add bridge=voip-bg tagged=voip-g, ether7,ether8 \
vlan-ids=3
.16
/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=Roombridge \
vlan-filtering=yes
/interface bridge port
add bridge=Roombridge interface=ether1
add bridge=Roombridge interface=ether2 ingress filtering=yes pvid=100
add bridge=Roombridge interface=ether3 ingress filtering=yes pvid=100
add bridge=Roombridge interface=ether4 ingress filtering=yes pvid=3
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,ether1 \
untagged=eth2,eth3 vlan-ids=100
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,ether1 \
untagged=eth4  vlan-ids=3
/interface vlan
add interface=Roombridge name=Data-VLAN vlan-id=100
add interface=Roombridge name=ISP-vlan vlan-id=3
Last edited by anav on Mon Nov 26, 2018 2:30 pm, edited 6 times in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sun Nov 18, 2018 10:39 pm

In this week, I don't know what day, I will go to my friend house and I will try it.

I will use a mini mikrotik 3 port. I will put 2 ports in the same bridge with HW offload and using the sniffer from the same device, is this enough?
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sun Nov 18, 2018 10:45 pm

1.- I am not using really a router. The mikrotik switch in the eth7 is for connection to the ISP switch, and the ubiquiti to eth8. And eth3 is also for the "same switch" but in port for "data"

2.- I am using VLAN maybe because I am not expert in VLANs... I just "want" to separe DATa and "VOIP" and data TAg=100 and VOIP ID=200 or whatever, but maybe because I don't know so much, I don't need two VLAN, just one....

I don't to separate the data from ROOM to the LAN. even, I need to create a big network. The person in the room will access the same in the LAN... printers, webpage and system...

3.- I need a big one network and voip. No security risk. Case A

4.- I will use your info. Case A, but anyway, Do I need to "discover" the VLAN ID from the ISP, I do?

Thank you!!!!!!
Yes, the config is for you and assumes the router port connected to the ISP switch is ether7, and the router port connected to the ubiquiti is ether8.

The question remains, why vlan100, and I assume its because you want the data from the ROOM connection to go straight to the internet and not have access to your LAN necessarily.. If so, then you have to be able to tag the ROOM data (PCs) with vlan100. We can replace the vlan200 with Vlan3 and no requirement for DHCP is my conclusion????

Therefore I see two cases.
One can use one port for both data and voip or you can use one port for data and one port for voip (probably better for traffic separation troubleshooting and cconfiguration).
In Case A, I potentially see a problem of duplicating/conflicting internet traffic from two sources in Case B we can isolate due to using vlan for data. Assuming voip vlan is on vlan id:3
Room router has ubiquite connection on ether1 and data going to etherports2,3 and VOIP going on ether4. Case A below describes one big happy LAN that all users share - no separation.
Case B describes the ROOM network as vlan100 and totally separate from the rest of the LAN. If you want to enable any routing between VLAN100 and the regular LAN or vice versa it can be done with firewall rules.

Case A. One LAN, One VLAN for VOIP (ONE PORT FROM SWITCH to PORT 7 of main router, data travels on default VlanID:1)

.15
/interface vlan
add interface=voip-bg name=VOIP-VLAN vlan-id=3
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name= \
voip-bg protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
/interface bridge vlan
add bridge=voip-bg tagged=voip-g,ether7,ether8 \
vlan-ids=3

.16

/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=Roombridge \
vlan-filtering=yes
/interface bridge port
add bridge=Roombridge interface=ether1
add bridge=Roombridge interface=ether2
add bridge=Roombridge interface=ether3
add bridge=Roombridge interface=ether4 ingress filtering=yes pvid=3
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,eth1,eth4\
vlan-ids=3
/interface vlan
add interface=Roombridge name=ISP-vlan vlan-id=3

Case B - OneLAN, One VLAN for data, One VLan for VOIP
Two ports from the switch are used into ports 6,7 but we isolate port 6 just for data on vlan7 and port7 just for voip.

.15
/interface vlan
add interface=voip-bg name=Data-VLAN vlan-id=100
add interface=voip-bg name=ISP-vlan vlan-id=3
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no name= \
voip-bg protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=eth6 ingress filtering=yes pvid=100
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
/interface bridge vlan
add bridge=voip-bg tagged=voip-g,ether6, ether7,ether8 \
vlan-ids=100,3
.16
/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=Roombridge \
vlan-filtering=yes
/interface bridge port
add bridge=Roombridge interface=ether1
add bridge=Roombridge interface=ether2 ingress filtering=yes pvid=100
add bridge=Roombridge interface=ether3 ingress filtering=yes pvid=100
add bridge=Roombridge interface=ether4 ingress filtering=yes pvid=3
/interface bridge vlan
add bridge=Roombridge tagged=Roombridge,ether1,ether2,ether3,ether4 \
vlan-ids=100,3
/interface vlan
add interface=Roombridge name=Data-VLAN vlan-id=100
add interface=Roombridge name=ISP-vlan vlan-id=3
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sun Nov 18, 2018 10:50 pm

And ONE stupid question.

Because I don't understand anything about VLAN...
Is possible for example for connect a device using VLAN (in its configuracion) pass across witch without taking out the VLAN ID in the TCP/IP heaader?

Why is my "stupid question".

Because if the phone has de ID=XXXXXX and I connect to the swich, can I allow to move the HEADER without any modification?

Is because in the port 1-8 of the ISP router have the VLAN allowed (the phone works in any, and computer also with the internal normal IP).... If I can connect the phone "far" and NOT touch the IP header..... Do you understand me?

Thank youuuuuuuu
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two VLANS to another place. Voip + Data

Mon Nov 19, 2018 12:06 am

My assumption is that VoIP is carried over tagged VLAN from ISP's switch ...
I'm pretty sure that phone number used for incoming calls is tied to phone's MAC address (or some other unique identification) and thus it doesn't matter how it's connected to the VoIP network of your ISP, which is determined by VLAN ID. It is, however, important that it is connected to the correct VLAN.
It would be possible to get VoIP working in the other room without knowing the correct VLAN ID, but that would also mean that data devices in the other room would not be part of your LAN. If I understand yiur intentions right, then it is vital to find out the VLAN ID used for VoIP and to correctly setup all routerboards between ISP's switch and the other room.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Mon Nov 19, 2018 9:49 am

Super, super. I will try to sniff the packets. Thank you a lot!!!!
In Spain you have a room jajajajaja.... only tell me jajaja
My assumption is that VoIP is carried over tagged VLAN from ISP's switch ...
I'm pretty sure that phone number used for incoming calls is tied to phone's MAC address (or some other unique identification) and thus it doesn't matter how it's connected to the VoIP network of your ISP, which is determined by VLAN ID. It is, however, important that it is connected to the correct VLAN.
It would be possible to get VoIP working in the other room without knowing the correct VLAN ID, but that would also mean that data devices in the other room would not be part of your LAN. If I understand yiur intentions right, then it is vital to find out the VLAN ID used for VoIP and to correctly setup all routerboards between ISP's switch and the other room.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 10:34 pm

Tomorrow I will go to my friend's house.
I have a mini MK and a 751.
The only big question is...

I will put eth2 = switch in VoIP ports (hybrid)
eth3 = voip phone
eth4 = my computer

HW off....

But, how can I sniff the packets on eth4 from eth3?

Thank youuuuuuuu
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 11:24 pm

But, how can I sniff the packets on eth4 from eth3?
Use /tool sniffer, set it to sniff off ether3 interface and save full packet contents. Afterwards fetch file to a PC and analyze it using wireshark.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 11:35 pm

Super. I will download the software, but I thought the sniffer in mikrotik is not capturing this because in the manual says:

Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).

And I am going to put the phone in eth2 and the ISP switch in eth3.\

But anyway, I will try and after I will mirror the eth2 to eth4 where is going to be the computer with wireshark
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 11:37 pm

But, how can I sniff the packets on eth4 from eth3?
Use /tool sniffer, set it to sniff off ether3 interface and save full packet contents. Afterwards fetch file to a PC and analyze it using wireshark.
Tomorrow, you are welcome to connect to my computer. A virtual coffee I will send to you jajajaja
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 11:47 pm

Packet sniffer is a tool that can capture and analyze packets that are going to, leaving or going through the router (except the traffic that passes only through the switch chip).
That's exactly the reason why I wrote in one of my previous posts:
If you won't be able to find it, you could try to get it the hard way: plug RB between phone and VoIP port (use two ports on RB that are members of bridge, disable HW offload so that traffic will pass RB's CPU) and sniff traffic off the port where phone is plugged in. Even though registration might fail, there will be some tries using the right VLAN ID.
(added emphasis).

So capture ether2 ... you don't want to capture all that internet garbage, it would drown humble tries made by phone.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Fri Nov 23, 2018 11:55 pm

Super super. Sorry... Is late my friend.. I will do/try tomorrow, I hope you will have good news, and EVERYBODY will know the VLAN for VoIP in Movistar Spain for "enterprise"...

Before doing everything, I will try Id=6 jajajaja
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 11:34 am

Hello mkx...
I am here, are you online? jajaja
I got the VLAN21 just for DHCP (I think so), there is a DHCP server running from the ISP on VLAN21..... but I have some more capture problems jajaja
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 11:56 am

Now I am having another trouble. When I connect a mikrotik to any TAGGED port on the switch. The ETH port is getting disabled.
And after is not working anymore.
I need to restart the switch.
The switch is a huawei s5720-12tp-pwr
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 12:45 pm

I think I have this

http://support.huawei.com/enterprise/en ... oa-packets

I will try to clone the mac address
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 1:58 pm

I got. Is the VLAN 21. I entered in the PBX system I got a lot of info and now I configured I standar VoIP phone and getting the IP address for the voIP Movistar network: 172.24.196.0/24. Off course, I am not able to register the extension because even I know the SIP server values and login, I don´t know the password, but is a big advance.

Now, I think the ports are not CROSSOVER support, because if I connect any ROUTER, the ports is getting OFF and not working anymore (until I reboot the switch) but if I plug a phone... Its continue working. I am going to do a croossover cable and plug the router!
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 2:08 pm

I did a crossover wire and the port was disabled also.
This is not the problem then....
Resume..

If a connect a Granstream phone with VLAN 21, priority 0, I got the IP from the voIP network on ¨Voip ports¨ from the switch (really, hybrid ports)
But if I plug the mikrotik in the same port, it flash for 2 secons and OFF.. disabled, is not working anymore, connecting a phone, pc, etc etc... is OFF

The port if PoE, but even, using only 4 wires it doesn´t work.

Any idea about this extrange configuration?
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 2:47 pm

The last post from HERe jaja. If I plug a normal computer also the the ¨extrange¨ ports, the computer also works. The ports is not getting disabled.

What could make (security/etc) a port for getting disabled when plugging a mikrotik router.... wow...
Last edited by hgonzale on Sat Nov 24, 2018 5:48 pm, edited 3 times in total.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 5:40 pm

Hello friends.. I am at home
I discovered the mikrotik is not the problem, is some package that is disabling the ETH in the switch, because I connected a mikrotik ETH5 with VLAN21 and DHCP client on that VLAN interface and I got IP from the VoIP network, is something on the configuration and this switch is a little stupid... But, I will solve.

Anyway, after I will put the the configuration for Movistar Fusion Empresas VoIP. I know, is not a mikrotik topic, but it could help and how to handle using mikrotik., but anyway, in resume, VLAN 21 and priority 0
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 11:02 pm

I'm glad you had some success.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Nov 24, 2018 11:55 pm

Yes my friend. Thank you for everything. I didn't finish, because no time. Really really I didn't connected the phone in the other place, but I discover a lot of.!
You are part of this!!!! Really.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two VLANS to another place. Voip + Data

Sun Nov 25, 2018 12:47 am

Instead of post 7 post one after another, do edit the first post in an answer and add what you need to post.
Click the pencil at the top of the post.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sun Nov 25, 2018 12:49 am

Yes, thank you. Even after I tried to delete some and it say I can't delete a post if there are new..
sorry
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Mon Nov 26, 2018 5:44 pm

A blind shot what may be going on:

There is a thing called STP, which is a protocol (Spanning Tree Protocol) used to prevent L2 loops in the infrastructure.

And there is another thing called various names but the purpose is the same: to prevent switches belonging to different networks from ruining each other's STP operation. This is ensured by shutting down a port which is configured for connection of end devices (such as computers and phones) which do not run STP if it eventually receives an STP frame (BPDU).

So before connecting Mikrotik to the Huawei, make sure that the protocol-mode of the bridge whose port you connect to the Huawei port is set to none. If my guess was right, doing so will stop the BPDUs from being sent to Huawei, and it will not be shutting down its port any more.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Dec 22, 2018 5:06 pm

Hello friend. I am back here and I solve something but still I am not able to get the VLAN in the other side

I am sure the problem is me, because I don´t know exactly how to configure and handle the VLANs and the TAG.

But first.....

1.- In the main ¨office¨ I need to create a new bridge and put VLAN Filtering. If I disable it, the ISP Switch DISABLE FOREVER (until I reboot) the port.

Here the configuration for MY switch in the office (Mikrotik switch)

[admin@Switch-AP Cajas] /interface> export
# dec/22/2018 15:58:51 by RouterOS 6.43.4
# software id = 9G1F-7X2Y
#
# model = CRS109-8G-1S-2HnD
# serial number = 883C08AFBACA
/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no comment=defconf name=bridge
add fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge-voip \
protocol-mode=none pvid=21 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] comment="Link a Oficina" speed=100Mbps
set [ find default-name=ether4 ] comment="Suelo 1. Impresora" speed=100Mbps
set [ find default-name=ether5 ] comment="Suelo 2. PC" speed=100Mbps
set [ find default-name=ether6 ] comment="PC 1" speed=100Mbps
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full comment=\
"Cable a VoIP" loop-protect=on speed=100Mbps
set [ find default-name=ether8 ] comment="Link a Antena - Maribel" speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=ether8 name=eth8-vlan-21 use-service-tag=yes vlan-id=21

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether8
add bridge=bridge interface=sfp1
add bridge=bridge interface=wlan2
add bridge=bridge-voip frame-types=admit-only-vlan-tagged interface=eth8-vlan-21 pvid=21
add bridge=bridge-voip interface=ether7
/interface bridge vlan
add bridge=bridge-voip tagged=eth8-vlan-21,ether7 vlan-ids=21
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether7 vlan-id=21
/interface ethernet switch vlan
add ports=ether7 vlan-id=21

Then... the port 7 is connected using a Ubiquiti o Long wire (I can change it for the wire temporary) to the other place.
The Ubiquitis are in WDS (transparent bridge)

In the other side, I have the following. The wire coming from the Ubiquiti is on port 1

[admin@AP-Brdige Maribel] /interface> export
# dec/22/2018 16:08:09 by RouterOS 6.43.4
# software id = PRTC-DB0V
#
# model = RouterBOARD 941-2nD
# serial number = 925608BB5332
/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=bridge-voip
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:D8:6C:15
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:D8:6C:16
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:D8:6C:17
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:D8:6C:18
/interface vlan
add interface=ether1 name=eth1-vlan-21 use-service-tag=yes vlan-id=21
/interface ethernet switch port
set 3 default-vlan-id=21
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge-voip frame-types=admit-only-vlan-tagged interface=ether4 pvid=21
add bridge=bridge-voip frame-types=admit-only-vlan-tagged interface=eth1-vlan-21 pvid=21
/interface bridge vlan
add bridge=bridge-voip tagged=ether4,eth1-vlan-21 untagged=bridge-voip,ether1 vlan-ids=21

The voIP phone in on LAN4


Thank you to all my friend, you are teaching me and helping me and a good friend!!!!!!

Have a merry Christmas.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Wed Dec 26, 2018 2:15 pm

Your L2 settings on the CRS are messy. You cannot have ether8 as a member port of one bridge (called bridge) and at the same time have an /interface vlan with interface=ether8, I'm surprised it doesn't show configuration warnings. So as a result, you run a mixed configuration never intended to be operated so it is hard to assume what's actually happening there.

So I'd remove interface bridge bridge-voip and interface vlan eth8-vlan-21 completely and just configure all ports on bridge "bridge" the way you need them to work with regard to the two VLANs (1 and 21):

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether8
add bridge=bridge interface=sfp1
add bridge=bridge interface=wlan2
add bridge=bridge interface=ether8
add bridge=bridge interface=ether7
/interface bridge vlan
add bridge=bridge tagged=ether7,ether8 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,ether8,sfp1,wlan1,wlan2 vlan-ids=1


To make the above work, you need to set vlan-filtering=yes on bridge bridge.

Also on the switch configuration, it is a nonsense to have only ether7 permitted for VLAN 21, you need to permit also ether8 for that VLAN, but better remove the /interface ethernet switch settings completely for the start.

Other than that, use-service-tag works different than you seem to assume. The tagged side of /interface vlan always adds/removes a VLAN tag; if use-service-tag=no, the usual 802.1Q tag is used, whereas if use-service-tag=yes, an 802.1ad tag is used. The only difference between the two is the ethertype value - 802.1Q uses 0x8100, 802.1ad uses 0x88a8.

So even if not for the other mistakes, your configuration uses different tags on ether8 and ether7, and worse than that, it uses a different tag at each end of the link between the CRS and the 941. So the CRS sends a frame tagged with 802.1Q which is treated as an untagged frame at the 941, and vice versa.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Wed Dec 26, 2018 8:27 pm

Ohhhhhh thank you my friend for correcting me.
I will try the next week everything you say.

Thank you a lot!
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Wed Dec 26, 2018 8:42 pm

My friend sindy. I did another question some time ago, with a lan in my "house" and vlan and I am having troubles also, because I don't known well about it.
Can you send me a private and I will re open the post with the correct question.

Thank you!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Wed Dec 26, 2018 9:08 pm

PM is not activated on this forum (probably because if it was, everyone would PM Normis), but you can place a link to that other thread here so that we could stay topic-related both here and there.

Also, you may want to bite your way through this topic and choose between @Jotne's coloured graphics and my ascii-art to grasp the basics around VLANs and their possible configurations.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Dec 29, 2018 3:35 pm

Hello Sindy. Good day for you. Now I am here trying to help my friend. I did the cnfiguration in the switch but not luck. Even, I am connecting the VoIP phone (tag 21) directly on the switch (port 7) and not luck. Playing now with options!!!! But really, I don´t understand very well. I will take a Mikrotik course as soon as apossible

I have now the following config:

Switch.

/interface bridge
add admin-mac=CC:2D:E0:2F:07:5C auto-mac=no comment=defconf name=bridge vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] comment="Link a Oficina" speed=100Mbps
set [ find default-name=ether4 ] comment="Suelo 1. Impresora" speed=100Mbps
set [ find default-name=ether5 ] comment="Suelo 2. PC" speed=100Mbps
set [ find default-name=ether6 ] comment="PC 1" speed=100Mbps
set [ find default-name=ether7 ] comment="Cable a VoIP" loop-protect=on speed=100Mbps
set [ find default-name=ether8 ] comment="Link a Antena - Maribel" speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether8
add bridge=bridge interface=sfp1
add bridge=bridge interface=wlan2
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether7 pvid=21
/interface bridge vlan
add bridge=bridge tagged=ether7,ether8 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,sfp1,wlan1,wlan2,ether8 vlan-ids=1



941º in the other side:

/interface bridge
add admin-mac=CC:2D:E0:D8:6C:16 auto-mac=no comment=defconf name=bridge vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
mac-address=CC:2D:E0:D8:6C:15
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
mac-address=CC:2D:E0:D8:6C:16
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
mac-address=CC:2D:E0:D8:6C:17
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
mac-address=CC:2D:E0:D8:6C:18

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4 pvid=21

/interface bridge vlan
add bridge=bridge tagged=ether1,ether4 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,wlan1,wlan2 vlan-ids=1

For this testing and avoid the Ubiquiti link, I have the 941 directly connected to eth8 in the switch.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Sun Dec 30, 2018 7:21 pm

Here, the configiration of the "switch" seems fine to me.

The 941, however, has an issue - these two lines are in contradiction:

/interface bridge port
...
add bridge=bridge interface=ether4 pvid=21

and
/interface bridge vlan
...
add bridge=bridge tagged=ether1,ether4 vlan-ids=21


The upper line says that ether4 is an access (tagless on outer=wire side, tagged on inner side) port of VLAN 21, whereas the lower line says that ether4's wire side should be tagged. So you have to align these two: if the phone expects and sends tagless frames, you have to modify the line in /interface bridge vlan to bridge=bridge tagged=ether1 untagged=ether4 vlan-ids=21 to make ether4 an access port of VLAN 21; if the phone expects tagged frames (i.e. if VLAN 21 is mentioned in the phone configuration and the phone previously worked if directly connected to any port of the Huawei), you have to modify the line in /interface bridge port to bridge=bridge interface=ether4 pvid=1 to make ether4 a trunk port of VLAN 21.

Now back to the Huawei device blocking the port, it can do so for the following reasons:
  • most likely because it receives STP's BPDU frames from the Mikrotik (which is again true in your current configuration; if no protocol-mode is specified on a bridge, rstp is used by default as /export verbose shows you),
  • less likely because it receives a frame with unexpected VLAN ID or with an unexpected Ethertype (such as 802.1ad if you configure use-service-tag=yes on a local /interface vlan); in your current configuration there is no /interface vlan at all so it is not the reason.
  • because it receives loop protect packets and misinterprets them as something else; in your current case loop-protect is off on the ether interfaces so it is not the reason
There is one more possibility - the phone may use LLDP to learn from the switch which VLAN to use for VoIP and which VLAN to use for data (and one of the two may be tagless on the wire). As Mikrotik does not support this aspect of LLDP functionality, and as the LLDP protocol by design and purpose only works between directly interconnected devices so it cannot be forwarded between the phone and the Huawei via a chain of other switches, you would have to disable LLDP on the phone and configure the Voice VLAN ID to 21 manually if this is the case.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Wed Jan 02, 2019 11:22 pm

Ohhh sindy... Really you explain very well and you are teaching me a lot.... You will receive a present... of course!!!!! I am so gratefully with you.

In other words... I was playing today a little bit at my friend's house and I didn't have luck, but was some minutes only playing

I need to ask something to you....

When will you have time, and that is your time zone for helping me in hot-line.. I will do something and ask you and you correct me...

Thank you a lot!!!!!!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Thu Jan 03, 2019 7:40 am

Yo no hablo español, but if you post here your teamviewer number and the temporary pin, we may chat there. My time zone is the same as yours, but my time planning is generally poor, I'm event-driven in general. So usually I am free for such kind of activity between 20 and 22, but I cannot guarantee it.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Thu Jan 03, 2019 10:40 pm

The spanish is not a problem my friend. If you are going to help me, I will speak even Russian for you..... If I am receiving something, I need to make you easy as possible...

Second, nice to know you can help me a little bit. You will get a recompense..

Tell me when you think you will have a little bit time, and I will go there my friend.. Really.. THANK YOUUUUU

And of course, we will post the solution and we will $#%$#%$#%@$ Movistar in Spain w1th "business " solutions.
 
User avatar
hgonzale
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Two VLANS to another place. Voip + Data

Sat Feb 16, 2019 7:07 pm

Hello my friend. I am going to be many days at my friend place... How is your week this next week?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Two VLANS to another place. Voip + Data

Sun Feb 17, 2019 4:32 am

Sindy, you missed the same error in the first half, plus the op needs to adjust the frame type as well!!!

/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether7 pvid=21
/interface bridge vlan
add bridge=bridge tagged=ether7,ether8 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,sfp1,wlan1,wlan2,ether8 vlan-ids=1

Remember Interface Bridge Port really is describing the INGRESS functionality we would like to have
The Interface Bridge VLAN is describing the EGRESS functionality we would like

So from the first one, the only reason to assign a PVID is that we know the data ingressing is untagged and we wish to tag it with vlan21
In other words my assumption looking at this line is that ether7 is an Access Port.
However, the egress is contradictory in that there is no untagging assigned to this port??

So I can only make two conclusions. Fix the ingress or fix the egress so they match
For example if truly an access port the following would apply
(1) ether7 is an Access Port:
/interface bridge port
add bridge=bridge frame-types=admit-only-un-tagged or priority interface=ether7 pvid=21
/interface bridge vlan
add bridge=bridge tagged=ether8 untagged=ether7 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,sfp1,wlan1,wlan2,ether8 vlan-ids=1

(2) ether7 is a trunk port (attached to another device which can mark packets)
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether7
/interface bridge vlan
add bridge=bridge tagged=ether7,ether8 vlan-ids=21
add bridge=bridge untagged=bridge,ether1,ether2,ether3,ether4,ether5,ether6,sfp1,wlan1,wlan2,ether8 vlan-ids=1

The same comment applies here to the same contradiction in these two rules............
/interface bridge port
add bridge=bridge interface=ether4 pvid=21
/interface bridge vlan
add bridge=bridge tagged=ether1,ether4 vlan-ids=21
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Two VLANS to another place. Voip + Data

Sun Feb 17, 2019 12:07 pm

Hello my friend. I am going to be many days at my friend place... How is your week this next week?
As I wrote earlier, give me some temporary communication channel so that we could start talking in a more flexible way then via this forum. The coming week should be as busy as any other one, so every day between 20 and 22 in the evening there is a chance we may do something, except Monday where I know for sure I won't be available.

Who is online

Users browsing this forum: artone, benshirazi, Bing [Bot], Jörg and 67 guests