Community discussions

 
User avatar
baks
just joined
Topic Author
Posts: 6
Joined: Fri Jul 19, 2013 9:05 pm
Location: Ukraine

MAC based VLAN rules don't applied on CRS326-24G-2S+RM

Thu Apr 18, 2019 7:36 pm

HI Guys,

I have a problem with using MAC based VLAN feature on my CRS326-24G-2S+RM

My setup is the following:
'dhcp-server5-guest' listens on 'vlan32-guest' VLAN interface (VLAN-ID=32) created on top of 'br0-local' bridge(PVID=30).
Behind one of the access ports 'eth24-mgmt'(PVID=99), placed WIFI router (3C:97:0E:56:E6:5C) which should be automatically assigned to the GUEST VLAN (VLAN-ID=32)

Current result: DHCP requests from WiFi router go to the VLAN-ID=99 network and finally reaches wrong DHCP server.
Expected result: Once incoming packet from WiFi router enters 'eth24-mgmt' port, port's default PVID=99 gets overrided by switch rule, packet is assigned VLAN-ID=32 tag and forwarded to GUEST VLAN. Packet from other hosts behind 'eth24-mgmt' port, marked with VLAN-ID=99 tag.

Any suggestions appreciated. Thank you.

Configuration details can be found below:
[admin@crs] > /system resource print       
                   uptime: 2h2m16s
                  version: 6.44.2 (stable)
               build-time: Apr/01/2019 12:47:57
        ...
               board-name: CRS326-24G-2S+
                 platform: MikroTik

[admin@crs] > /system package print  
Flags: X - disabled 
 #   NAME                                                                       VERSION                                                                       SCHEDULED              
 0   routeros-arm                                                               6.44.2                                                                                               
 1   system                                                                     6.44.2                                                                                               
 2 X ipv6                                                                       6.44.2                                                                                               
 3 X wireless                                                                   6.44.2                                                                                               
 4 X hotspot                                                                    6.44.2                                                                                               
 5 X mpls                                                                       6.44.2                                                                                               
 6 X routing                                                                    6.44.2                                                                                               
 7   ppp                                                                        6.44.2                                                                                               
 8   dhcp                                                                       6.44.2                                                                                               
 9   security                                                                   6.44.2                                                                                               
10   advanced-tools                                                             6.44.2 

[admin@crs] > /interface ethernet switch rule print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0    switch=switch1 ports=eth24-mgmt src-mac-address=3C:97:0E:56:E6:5C/FF:FF:FF:FF:FF:FF copy-to-cpu=no redirect-to-cpu=no mirror=no new-vlan-id=32
 
[admin@crs] > /interface bridge vlan print detail 
Flags: X - disabled, D - dynamic 
 0   ;;; MGMT private segment
     bridge=br0-local vlan-ids=99 tagged=br0-local,bond0-multivan untagged="" current-tagged=br0-local,bond0-multivan current-untagged=eth5-multivan-ipmi,eth24-mgmt 
...
 5   ;;; GUEST private segment
     bridge=br0-local vlan-ids=32 tagged=br0-local untagged=eth24-mgmt current-tagged=br0-local current-untagged=eth23,eth24-mgmt   

[admin@crs] > /interface bridge port print detail 
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 0   H interface=eth24-mgmt bridge=br0-local priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes auto-isolate=no 
       restricted-role=no restricted-tcn=no pvid=99 frame-types=admit-all ingress-filtering=no unknown-unicast-flood=yes unknown-multicast-flood=yes broadcast-flood=yes 
       tag-stacking=no bpdu-guard=no trusted=no multicast-router=temporary-query fast-leave=no

[admin@crs] > /interface bridge print detail 
Flags: X - disabled, R - running 
 0 R name="br0-local" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=64:D1:54:D8:7B:72 protocol-mode=none fast-forward=yes igmp-snooping=no auto-mac=no 
     admin-mac=64:D1:54:D8:7B:72 ageing-time=5m vlan-filtering=yes ether-type=0x8100 pvid=30 frame-types=admit-all ingress-filtering=no dhcp-snooping=no
     
 5 R name="vlan32-guest" mtu=1500 l2mtu=1588 mac-address=64:D1:54:D8:7B:72 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s 
     loop-protect-disable-time=5m vlan-id=32 interface=br0-local use-service-tag=no
RB435G+R52Hn+PSU24V2A+CustomIndorCase
 
User avatar
baks
just joined
Topic Author
Posts: 6
Joined: Fri Jul 19, 2013 9:05 pm
Location: Ukraine

Re: MAC based VLAN rules don't applied on CRS326-24G-2S+RM

Wed Apr 24, 2019 6:08 pm

Hi,

I have tried to set 'pvid=1' for the access port from my example (eth24-mgmt) as suggested by guy from Russian mikrotik chat in Telegram, but it didn't change situation much, switch rule still ignored and override by port's pvid.

I have also made several packets sniff over 'br0-local' bridge , wire-shark displayed all packets tagged by 99 vlan-tag.

The only place where 32 vlan-tag is observed is:
[admin@crs] /> /interface bridge host print where mac-address=3C:97:0E:56:E6:5C
Flags: X - disabled, I - invalid, D - dynamic, L - local, E - external
# MAC-ADDRESS VID ON-INTERFACE BRIDGE AGE
0 D E 3C:97:0E:56:E6:5C 92 eth24-mgmt br0-local
1 D 3C:97:0E:56:E6:5C 99 eth24-mgmt br0-local 37s

However host entry for VID 99 is continuously updating...

I have asked my colleagues who are using CRS326-24G-2S+RM on RoS 6.41.2 and it seems that similar scenario (https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN) works as expected.

Is it RoS code logic regression?
RB435G+R52Hn+PSU24V2A+CustomIndorCase
 
User avatar
baks
just joined
Topic Author
Posts: 6
Joined: Fri Jul 19, 2013 9:05 pm
Location: Ukraine

Re: MAC based VLAN rules don't applied on CRS326-24G-2S+RM

Mon May 13, 2019 11:54 pm

JFH:

From [Ticket#2019050122001921]
> Unfortunately, it seems that MAC-based VLAN setup is not possible when packets are forwarded to switch CPU port (bridge),
> it works as expected when forwarding between switch ports. We will see if this could be improved in further RouterOS versions, but I cannot provide any ETA yet.
RB435G+R52Hn+PSU24V2A+CustomIndorCase

Who is online

Users browsing this forum: Google [Bot] and 84 guests