Community discussions

MikroTik App
 
dtamm
just joined
Topic Author
Posts: 6
Joined: Fri Mar 12, 2021 3:17 pm

hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Tue Apr 20, 2021 12:55 pm

Hey there,

i try to connect my hEX PoE RB960PGS to a switch via SFP, from where i am getting two VLANs: 42 untagged and 43 tagged (LACP Trunk). I have not configured the switch myself, that was done by my IT department, i just try myself to get the router connected (i need the router in a hardware project of mine).

I have done various configurations yet, e.g. https://tikdis.com/mikrotik-routeros/ne ... g/routing/ (text based) or https://www.youtube.com/watch?v=4G0nIklG9Pw (youtube), but no tutorial did work out for me yet.

Just to sum it up, these are the parameters i am getting from the switch:
VLAN 42 (untagged): IP 192.100.42.1/24, should be available on Eth2 Port without an IP Adress
VLAN 43 (tagged): IP 192.100.43.1/24, should be available on SFP Port with an IP Adress within the VLAN Range (e.g. 192.100.43.2); this VLAN is for Management only (snmp-request for a local prometheus server)

I am able to ping the gateway in VLAN 42 (which does not supprise me, since it is untagged). VLAN 43 gateway was not pingable till now. Any hints on that?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Tue Apr 20, 2021 8:46 pm

Need more detail on the purpose of the HEX?
Is it acting simply as a switch?
SINCE It has not been stated, what is the IP address of the HEX going to be???


ROUGHLY...............
In which case just create a bridge put all the ports on the bridge
create two vlans and attache them to the bridge (no need for any dhcp stuff as done elsewhere from what I understand)
bridge port setting is
add bridge=bridgehex interface=eth2 pvid=42 frame-type=allow only priority and untagged ingress-filtering=yes
add bridge=bridgehex interface=SFP frame-type=allow only tagged ingress-filtering=yes

bridge vlan setting is
add bridge=bridgehex tagged=bridgehex,sfp vlan-ids=43
add bridge=bridgehex tagged=bridgehex,XXX untagged=eth2 vlan-ids=42 XXX=any other ports on hex will required vlan42 tagged outbound??

Turn bridgevlan filtering ON.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Tue Apr 20, 2021 9:43 pm

As @anav posted, should the hEX act as a Router only or not ?
A network diagram is always helpful...
 
dtamm
just joined
Topic Author
Posts: 6
Joined: Fri Mar 12, 2021 3:17 pm

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Thu Apr 22, 2021 9:57 am

Need more detail on the purpose of the HEX?
Is it acting simply as a switch?
SINCE It has not been stated, what is the IP address of the HEX going to be???


ROUGHLY...............
In which case just create a bridge put all the ports on the bridge
create two vlans and attache them to the bridge (no need for any dhcp stuff as done elsewhere from what I understand)
bridge port setting is
add bridge=bridgehex interface=eth2 pvid=42 frame-type=allow only priority and untagged ingress-filtering=yes
add bridge=bridgehex interface=SFP frame-type=allow only tagged ingress-filtering=yes

bridge vlan setting is
add bridge=bridgehex tagged=bridgehex,sfp vlan-ids=43
add bridge=bridgehex tagged=bridgehex,XXX untagged=eth2 vlan-ids=42 XXX=any other ports on hex will required vlan42 tagged outbound??

Turn bridgevlan filtering ON.
Hey, thanks for the first answer. As asked, i want to provide some more information now.

So i just start from the initial config of the router (pressing the button on the side, letting the defaults be set and then changed by me, mostly via gui, but i am also able to do it via shell). The Router should act as a router, since the VLANs are built by our switches already. I just need to route a small area of computers into our VLANs via SFP-Connection. For this, i made up the following diagram:

Image

As already mentioned, VLAN42 is untagged on the SFP-Ports, VLAN43 is tagged on the same SFP-Ports (my IT-Department configured Trunk Ports for this purpose). On the MikroTik Router VLAN43 should stay "inside" the router, just to call the router via SNMP for monitoring purpose. VLAN42 will be put onto ether interfaces, e.g. ether3, where one pc is connected (no other devices like switches or routers are plugged into the router!).

Hope this helps a little more :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Thu Apr 22, 2021 2:30 pm

Yes, but there is no routing here and the HEX is not connected to the internet.
Its simply acting as bridge switch and I have one doing the same on my desktop
(Multiple vlans coming in on one wire- with a variety of untagged and tagged vlans outgoing on the other ports).

What is not clear to me is why you dont simply send both vlans 42, 43 tagged to the hex.
The hex than can untag them to any ports connected to the hex.
It makes no sense to hybrid port out of the aruba and into the hex, nothing gained and not sure it will work.

CASE A, TRUNK PORT FROM ARUBA TO HEX (the usual way)
/interface bridge port
add bridge=bridgehex interface=ether3 frame-type=allow only tagged frames ingress-filtering=yes (Trunk Port connection to the Switch)
add bridge=bridgehex interface=ether1 frame-type=allow only priority and untagged frames ingress-filtering=yes pvid=42 (Access Port to the Laptop)

bridge vlan setting is
add bridge=bridgehex tagged=bridgehex,ether3 vlan-ids=43
add bridge=bridgehex tagged=bridgehex,ether3 untagged=ether1 vlan-ids=42

CASE B, HYBRID PORT FROM ARUBA TO HEX (the unusual way - not recommended - nor sure it will work)
/interface bridge port
add bridge=bridgehex interface=ether3 pvid=42 (Hybrid Port - unable to limit frame types or apply ingress filtering - connection to switch)
add bridge=bridgehex interface=ether1 frame-type=allow only priority and untagged frames ingress-filtering=yes pvid=42 (Access Port to the Laptop)

bridge vlan setting is
add bridge=bridgehex tagged=bridgehex,ether3 vlan-ids=43
add bridge=bridgehex untagged=ether1,ether3 vlan-ids=42
 
dtamm
just joined
Topic Author
Posts: 6
Joined: Fri Mar 12, 2021 3:17 pm

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Thu Apr 22, 2021 2:47 pm

What is not clear to me is why you dont simply send both vlans 42, 43 tagged to the hex.
The hex than can untag them to any ports connected to the hex.
It makes no sense to hybrid port out of the aruba and into the hex, nothing gained and not sure it will work.
Good question, i will ask my IT department, which configured and "deployed the info" to me, and i didnt challenge that :)

Thanks for your input though, i will try it out just today, as i am in the office and got access to one of those switches. I will let you know, if one of the examples did work out for me!
 
dtamm
just joined
Topic Author
Posts: 6
Joined: Fri Mar 12, 2021 3:17 pm

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Thu Apr 22, 2021 2:49 pm

Just one more question: on those bridges in your examples, i dont see the SFP1 Interface in your bridge confirugration, is this intended to be so? or shall i just change "ether1" to "sfp1"?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed

Thu Apr 22, 2021 4:18 pm

My bad I assumed due to the text on the side that the data coming from the switch would be coming in on ether3 on the router. If its sfp1 on the router just change ether3 to sfp1 for example.
 
dtamm
just joined
Topic Author
Posts: 6
Joined: Fri Mar 12, 2021 3:17 pm

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed  [SOLVED]

Fri Apr 23, 2021 12:03 pm

So, i tried your hints just yesterday and luckily my IT department also configured one SFP-Port with both VLANs being tagged. Using this port made me configure the MikroTik router correctly to get all working, just like you assumed yesterday with "the usual way". I ended up with the following configuration:
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes #Keeping ether2 open for configuration and ether3 for the pc in VLAN 42

/interface bridge
add name=bridge-vlan-42
add name=bridge-vlan-43

/interface vlan
add interface=sfp1 name=vlan-42 vlan-id=42
add interface=sfp1 name=vlan-43 vlan-id=43

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge-vlan-42 comment="VLAN 42 Bridge" interface=vlan-42
add bridge=bridge-vlan-42 interface=ether3
add bridge=bridge-vlan-43 comment="VLAN 43 Bridge" interface=vlan-43
add bridge=bridge-vlan-43 disabled=yes interface=ether4 #Just for the reason i dont want any interface to be "open" and not used!

/ip address
add address=192.100.43.2/24 comment="VLAN 43 IP address for SNMP" interface=vlan-43 network=192.100.43.0
Also default Firewall configuration, but on position 2 i added a rule for SNMP to allow SNMP just on the vlan-43 interface!

Who is online

Users browsing this forum: No registered users and 99 guests