Community discussions

MikroTik App
 
jonah1810
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Tue Jul 30, 2019 10:19 pm

Bridge Filter Vlans Not Working

Tue Apr 27, 2021 1:27 am

Hello I have a CRS309-1G-8S that I am trying to configure as a switch with vlans. I followed the Documentation on bridge filtering but nothing works and im wondering what im doing wrong, or if the documentation was wrong. here is my setup:
I have a 4011 acting as a router, the CRS as a Switch and my laptop and a HEXPOE acting as clients.

RB4011(SFP1)->CRS(SFP1)
CRS(SFP2)->HEX(SFP1)
CRS(ETH1)->Laptop

RB4011 has tagged vlan 300 (SFP1), DCHP Server on that vlan.
HEX has DCHP-Client On Untagged Vlan 300(SFP1)
CRS Config:

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=MGMT use-service-tag=yes vlan-id=1000
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus2 pvid=300
add bridge=bridge1 interface=sfp-sfpplus3 pvid=200
add bridge=bridge1 interface=sfp-sfpplus4 pvid=100
add bridge=bridge1 interface=ether1 pvid=200
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=sfp-sfpplus2,ether1 vlan-ids=\
    300
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=sfp-sfpplus3 vlan-ids=200
add bridge=bridge1 tagged=sfp-sfpplus1,bridge1 vlan-ids=1000
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=sfp-sfpplus4 vlan-ids=100
/ip address
add address=10.10.53.1/24 interface=MGMT network=10.10.53.0





4011 Config:
/interface bridge
add name=bridge1
/interface vlan
add interface=ether1 name=Fiber-Trunk use-service-tag=yes vlan-id=110
add interface=sfp-sfpplus1 name=Level1 use-service-tag=yes vlan-id=100
add interface=sfp-sfpplus1 name=Level2 use-service-tag=yes vlan-id=200
add interface=sfp-sfpplus1 name=Level3 use-service-tag=yes vlan-id=300
add interface=sfp-sfpplus1 name=MGMT use-service-tag=yes vlan-id=1000
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.100.53.10-10.100.53.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Level3 lease-time=12h name=\
    dhcp1
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-2 \
    redistribute-static=as-type-2
/interface bridge port
add bridge=bridge1 disabled=yes interface=ether2
add bridge=bridge1 disabled=yes interface=sfp-sfpplus1
add bridge=bridge1 disabled=yes interface=Level1
add bridge=bridge1 disabled=yes interface=Level2
add bridge=bridge1 disabled=yes interface=Level3
add bridge=bridge1 disabled=yes interface=MGMT
/ip address
add address=10.95.53.2/30 interface=Fiber-Trunk network=10.95.53.0
add address=10.100.53.1/24 interface=Level3 network=10.100.53.0
add address=10.10.53.2/24 interface=MGMT network=10.10.53.0
/ip dhcp-server network
add address=10.100.53.0/24 dns-server=10.100.123.211,8.8.8.8 gateway=\
    10.100.53.1
/routing ospf network
add area=backbone network=10.95.53.0/30




HEX:
/interface vlan
add interface=sfp1 name=vlan300 use-service-tag=no vlan-id=300
/ip dhcp-client
add interface=sfp1 disabled=no
add interface=vlan300 disabled=no
But both the HEX and Laptop are unable to get an ip from the dhcp server. what am i doing wrong?
Last edited by jonah1810 on Tue Apr 27, 2021 6:31 am, edited 3 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 5:02 am

I would need to see the full config on all the devices....
 
jonah1810
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Tue Jul 30, 2019 10:19 pm

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 6:30 am

I would need to see the full config on all the devices....
Hello, thank you for replying!

I have updated the OP with the 4011 config and the Hex config.

I also discovered in the hosts tab that it can see the HEX on SFP2 with a VID of 300. not sure why it isn't being passed along to SFP1.
interface bridge host print:
 0   DL  2C:C8:1B:05:57:E3      bridge1           bridge1   
 1   DL  2C:C8:1B:05:57:E4      sfp-sfpplus2      bridge1   
 2   D E 08:55:31:AC:A0:6C    1 sfp-sfpplus1      bridge1   
 3   DL  2C:C8:1B:05:57:E3    1 bridge1           bridge1   
 4   D E C4:AD:34:12:53:40    1 sfp-sfpplus2      bridge1   //This is the Hex
 5   DL  2C:C8:1B:05:57:E3  300 sfp-sfpplus1      bridge1   
 6   DL  2C:C8:1B:05:57:E4  300 sfp-sfpplus2      bridge1   
 7   D E C4:AD:34:12:53:40  300 sfp-sfpplus2      bridge1   //This is the Hex
 8   DL  2C:C8:1B:05:57:E3 1000 bridge1           bridge1 
Looking forward to hearing what you think
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 11:05 am

Don't set use-service-tag=yes ... this setting is not about enabling VLAN tags, it's about using different type of tags (type 802.1ad instead of usual 802.1q).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 5:25 pm

You need to provide a network diagram.
For example nothing lines up on your RB4011 config, vlans not defined, etc.
As noted get rid of service tag...........
 
jonah1810
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Tue Jul 30, 2019 10:19 pm

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 5:45 pm

You need to provide a network diagram.
For example nothing lines up on your RB4011 config, vlans not defined, etc.
As noted get rid of service tag...........
I am confused I thought the trunk is supposed to be tagged. I am just trying to get one of the vlans to work and once thats done i'll work on doing the others. which is why there is no ip or dhcp server yet for "level2" or "level1"

will try with no service tag.

EDIT: using no service tag made it work! Thank you for the help! I see now it is just to use 802.1ad. so interface vlans then are only tagged I assume and "untagged" just means to get untagged packets and assign them a tag as specified in the bridge? That makes a lot more sense than how I was thinking of it before.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge Filter Vlans Not Working

Tue Apr 27, 2021 8:10 pm

Why would you untag vlan300 to the hex?? Makes no sense like pretty much the rest of your config.
Your best bet is to read this excellent article, and I am sure you will be up and runnning in no time.

viewtopic.php?f=23&t=143620
 
jonah1810
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Tue Jul 30, 2019 10:19 pm

Re: Bridge Filter Vlans Not Working

Wed Apr 28, 2021 7:01 pm

Why would you untag vlan300 to the hex?? Makes no sense like pretty much the rest of your config.
Your best bet is to read this excellent article, and I am sure you will be up and runnning in no time.

viewtopic.php?f=23&t=143620
The HEX was in place so i could test it remotely, nothing more. It is going to be Laptops and other devices like that plugging into there.

Thank you for the article! it is very informative.

Who is online

Users browsing this forum: Ahrefs [Bot], jamesperks, patrikg and 67 guests