Community discussions

MikroTik App
 
alex9903
just joined
Topic Author
Posts: 3
Joined: Wed May 19, 2021 1:50 am

VLAN unexpected double tagging id=0 CRS305

Wed May 19, 2021 2:12 am

I've reduced my configuration to a standalone MGMT on ether1, one trunked port, and one access port.
What I observe is that traffic coming from the access port gets switched to the trunked port, but has 2 802.1Q headers. The outer one has ID=0, the inner one has the expected VLAN tag. I observed this with packet capture on the device at the other end of the trunked port, and verified the traffic is going in untagged on the access port with pcap there. I have the configuration shown below, then run "/interface bridge set bridge vlan-filtering=yes", observe the /interface bridge vlan table (looks as expected) but nothing works because of the VLAN ID=0 double tagging.
 #   BRIDGE                      VLAN-IDS  CURRENT-TAGGED                    CURRENT-UNTAGGED                   
 0   bridge1                     10        bridge1                           sfp-sfpplus4                       
                                           sfp-sfpplus1                     
 1 D bridge1                     1                                           bridge1                            
                                                                             sfp-sfpplus1
I tried a few things semi-random (turning off hardware on the bridge ports, downgrading to the long-term firmware version, changing ether-type to non-default). I found a few issues in forums around getting a stray VLAN ID=0 tag suggests the switch at egress considers the traffic untagged (so adds another one). At this point I am stumped, so if anyone has pointers, would appreciate it.
I considered just using SwOS since my use case is so simple. I have to admit I was a bit discouraged by
*) CRS305: fixed traffic forwarding between SFP+ ports;
[1] viewtopic.php?f=21&t=174849
/interface bridge
add admin-mac=08:55:31:D3:64:CE auto-mac=no name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcpPoolMGMT ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcpPoolMGMT disabled=no interface=ether1 name=dhcpMGMT
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus4 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1 untagged=sfp-sfpplus4 vlan-ids=10
/ip address
add address=192.168.99.1/24 interface=ether1 network=192.168.99.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=bridge1
/ip dhcp-server network
add address=192.168.99.0/24 dns-none=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/New_York
/system routerboard settings
set boot-os=router-os
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
alex9903
just joined
Topic Author
Posts: 3
Joined: Wed May 19, 2021 1:50 am

Re: VLAN unexpected double tagging id=0 CRS305

Fri May 21, 2021 2:11 am

I tried to setup the same configuration on SwOS. Same results. All traffic coming out of the trunk port has 2 tags despite being in 802.1Q mode (type says 8100).
 
alex9903
just joined
Topic Author
Posts: 3
Joined: Wed May 19, 2021 1:50 am

Re: VLAN unexpected double tagging id=0 CRS305

Sat Jun 05, 2021 7:45 pm

Hi thanks for the question!
I tried quite a few different combinations eg. the device that runs the DHCP servers different IP ranges, different physical ports...

I also experimented with different hardware namely the CSS610-8G-2S+IN.
The interesting findings are that:
- I can reproduce the double 802.1Q tagging when all VLAN functionality is disabled (/interface bridge set bridge vlan-filtering=no in RouterOS and all ports set to "optional" in SwitchOS).
- when using only 1G ports on the CSS610, the problem does not occur.
- all it takes to trigger is the switch to transmit a frame with an existing 802.1Q tag, then it adds another one with PRI=0, VLAN=0. In my example, I hooked it up to a VLAN aware AP which tags

Tested software versions:
- RouterOS 6.48.2 on CRS305
- SwOS Lite 2.13, 2.14 on CSS610

So looks like some kind of issue in the SFP+ logic common between SwOS and RouterOS at least on CSS610 and CRS305.

Who is online

Users browsing this forum: lurker888, pe1chl and 91 guests