Community discussions

MikroTik App
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Cannot access router over trunk+switch

Sat Jul 17, 2021 11:58 am

I have this config:

* router 01 called "r01", 192.168.19.254
* router 02 called "r02", 192.168.19.253
* switch 01 called "sw01", 192.168.19.244
* switch 02 called "sw02", 192.168.19.243

There are vlan configs, the management vlan id = 99 is associated with 192.168.19.0/254 network.

When they are connected like this (e.g. without sw02), then I can access r02 on its ether1-trunk port:

r01 ---- sw01 ----- r02

But when I connect them like this:

r01 --- sw01 --- sw02 --- r02

then I cannot connect to r02. (But I can access all others: r01, sw01 and sw02).

Here is the bridge config of r02:
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=BR1 vlan-filtering=yes
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1-trunk
add bridge=BR1 interface=ether2-blue pvid=99
add bridge=BR1 interface=ether3-blue pvid=99
add bridge=BR1 interface=ether4-blue pvid=99
add bridge=BR1 interface=ether5-blue pvid=99
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1-trunk vlan-ids=10
add bridge=BR1 tagged=BR1,ether1-trunk vlan-ids=20
add bridge=BR1 tagged=BR1,ether1-trunk vlan-ids=30
add bridge=BR1 tagged=BR1,ether1-trunk untagged=ether2-blue,ether3-blue,ether4-blue,ether5-blue vlan-ids=99
The ethernet ports *-blue are named badly, they have been assigned to vlan99 as ungatted ports, because I needed them for testing. (Normally they would be pvid=10 but for testing they are pvid=99) I have tested this by connecting my laptop to ether4 on r02 and the thernet monitor gives:

/interface ethernet> monitor 0,1,2,3,4
                        name: ether1-trunk ether2-blue ether3-blue ether4-blue ether5-blue
                      status: link-ok      no-link     no-link     link-ok     no-link
            auto-negotiation: done         done        done        done        done
                        rate: 1Gbps                                100Mbps
                 full-duplex: yes                                  yes
             tx-flow-control: no                                   no
             rx-flow-control: no                                   no
                 advertising: 10M-half     10M-half    10M-half    10M-half    10M-half
                              10M-full     10M-full    10M-full    10M-full    10M-full
                              100M-half    100M-half   100M-half   100M-half   100M-half
                              100M-full    100M-full   100M-full   100M-full   100M-full
                              1000M-half   1000M-half  1000M-half  1000M-half  1000M-half
                              1000M-full   1000M-full  1000M-full  1000M-full  1000M-full
    link-partner-advertising: 10M-half                             10M-half
                              10M-full                             10M-full
                              100M-half                            100M-half
                              100M-full                            100M-full
                              1000M-full

In other words, ether1-trunk on r02 is connected to sw02 at 1Gbps speed, it is a trunk port but it cannot communicate with r01:
 /interface ethernet> /ping 192.168.19.254
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 192.168.19.254                                          timeout
    1 192.168.19.254                                          timeout
    2 192.168.19.253                             84  64 986ms host unreachable
    3 192.168.19.254                                          timeout
    4 192.168.19.254                                          timeout
    sent=5 received=0 packet-loss=100%
If I login to r01, then I can ping both switches, but not r02:
[gandalf@r01.magnet] > /ping sw01.magnet count=3
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 192.168.19.244                             56 255 0ms
    1 192.168.19.244                             56 255 0ms
    2 192.168.19.244                             56 255 0ms
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[gandalf@r01.magnet] > /ping sw02.magnet count=3
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 192.168.19.243                             56 255 0ms
    1 192.168.19.243                             56 255 0ms
    2 192.168.19.243                             56 255 0ms
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[gandalf@r01.magnet] > /ping r02.magnet count=3
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 192.168.19.253                                          timeout
    1 192.168.19.253                                          timeout
    2 192.168.19.254                             84  64 986ms host unreachable
    sent=3 received=0 packet-loss=100%
Regarding the switch configurations, I'm going to post some images.
Last edited by nagylzs on Sat Jul 17, 2021 2:41 pm, edited 2 times in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sat Jul 17, 2021 12:04 pm

 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sat Jul 17, 2021 12:06 pm

 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sat Jul 17, 2021 12:09 pm

Both switches are RB260GSP, running SwOs 2.13.

If r02 is connected to Port2-Trunk on sw01, then everything works. If r02 is connected to Port2-To-R02 on sw02, then it can't be accessed in any way.

If I change the vlan config of Port2-To-R02 to vlan receive=any then it is working!

Does anybody know what is wrong? Thank you.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sat Jul 17, 2021 11:00 pm

I was experimenting some more. If I set "vlan receive=only untagged" on port 2 of sw02 (that is directoy connected to r02) then connection is lost. If I set "vlan receive=only tagged", then connection is lost. The connection can only be established if I set "vlan receive=any".

This includes ICMP ping requests. I cannot interpret this behaviour. The received ICMP packets are either tagged or untagged. They cannot be both. It seems impossible that vlan receive=any works, but neither only tagged/only untagged.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sat Jul 17, 2021 11:45 pm

Uploaded demonstration here: https://www.youtube.com/watch?v=-zzwTJ7mKGU
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 1:01 pm

More info. This is not strictly about my problem, but it might sched light on it.

If I set receive vlan=any and setup caps-man on r01 and cap on r02, then r02 can "see" caps-man on r01 but it fails to join:
11:50:02 caps,info CAP selected CAPsMAN r01.magnet (::ffff:192.168.19.254:5246)
11:50:02 caps,info CAP connected to r01.magnet (::ffff:192.168.19.254:5246), CommonName 'CAPsMAN-085531E7F367'
11:50:17 caps,info CAP failed to join r01.magnet (::ffff:192.168.19.254:5246)
After /system logging add topics=caps action=memory I see this:
11:54:23 caps,debug CAP Select->Sulking
11:54:28 caps,debug CAP Sulking->Discover
11:54:28 caps,debug CAP discovery target list:
11:54:31 caps,debug CAP discovery over, results:
11:54:31 caps,debug   r01.magnet (::ffff:192.168.19.254:5246)
11:54:31 caps,debug   r01.magnet (08:55:31:E7:F3:67/6/0)
11:54:31 caps,debug CAP Discover->Select
11:54:31 caps,info CAP selected CAPsMAN r01.magnet (08:55:31:E7:F3:67/6/0)
11:54:31 caps,debug CAP Select->Connect
11:54:34 caps,info CAP connected to r01.magnet (08:55:31:E7:F3:67/6/0), CommonName 'CAPsMAN-085531E7F367'
11:54:34 caps,debug CAP Connect->Join
11:54:49 caps,debug CAP lost connection, send timeout
11:54:49 caps,info CAP failed to join r01.magnet (08:55:31:E7:F3:67/6/0)
11:54:49 caps,debug CAP Join->Select
11:54:49 caps,info CAP selected CAPsMAN r01.magnet (::ffff:192.168.19.254:5246)
11:54:49 caps,debug CAP Select->Connect
11:54:49 caps,info CAP connected to r01.magnet (::ffff:192.168.19.254:5246), CommonName 'CAPsMAN-085531E7F367'
11:54:49 caps,debug CAP Connect->Join
11:55:04 caps,debug CAP lost connection, send timeout
11:55:04 caps,info CAP failed to join r01.magnet (::ffff:192.168.19.254:5246)
11:55:04 caps,debug CAP Join->Select
11:55:04 caps,debug CAP did not find suitable CAPsMAN
11:55:04 caps,debug CAP Select->Sulking
I does not really say anything about WHY it cannot connect. But it is clear that CAPS-MAN discovery works on both layer2 and layer 3. Just the connection fails.

Note: I can connect with /system ssh from r02 to r01. But CAP cannot connect to CAPS-MAN. Communication between CAP and CAPS-MAN is done via a proprietary protocol over IP (layer 3). I don't see why they can't connect, but it might be related to my original problem: vlan receive=any works, but vlan receive=only untagged nor vlan receive=only tagged works.

This is mysterious - packets that are not tagged and not untagged at the same time??? :-(
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 3:53 pm

Clear Network diagram might help and no clue why you have two routers and where is the internet.
Also get rid of capsman until you have a working config.

Also read this article....
viewtopic.php?f=23&t=143620

Note, you should realize what the settings that you are using actually do in terms of functionality because they are in conflict.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 8:43 pm

Clear Network diagram might help and no clue why you have two routers and where is the internet.
I'm not sure why do we need to know that. This problem is independent of "the internet". Here is the diagram anyway:

https://imgur.com/a/WKxL7G6
Also get rid of capsman until you have a working config.
Well, of course... you can ignore that part.

Also read this article....
viewtopic.php?f=23&t=143620
I have already read that article, multiple times. If I connect r01.ether1 to sw01.port3, then everything works. The problem only comes when sw02 is between sw01 and r02.

The problem is not related to the internet connection.
Note, you should realize what the settings that you are using actually do in terms of functionality because they are in conflict.
All right, can you please shed some light on the conflict?
Last edited by nagylzs on Sun Jul 18, 2021 9:18 pm, edited 1 time in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 8:49 pm

> I have already read that article, multiple times. If I connect r01.ether1 to sw01.port3, then everything works. The problem only comes when sw02 is between sw01 and r02.

BTW that article concentrates on routeros. It does not explain configuration of CSS/SwOs devices. I guess that the problem is with my CSS switches. Maybe I'm wrong.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 9:49 pm

@anav alhough the guide you recommend is an excellent one, i ve read it many times my self and has helped me a lot is for Bridge VLAN Filtering...

The switches used here, seems to me they are not any of CRS3XX Series...
So if the OP uses Bridge VLAN Filtering will loose the Hardware offload on the Bridge, which is a very bad performance loss...
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Sun Jul 18, 2021 10:11 pm

The switches used here, seems to me they are not any of CRS3XX Series...
So if the OP uses Bridge VLAN Filtering will loose the Hardware offload on the Bridge, which is a very bad performance loss...
I'm aware of that. But r01 is used for routing only, and r02 will be used mainly as a wireless access point. Hw offload won't work for inter-vlan routing on r01, but Inter-vlan traffic is low, almost nothing.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Mon Jul 19, 2021 7:54 pm

Okay, so the problem still exists. I have removed sw02 to make it work. But I still don't understand what is wrong. I'm almost 100% percent sure that my routeros config is good. When the sw02is not between the routers, then they work just fine. (But sw01 is still between them, and it causes no problems!) @anav if there is a conflict, then I don't see where.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Cannot access router over trunk+switch

Mon Jul 19, 2021 8:52 pm

I hazily remember someone here had a mysterious-looking problem with some specific CSS model. Can you sniff on the devices between which SW02 is placed, in order to eventually spot some VLAN tags not to be added where they should have been or added where they should not have been?
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Mon Jul 19, 2021 9:06 pm

Today I can only do this without sw02. Tomorrow I'll add sw02 again and do sniff again.
Last edited by nagylzs on Mon Jul 19, 2021 9:22 pm, edited 1 time in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Mon Jul 19, 2021 9:21 pm

Okay, this is how I setup sniffer on both r01 and r02:
/tool sniffer
set filter-ip-protocol=icmp
set filter-ip-address=192.168.19.0/24
set filter-direction=any
start
Then I did this on r01:
/ping r02.magnet count=1
stop
Packets sniffed on r01:
[admin@r01.magnet] /tool sniffer packet> print detail
 0 time=11.304 num=1 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 1 time=11.304 num=2 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 2 time=11.304 num=3 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 3 time=11.304 num=4 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64

 4 time=11.304 num=5 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64

 5 time=11.304 num=6 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64
[admin@r01.magnet] /tool sniffer packet>
packets sniffed on r02 are below. Name of interface ether1-sw02 is misleading. In reality, it is connected to sw01 instead (I just forgot to rename it after sw2 was removed).
[admin@r02.magnet] /tool sniffer packet> print detail
 0 time=6.137 num=1 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 1 time=6.137 num=2 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 2 time=6.137 num=3 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8427 fragment-offset=0 ttl=255

 3 time=6.137 num=4 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64

 4 time=6.137 num=5 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64

 5 time=6.137 num=6 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=51083 fragment-offset=0 ttl=64
[admin@r02.magnet] /tool sniffer packet>
Everything seems to be honky-dory.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 6:12 pm

All right, I put back sw02 and repeated the same test, with vlan receive=any on sw02.

This is on r01:
 /tool sniffer packet> print detail
 0 time=11.498 num=1 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 1 time=11.498 num=2 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 2 time=11.498 num=3 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 3 time=11.499 num=4 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64

 4 time=11.499 num=5 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64

 5 time=11.499 num=6 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64
This is on r02:
 /tool sniffer packet> print detail
 0 time=9.438 num=1 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 1 time=9.438 num=2 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 2 time=9.438 num=3 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8416 fragment-offset=0 ttl=255

 3 time=9.438 num=4 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64

 4 time=9.438 num=5 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64

 5 time=9.438 num=6 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13093 fragment-offset=0 ttl=64
The only difference I see is that r01 sent packet to 08:55:31:E7:F3:67 (sw01) and r02 received from 08:55:31:E7:E1:8E (sw02). All vlan tags are fine.

The next test will be the same except that I'll set vlan receive=only tagged on sw02.
Last edited by nagylzs on Tue Jul 20, 2021 7:10 pm, edited 2 times in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 6:18 pm

All right here is what I did:

* started sniffing on both devices
* then I changed "vlan receive=only tagged" on sw02 port2 (the port that is connected directly to r02) - at this point my ssh connection to r02 was lost
* then I sent one ping from r01 to r02:
[adm@r01.magnet] /tool sniffer> /ping r02.magnet count=1
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 192.168.19.253                                          timeout
    sent=1 received=0 packet-loss=100%

[adm@r01.magnet] /tool sniffer> stop
Then I changed back vlan receive=any on sw02, so that I could login to r02 again, and stop sniffing there.

packets sniffed on r01:
 /tool sniffer packet> print detail
 0 time=16.024 num=1 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8417 fragment-offset=0 ttl=255

 1 time=16.024 num=2 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8417 fragment-offset=0 ttl=255

 2 time=16.024 num=3 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8417 fragment-offset=0 ttl=255
packets sniffed on r02:
 0 time=20.689 num=1 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8417 fragment-offset=0 ttl=255
It seems that r02 received the initial ICMP ping packet on the ether1-sw02 interface, but then it dropped it.

Please note that the configuration of r02 was not changed in any way! Only sw02 config was changed.

It is now even more mysterious. :-)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 6:31 pm

Okay I will look at this sometime today but your network diagram is basically useless as it doesnt indicate the vlans running through the ports........

I gather that each connecting port between devices is a trunk port carrying a number of vlans??
No indication of access ports anywhere but I see pvid settings on bridge ports?/
More information is required to understand what you are trying to accomplish.

The mechanics are easy, setting on the routers and the sWOS switches (can do that in your sleep) its the requirements I am missing.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 6:54 pm

Okay I will look at this sometime today but your network diagram is basically useless as it doesnt indicate the vlans running through the ports........
The vlan that I'm using there is vlanid=99. All the others can be ignored, they are irrelevant.

I gather that each connecting port between devices is a trunk port carrying a number of vlans??
No indication of access ports anywhere but I see pvid settings on bridge ports?/
More information is required to understand what you are trying to accomplish.

The mechanics are easy, setting on the routers and the sWOS switches (can do that in your sleep) its the requirements I am missing.
There are access ports, but I think they are not required to demonstrate the problem. We can ignore all of them. The ping goes through trunk ports ONLY. r01 -> sw01 -> sw02 -> r02, and all of these ports are assigned to vlan-id=99 in the vlan table. The original (first) post contains all configuration that is related.

* access ports not used for anything in this example
* only vlan 99 is used in this example
* ping is started from r01 (e.g. inside a routeros device) and it ends at r02 (another routeros device)
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 7:03 pm

I'm going to paste the bridge configs anyway.

This is r01 config, I only left the ports that are used in this example.
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=BR1 vlan-filtering=yes
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1-sw01
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1-sw01 vlan-ids=99
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
/ip address
add address=192.168.19.254/24 interface=BASE_VLAN network=192.168.19.0
This is r02 bridge config:
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=BR1 vlan-filtering=yes
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1-sw02
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1-sw02 untagged=ether2-blue,ether3-blue,ether4-blue,ether5-blue vlan-ids=99
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
/ip address
add address=192.168.19.253/24 interface=BASE_VLAN network=192.168.19.0
Devices are connected in a straight line:

* r01.ether1-sw01 is connected to sw01.port4
* sw01.port3 is connected to sw02.port1
* sw02.port2 is connected to r02.ether-sw02

Because this is a straight line, I think you won't need a complete network diagram.

The CSS device configs cannot be exported textually, but you will find their web config screenshots here:

* sw01: https://imgur.com/a/YG5M2dK
* sw02: https://imgur.com/a/T2HJhMb

On the switches, I have tried egress=leave as is and also egress=add if missing. Also tried vlan mode=strict, vlan mode=optional and vlan mode=enabled. None of these settings made any difference. The only thing that makes it work is when I set vlan receive=any on sw02.port2.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 7:48 pm

Given that the size of the frame carrying the echo request when it arrives to r02 doesn't differ between the two cases (sw01 connected to r02 directly and sw01 connected to r02 via sw02), and that the frame arrives to r02 with a VLAN tag, I would assume that there is no issue with missing tags or, inverse, extra tags being added, hence I would assume this direction to be fine. Hence it is most likely that r02 cannot send an echo reply because an ARP request "who has 192.168.19.254" didn't make it from r02 to r01 or, less likely, the response from r01 didn't make it back to r02. Less likely because the ARP reply goes in the same direction like the echo request which did get through.

Since the filtering capabilities of the sniffer are limited, I'd say you should filter by remote MAC address at both routers rather than by IP protocol and remote IP to confirm this assumption or prove it wrong.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 10:47 pm

Very good, I could have never figured this out. :-) Although... doesn't ARP has a cache timeout? I would think that the MAC address was already in the MAC table when I changed the switch config.

But this is no time for guessing. Here is the test!

r01 has ip=192.168.19.254 mac=08:55:31:E7:F3:67
r02 has ip=192.168.19.253 mac=08:55:31:E7:E1:8E

Sniffer on r01:
/tool sniffer export
set filter-mac-address=08:55:31:E7:E1:8E/FF:FF:FF:FF:FF:FF
Sniffer on r02:
/tool sniffer
set filter-mac-address=08:55:31:E7:F3:67/FF:FF:FF:FF:FF:FF
Then I did exactly one ping.


Result on r01, WITH vlan receive=any on sw02:
print detail where ip-protocol!=tcp
 0 time=7.172 num=85 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   protocol=35004 size=60 cpu=3 fp=no

 1 time=7.172 num=86 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35004
   size=60 cpu=3 fp=no

 2 time=7.172 num=87 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35004
   size=56 cpu=3 fp=no

 3 time=7.172 num=88 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35004
   size=42 cpu=3 fp=no

 4 time=7.172 num=89 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35004
   size=46 cpu=3 fp=no

 5 time=7.172 num=90 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   protocol=35004 size=46 cpu=3 fp=no

 6 time=7.173 num=91 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   protocol=35003 size=103 cpu=3 fp=no

 7 time=7.173 num=92 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=103 cpu=3 fp=no

 8 time=7.173 num=93 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=99 cpu=3 fp=no

 9 time=7.174 num=94 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=99 cpu=0 fp=no

10 time=7.174 num=95 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35003
   size=103 cpu=0 fp=no

11 time=7.174 num=96 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   protocol=35003 size=103 cpu=0 fp=no
12 time=13.961 num=97 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

13 time=13.961 num=98 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

14 time=13.961 num=99 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

15 time=13.961 num=100 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64

16 time=13.961 num=101 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64

17 time=13.961 num=102 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64
Result on r02, WITH vlan receive=any on sw02:
 0 time=2.867 num=7 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35004
   size=42 cpu=0 fp=no

 1 time=2.867 num=8 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35004
   size=46 cpu=0 fp=no

 2 time=2.867 num=9 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35004 size=46 cpu=0 fp=no

 3 time=2.867 num=10 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35004 size=60 cpu=3 fp=no

 4 time=2.867 num=11 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35004
   size=60 cpu=3 fp=no

 5 time=2.867 num=12 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35004
   size=56 cpu=3 fp=no

 6 time=2.867 num=13 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=99 cpu=0 fp=no

 7 time=2.867 num=14 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=103 cpu=0 fp=no

 8 time=2.867 num=15 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=103 cpu=0 fp=no

 9 time=2.868 num=16 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=103 cpu=3 fp=no

10 time=2.868 num=17 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35003
   size=103 cpu=3 fp=no

11 time=2.868 num=18 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=99 cpu=3 fp=no
12 time=9.655 num=19 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

13 time=9.655 num=20 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

14 time=9.655 num=21 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8420 fragment-offset=0 ttl=255

15 time=9.655 num=22 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=70 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64

16 time=9.655 num=23 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64

17 time=9.656 num=24 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   src-address=192.168.19.253 dst-address=192.168.19.254 protocol=ip ip-protocol=icmp size=74 cpu=3 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=13098 fragment-offset=0 ttl=64

18 time=12.879 num=25 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35004
   size=42 cpu=0 fp=no

19 time=12.879 num=26 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35004
   size=46 cpu=0 fp=no

20 time=12.879 num=27 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35004 size=46 cpu=0 fp=no

21 time=12.879 num=28 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35004 size=60 cpu=3 fp=no
22 time=12.879 num=29 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35004
   size=60 cpu=3 fp=no

23 time=12.879 num=30 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35004
   size=56 cpu=3 fp=no

24 time=12.879 num=31 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=99 cpu=0 fp=no

25 time=12.879 num=32 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=103 cpu=0 fp=no

26 time=12.879 num=33 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=103 cpu=0 fp=no

27 time=12.88 num=34 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=103 cpu=3 fp=no

28 time=12.88 num=35 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35003
   size=103 cpu=3 fp=no

29 time=12.88 num=36 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=99 cpu=3 fp=no

Then I did the same single ping, results on r01 with vlan receive=only tagged:
 0 time=5.59 num=16 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   protocol=35004 size=60 cpu=3 fp=no

 1 time=5.59 num=17 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35004
   size=60 cpu=3 fp=no

 2 time=5.59 num=18 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35004
   size=56 cpu=3 fp=no

 3 time=5.59 num=19 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35004
   size=42 cpu=3 fp=no

 4 time=5.59 num=20 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35004
   size=46 cpu=3 fp=no

 5 time=5.59 num=21 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   protocol=35004 size=46 cpu=3 fp=no

 6 time=5.591 num=22 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   protocol=35003 size=103 cpu=3 fp=no

 7 time=5.591 num=23 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=103 cpu=3 fp=no

 8 time=5.591 num=24 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=99 cpu=3 fp=no

 9 time=5.591 num=25 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=99 cpu=0 fp=no

10 time=5.591 num=26 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35003
   size=103 cpu=0 fp=no

11 time=5.591 num=27 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   protocol=35003 size=103 cpu=0 fp=no

12 time=6.863 num=28 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=arp
   size=42 cpu=1 fp=no

13 time=6.863 num=29 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=arp
   size=46 cpu=1 fp=no

14 time=6.863 num=30 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   protocol=arp size=46 cpu=1 fp=no

15 time=6.863 num=31 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw01
   protocol=arp size=60 cpu=3 fp=no

16 time=6.863 num=32 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=arp
   size=60 cpu=3 fp=no

17 time=6.863 num=33 direction=rx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=arp
   size=56 cpu=3 fp=no

18 time=18.594 num=40 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=70 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8421 fragment-offset=0 ttl=255

19 time=18.594 num=41 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8421 fragment-offset=0 ttl=255

20 time=18.594 num=42 direction=tx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw01
   src-address=192.168.19.254 dst-address=192.168.19.253 protocol=ip ip-protocol=icmp size=74 cpu=2 fp=no
   ip-packet-size=56 ip-header-size=20 dscp=0 identification=8421 fragment-offset=0 ttl=255
Results on r02, with vlan receive=only tagged on sw02:
 0 time=25.495 num=86 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1440 cpu=3 fp=no

 1 time=25.495 num=87 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1472 cpu=3 fp=no

 2 time=25.495 num=88 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1476 cpu=3 fp=no

 3 time=26.496 num=89 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1226 cpu=3 fp=no

 4 time=26.496 num=90 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1230 cpu=3 fp=no

 5 time=26.496 num=91 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1230 cpu=3 fp=no

 6 time=26.497 num=92 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1235 cpu=3 fp=no

 7 time=26.497 num=93 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1239 cpu=3 fp=no

 8 time=26.497 num=94 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1239 cpu=3 fp=no

 9 time=26.497 num=95 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1230 cpu=3 fp=no

10 time=26.497 num=96 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=35003
   size=1230 cpu=3 fp=no

11 time=26.497 num=97 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1226 cpu=3 fp=no
12 time=26.497 num=98 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1271 cpu=3 fp=no

13 time=26.497 num=99 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1275 cpu=3 fp=no

14 time=26.497 num=100 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1275 cpu=3 fp=no

15 time=26.498 num=101 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1239 cpu=3 fp=no

16 time=26.498 num=102 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1239 cpu=3 fp=no

17 time=26.498 num=103 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1235 cpu=3 fp=no

18 time=26.498 num=104 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1280 cpu=3 fp=no

19 time=26.498 num=105 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1284 cpu=3 fp=no

20 time=26.498 num=106 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1284 cpu=3 fp=no

21 time=26.498 num=107 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1275 cpu=3 fp=no

22 time=26.498 num=108 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1275 cpu=3 fp=no

23 time=26.498 num=109 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1271 cpu=3 fp=no
24 time=26.498 num=110 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1284 cpu=3 fp=no

25 time=26.498 num=111 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1284 cpu=3 fp=no

26 time=26.498 num=112 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1280 cpu=3 fp=no

27 time=27.5 num=113 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1281 cpu=3 fp=no

28 time=27.5 num=114 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1285 cpu=3 fp=no

29 time=27.5 num=115 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1285 cpu=3 fp=no

30 time=27.5 num=116 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1282 cpu=3 fp=no

31 time=27.5 num=117 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=35003
   size=1286 cpu=3 fp=no

32 time=27.5 num=118 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1286 cpu=3 fp=no

33 time=27.501 num=119 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1285 cpu=3 fp=no

34 time=27.501 num=120 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1285 cpu=3 fp=no

35 time=27.501 num=121 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1281 cpu=3 fp=no
36 time=27.501 num=122 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1286 cpu=3 fp=no

37 time=27.501 num=123 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1290 cpu=3 fp=no

38 time=27.501 num=124 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1290 cpu=3 fp=no

39 time=27.501 num=125 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1286 cpu=3 fp=no

40 time=27.501 num=126 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1286 cpu=3 fp=no

41 time=27.501 num=127 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1282 cpu=3 fp=no

42 time=27.502 num=128 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1287 cpu=3 fp=no

43 time=27.502 num=129 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1291 cpu=3 fp=no

44 time=27.502 num=130 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1291 cpu=3 fp=no

45 time=27.502 num=131 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1290 cpu=3 fp=no

46 time=27.502 num=132 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1290 cpu=3 fp=no

47 time=27.502 num=133 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1286 cpu=3 fp=no
48 time=27.502 num=134 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1291 cpu=3 fp=no

49 time=27.502 num=135 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1291 cpu=3 fp=no

50 time=27.502 num=136 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1287 cpu=3 fp=no

51 time=28.135 num=140 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=arp size=60 cpu=3 fp=no

52 time=28.135 num=141 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=arp
   size=60 cpu=3 fp=no

53 time=28.135 num=142 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=arp
   size=56 cpu=3 fp=no

54 time=28.504 num=185 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

55 time=28.504 num=186 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

56 time=28.504 num=187 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

57 time=28.504 num=188 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

58 time=28.504 num=189 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

59 time=28.504 num=190 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no
60 time=28.504 num=191 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

61 time=28.504 num=192 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

62 time=28.504 num=193 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

63 time=28.505 num=194 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

64 time=28.505 num=195 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

65 time=28.505 num=196 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

66 time=28.505 num=197 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

67 time=28.505 num=198 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

68 time=28.505 num=199 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

69 time=28.506 num=200 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

70 time=28.506 num=201 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

71 time=28.506 num=202 direction=tx src-mac=08:55:31:E7:E1:8E dst-mac=08:55:31:E7:F3:67 vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no
72 time=28.506 num=203 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

73 time=28.506 num=204 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

74 time=28.506 num=205 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

75 time=28.506 num=206 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=35003 size=1292 cpu=3 fp=no

76 time=28.506 num=207 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=3500>
   size=1292 cpu=3 fp=no

77 time=28.506 num=208 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=35003
   size=1288 cpu=3 fp=no

I tried to minimize the time between sniffer start/stop, but I could not do a better job. (I had to change switch settings between start/ping/stop, and switch can only be changed on its web interface.)

I'm affraid I do not know enough to interpret this output, but I'm grateful that you try to help me.

Thank you!
Last edited by nagylzs on Tue Jul 20, 2021 11:06 pm, edited 1 time in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 10:54 pm

last two logs filtered with protocol=arp:

r01:
/tool sniffer packet> print detail where protocol=arp
Empty, I guess it means that the mac address was taken from the local arp table.

r02:
/tool sniffer packet> print detail where protocol=arp
 0 time=28.135 num=140 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=ether1-sw02
   protocol=arp size=60 cpu=3 fp=no

 1 time=28.135 num=141 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E vlan=99 interface=BR1 protocol=arp
   size=60 cpu=3 fp=no

 2 time=28.135 num=142 direction=rx src-mac=08:55:31:E7:F3:67 dst-mac=08:55:31:E7:E1:8E interface=BASE_VLAN protocol=arp
   size=56 cpu=3 fp=no
There is no tx, only rx. I'm not sure what it means.Time is above 28 sec, it might have happened AFTER I changed back the switch config to receive vlan=any.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 11:06 pm

Okay so If I get this straight, ether1 from the first router is a TRUNK port carrying 10,20.30 and 99 to the first switch.
Just for giggles to mirror my Swos settings change SWITCH ONE to the following.

VLAN for trunk port (from router and to Swos2)
VLAN MODE - ENABLED
VLAN RCVE - ANY
DEFAULT VLANID - 1
VLAN HEADER - Leave as is.

VLANS
Set how I would set them so no change required

Please confirm that vlan management 99 IP subnet includes the IP addresses of all the devices R01, Swos1, Swos2, RO2.

ON Switch #2,
Same settings as above although I note it already has the VLAN HEADER leave as is..........

Now all that remains is Router #2.
and that looks fine............'

How does traffic from router 2 get routed? or is just acting as a switch???
Just for giggles on Router2 put in the following dst route if just a switch
dst: 0.0.0.0/0
gwy 192.168.19.1

also ensure you have an interface list entry that includes the base subnet and ensure that interface is selected in tools mac winbox mac server
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 11:25 pm

Okay so If I get this straight, ether1 from the first router is a TRUNK port carrying 10,20.30 and 99 to the first switch.
Yes.
Just for giggles to mirror my Swos settings change SWITCH ONE to the following.

VLAN for trunk port (from router and to Swos2)
VLAN MODE - ENABLED
VLAN RCVE - ANY
DEFAULT VLANID - 1
VLAN HEADER - Leave as is.
All right, made these changes on sw01. https://imgur.com/a/1U2Lrak
VLANS
Set how I would set them so no change required
All right, but if we set vlan mode = enabled, then it will only filter on egress, not on ingress, am I right?
Please confirm that vlan management 99 IP subnet includes the IP addresses of all the devices R01, Swos1, Swos2, RO2.
Confirmed. management net is vlan=99, ip subnet 192.168.19.0/24. All the other vlans use class A addresses (10.19.X.0/24 where X is the vlan number).
ON Switch #2,
Same settings as above although I note it already has the VLAN HEADER leave as is..........
I could not do this. After I made the suggested changes on sw01, I lost connection with sw02 (and also r02).
Now all that remains is Router #2.
and that looks fine............'

How does traffic from router 2 get routed? or is just acting as a switch???
Just for giggles on Router2 put in the following dst route if just a switch
dst: 0.0.0.0/0
gwy 192.168.19.1

also ensure you have an interface list entry that includes the base subnet and ensure that interface is selected in tools mac winbox mac server
r02 is used as a wireless access point. With caps-man, with different ssids on different vlans. It might be used as a switch later, if I run out of ports on sw02. So currently, it is not routing anything. And it has no IP address on any other vlan, only the management vlan 99.
Last edited by nagylzs on Tue Jul 20, 2021 11:39 pm, edited 1 time in total.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 11:29 pm

I could regain access to sw02 by changing back strict/only tagged/leave as is on sw01.port3 (that is connected to sw02)
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Tue Jul 20, 2021 11:37 pm

Just for giggles on Router2 put in the following dst route if just a switch
dst: 0.0.0.0/0
gwy 192.168.19.1

also ensure you have an interface list entry that includes the base subnet and ensure that interface is selected in tools mac winbox mac server
The default gateway is on r01, address 192.168.19.254. There is nothing behind 192.168.19.1 right now.

The routing on r02 is as follows:
/ip route
add distance=1 gateway=192.168.19.254 pref-src=192.168.19.253
The actual interface lists and routes are:
/interface list
add name=VLAN
add name=BASE
/interface list member
add interface=BASE_VLAN list=BASE
 /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0 A S  dst-address=0.0.0.0/0 pref-src=192.168.19.253 gateway=192.168.19.254
        gateway-status=192.168.19.254 reachable via  BASE_VLAN distance=1 scope=30 target-scope=10

 1 ADC  dst-address=192.168.19.0/24 pref-src=192.168.19.253 gateway=BASE_VLAN gateway-status=BASE_VLAN reachable distance=0
        scope=10
I believe this is exactly what you wanted, and it was already that way.

The mac server allowed-interface-list was unset, and max-server ping was disabled.

I changed it to this:
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server ping
set enabled=yes
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 12:11 am

@anav, you've already helped a lot. Now I'm sure that all packets that should be tagged, are tagged. I still don't understand why it does not work with vlan receive=tagged only, any why is it happening only on one specific port of a specific switch. But I can live with the vlan receive=any setting, if that works. I feel like I'm taking advantage of your kindness.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 2:28 am

Not sure what else can be done...... i dont use preferred source on my route setting but that shouldnt matter.
It should just work!!
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 9:05 am

Maybe I'll try to replace that CSS router with a different model, set it up exactly the same way and test if it works the same way. I don't have a different switch at hand, I can only do this later.

Thank you for your help!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 1:15 pm

It surprises me that you can only see ARP responses, because the requests are sent from the individual MAC address to a broadcast one (ff:ff:ff:ff:ff:ff), so if you filter using the MAC address of the remote device at each side, you should see both.

Another question, what are your STP settings on all the devices involved? Could it be that the CSS doesn't start forwarding on one of the interfaces?
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 8:52 pm

Another question, what are your STP settings on all the devices involved? Could it be that the CSS doesn't start forwarding on one of the interfaces?
On r01, protocol-mode=rstp
[admin@r01.magnet] /interface bridge> print detail
Flags: X - disabled, R - running
 0 R name="BR1" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=08:55:31:E7:F3:67
     protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s
     forward-delay=15s transmit-hold-count=6 vlan-filtering=yes ether-type=0x8100 pvid=1
     frame-types=admit-only-vlan-tagged ingress-filtering=yes dhcp-snooping=no
On r02, protocol-mode=rstp
[admin@r02.magnet] /interface bridge> print detail
Flags: X - disabled, R - running
 0 R name="BR1" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=08:55:31:E7:E1:8E
     protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s
     forward-delay=15s transmit-hold-count=6 vlan-filtering=yes ether-type=0x8100 pvid=1
     frame-types=admit-only-vlan-tagged ingress-filtering=yes dhcp-snooping=no
On the switches: https://imgur.com/a/pDVdXjB
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 8:56 pm

The P1-SW01 port on SW02 has type=edge. It is totally wrong.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 9:00 pm

Just checked my swos switch and all modes are RTSP (first line checked for RSTP and second line mode)

From ROUTER (so main trunk port)
RSTP: CHECKED
Mode: RTSP
Role: Designated
Root path cost:
Type: edge
State: forwarding

Rest are a mix of point to point and one edge for Type and forwarding or discarding for State.
I am not sure why the switch makes these decisions out of our hands as users. The only thing we pick is the whether RTSP is checked or not (first entry).
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Cannot access router over trunk+switch

Wed Jul 21, 2021 9:12 pm

Both sw01 and sw02 are connected to other bridges. (Namely: sw01 is connected to r01 and sw03; sw02 is connected to r02).

It means that sw02.P1-Sw01 port (the port on sw02 that faces sw01) MUST NOT be an edge port. But sw02 switch says it is an edge port.

So maybe sindy is right - the ARP request (or the response) is not forwarded from SW02.P1-SW01 to SW01.P3-Sw02

But I don't see any way to configure the port type. It should be detected automatically.

While I wrote these, SW01.P3-Sw02 port type was changed to "edge" too. So both SW01 and SW02 think that they are on the edge. But they are not. SW01 is also connected to SW03 and that is connected to printers and computers. Something is definitely wrong.

Who is online

Users browsing this forum: anav, Bing [Bot], JDF and 97 guests