Community discussions

MikroTik App
 
nichols430
just joined
Topic Author
Posts: 10
Joined: Thu Mar 03, 2016 7:54 pm

VLAN Help on a CRS326 Switch

Tue Sep 21, 2021 6:33 pm

I have hit a wall of confusion. I have read various articles,etc. I have this switch setup to bond the two uplink ports to a single bond. Created the bridge, set up the vlans on the bridge. I have unifi in the building so by default vlan1 needs to be untagged. That part is working as far as I can tell. What I cannot figure out what I've done wrong is that the Windows DHCP server will not hand out the DHCP requests. The server has a multi-vlan access, meaning each VLAN has its own DHCP server that the server should be listening for, its not handing out the IP address to the vlan on ether1. Any suggestions as to what I've messed up?

Thankls

# sep/21/2021 10:28:57 by RouterOS 6.48.4
# software id = ZKQA-49C8
#
# model = CRS326-24G-2S+
# serial number = DA730ED0E923
/interface bridge
add frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    name=bri1 vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full \
    name=Uplink_P1
set [ find default-name=sfp-sfpplus2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full \
    name=Uplink_p2
/interface bonding
add mode=802.3ad name=Uplink slaves=Uplink_P1,Uplink_p2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bri1 frame-types=admit-only-untagged-and-priority-tagged \
    interface=Uplink
add bridge=bri1 interface=ether7
add bridge=bri1 interface=ether2
add bridge=bri1 interface=ether3
add bridge=bri1 interface=ether4
add bridge=bri1 interface=ether5
add bridge=bri1 interface=ether6
add bridge=bri1 interface=ether8
add bridge=bri1 interface=ether9
add bridge=bri1 interface=ether10
add bridge=bri1 interface=ether11
add bridge=bri1 interface=ether12
add bridge=bri1 interface=ether13
add bridge=bri1 interface=ether14
add bridge=bri1 interface=ether15
add bridge=bri1 interface=ether16
add bridge=bri1 interface=ether17
add bridge=bri1 interface=ether18
add bridge=bri1 interface=ether19
add bridge=bri1 interface=ether20
add bridge=bri1 interface=ether21
add bridge=bri1 interface=ether22
add bridge=bri1 interface=ether23
add bridge=bri1 interface=ether24
add bridge=bri1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether1 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bri1 untagged=Uplink,bri1 vlan-ids=1
add bridge=bri1 tagged=Uplink,ether1 vlan-ids=10
add bridge=bri1 tagged=Uplink untagged=ether2 vlan-ids=30
add bridge=bri1 tagged=Uplink vlan-ids=20
add bridge=bri1 tagged=Uplink vlan-ids=40
/ip address
add address=10.10.50.3/24 interface=bri1 network=10.10.50.0
/ip dns
set servers=10.10.50.10
/ip route
add distance=1 gateway=10.10.50.1
/system clock
set time-zone-name=America/Chicago
/system routerboard settings
set boot-os=router-os
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN Help on a CRS326 Switch

Tue Sep 21, 2021 7:19 pm

/interface bridge port
add bridge=bri1 frame-types=admit-only-untagged-and-priority-tagged \
interface=Uplink
/interface bridge vlan
add bridge=bri1 untagged=Uplink,bri1 vlan-ids=1
add bridge=bri1 tagged=Uplink,ether1 vlan-ids=10
add bridge=bri1 tagged=Uplink untagged=ether2 vlan-ids=30
add bridge=bri1 tagged=Uplink vlan-ids=20
add bridge=bri1 tagged=Uplink vlan-ids=40

Frame-types setting and vlan setup don't go together.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: VLAN Help on a CRS326 Switch  [SOLVED]

Tue Sep 21, 2021 7:25 pm

A bridge has two roles - its is both like a switch connecting various ethernet ports together, and also like an ethernet port to pass traffic to services on the Mikrotik itself. Somewhat confusingly the settings for both of these roles are made under /interface bridge - the frame-types, ingress-filtering and pvid for the bridge port role are made here, whereas for all other ports attached to the bridge these are set under /interface bridge port.

There is no need to explicitly set untagged= memberships, these will be dynamically created from the port pvid= settings. There is a mismatch on ether2 for example, and you also have ether1 with a PVID of 10 but set to be tagged on the same VLAN.

Starting with:
/interface bridge vlan
add bridge=bri1 untagged=Uplink,bri1 vlan-ids=1
add bridge=bri1 tagged=Uplink,ether1 vlan-ids=10
add bridge=bri1 tagged=Uplink untagged=ether2 vlan-ids=30
add bridge=bri1 tagged=Uplink vlan-ids=20
add bridge=bri1 tagged=Uplink vlan-ids=40

then add tagged= membership for the hybrid ports to the access points, or for access ports to a single VLAN set the pvid= under under /interface bridge port

You also probably don't want frame-types=admit-only-untagged-and-priority-tagged on your uplink, this will prevent any tagged traffic reaching the switch:
Access port frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes
Hybrid port frame-types=admit-all ingress-filtering=yes
Trunk port frame-types=admit-only-vlan-tagged ingress-filtering=yes
 
nichols430
just joined
Topic Author
Posts: 10
Joined: Thu Mar 03, 2016 7:54 pm

Re: VLAN Help on a CRS326 Switch

Tue Sep 21, 2021 8:05 pm

tdw

Thank you so so much! I was hitting my head against this and couldnt figure out what I had done wrong. I think im going to go back over my other switch that I use for just a core switch and check what I have learned here against that and make sure I dont have issues there. Thank you so much!

Who is online

Users browsing this forum: alotofbacardi, baragoon, jacobbailey, Pincha3 and 89 guests