Community discussions

MUM Europe 2020
 
User avatar
astounding
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Tue Dec 16, 2008 12:17 am

VLAN bridging question

Tue Dec 16, 2008 1:04 am

TOPOLOGY:

Assume I have a MikroTik with at least 4 ports. Assume that I must pass ethernet traffic for three separate 802.1q VLANs. Here is the topology:

eth1 = trunk port with untagged traffic (belonging to VLAN ID 1) and also tagged traffic for VLAN ID 2 and VLAN ID 3
eth2 = untagged traffic only port (all traffic in/out belongs to VLAN ID 2)
eth3 = untagged traffic only port (all traffic in/out belongs to VLAN ID 3)
eth4 = untagged traffic only port (all traffic in/out belongs to VLAN ID 1)

Assume that ports 2-4 MUST only pass untagged traffic in/out and that traffic must ONLY be to/from the assigned VLAN.

Assume that port 1 MUST carry VLAN traffic for all three VLANs, but VLAN ID 1 traffic MUST be untagged--assume that there is no other way to do it.

QUESTION:

Is there any possible working MikroTik RouterOS configuration that would function as required by all of the above assumptions?

PLEASE, if you don't know the answer to this question, don't propose an alternate topology and give a suggested configuration for it. I am not interested it alternative topologies nor alternate questions. Only the above proposed topology.

To my own knowledge, the answer to the question currently is NO, RouterOS cannot do this, therefore I must use another device. (A Cisco 2955 switch can do this very easily, but it's a true switch.)

Thank you.

-Astounding
 
User avatar
Letni
Member
Member
Posts: 375
Joined: Tue Dec 05, 2006 5:16 am
Location: South Carolina

Re: VLAN bridging question

Tue Dec 16, 2008 3:16 am

This can be done very easily with Mikrotik.

The skinny.
Create Bridge1, Bridge2, Bridge3
Create vlan2 on ether1, vlan3 on ether1
Assign ether1 and ether4 to Bridge1
Assign vlan2 and ether2 to Bridge2
Assign vlan3 and ether3 to Bridge3
Call it a day. ;)

-Louis
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1723
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: VLAN bridging question

Tue Dec 16, 2008 12:07 pm

Correct!

But I will also add some bridge filter rules to be sure that nobody will be able to receive vlan2 vla3 tagged packets on ether1
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
User avatar
astounding
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Tue Dec 16, 2008 12:17 am

Re: VLAN bridging question

Wed Dec 17, 2008 2:16 am

Letni suggested this solution (I'm rewording it to be sure I understood it right):

Three bridges: br1, br2, br3
Three VLAN pseudo interfaces: vlan2 and vlan3
The ethernet ports (eth1, eth2, and eth3) would be assigned to various VLAN pseudo interfaces and/or to bridges as follows:

eth1 (with untagged traffic destined for VLAN 1, tagged traffic destined for VLANs 2 and 3) would belong to bridge br1 (for untagged traffic) AND to VLAN pseudo interfaces vlan2 (for tagged traffic on VLAN 2) and vlan3 (for tagged traffic on VLAN 3)
eth2 would belong to bridge br2, which bridge would contain vlan2 and eth2
eth3 would belong to bridge br3, which bridge would contain vlan3 and eth3
eth4 would belong to bridge br1

Unsurprisingly, this solution was exactly the same as what I came up with. It didn't work.

Why?

It seems that because eth1 belongs to a bridge (br1), VLAN pseudo interfaces vlan2 and vlan3 NEVER see the tagged packets sent to eth1.

Another thread had suggested instead sticking the vlan2 and vlan3 interfaces on TOP of bridge br1. I've tried that too. When that happens, while the pseudo VLAN interfaces DO then see the tagged packets, for some reason I can't get the bridges on TOP of the pseudo VLAN interfaces to see and bridge the traffic. (It's as if bridge->vlan-pseudo-interface->bridge stacking doesn't work.)

Additionally the bridge->vlan_if->bridge stacking method would require filters to prevent VLAN2 and VLAN3 tagged traffic from being bridged to port eth4, to prevent VLAN3 traffic to eth2, and VLAN2 traffic to eth3 (as macgaiver mentioned).

So has someone tried either of these variations with success? I think I'll retest both methods again to be sure I didn't typo a config. and misinterpret my human error as a RouterOS failure.

I'm quite confident that vlan pseudo interfaces and bridges both sharing an ethernet port won't work as the bridge steals the traffic and the vlans never see it. (And I think that's the one I tested already several times.) I'm a little more hesitant to declare the bridge->vlan->bridge stacking (plus filtering) as nonfunctional since I think I only tried it once and didn't go over my configuration with a fine toothed comb double-checking for configuration errors.

Thanks for the responses!

Who is online

Users browsing this forum: No registered users and 98 guests