Hi, I found some posts on this, but not exactly what I'm looking for.
I'm a newbie as far as RouterBoards, but I've got 15 years of experience with Linux routers and switches.
I have several Netgear GS724T configured with VLANs and VLAN trunking between the GS724T.
The above GS724 are working just fine, but I'm trying to deploy RB2011 at user desks because some engineers
nee to have access to several VLANs and Voip but our offices only have 1 or 2 ethernet jack / seat.
Question 1) Does the RB2011 fully support 802.1Q VLAN tags?
Reading : http://wiki.mikrotik.com/wiki/Manual:Sw ... troduction
add new-dst-ports=ether2 ports=ether5 switch=switch1 vlan-header=present vlan-id=2
my RB2011 returns a failure that the vlan-id is not supported for this switch.
Reading: http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
This document suggests to define the subnet used by this VLAN "add address=10.10.10.3/24 interface=VLAN2"
As far as I know, VLANs should only be layer 2 / "ethernet frame base", defining the IP subnet does not sound right.
It also adds this extra level of "synchronization" between my layer 2 and layer 3 network configuration.
Question 2) How do I configure the RB2011 to use Eth5 as VLAN trunking for VLAN id = 2, 7 and 8 connected to my GS724T? With:
VLAN-2 on ports Eth10, Eth9. (100Mb)
VLAN-7 on ports Eth1, Eth2, Eth3, Eth4. (1,000Mb)
VLAN-8 on ports Eth6, Eth7, Eth8 (100Mb)
VLAN-2,7,8 Trunk on Eth5 (1,000Mb)
This will allow me to deliver 3 VLANs to the desks of the engineers using a single ethernet link back to on of the main GS724T switches.
This way they will have access to the company Intranet VLAN-7 at a full gig link (not limited to going through the phone's 100 Mb link).
They will have access to their Voip for the telephony on VLAN-2
They will have access to the isolated Test environment on VLAN-8
Obviously none of the enduser devices connected to the RB2011 will output VLAN tags.
They will only send normal ethernet frames (Even if some devices support VLANs I don't want to configure them).
So only the trunk port on Eth5 will be the one expecting VLAN tags from the GS724T switch, ranging from VLAN 2, 7 and 8.
Thank you in advance,
Martin Politick.
politick at gmail dot com
Re: VLAN trunking between RB2011 and Netgear GS724T
Can someone tell me how I can get Mikrotik to at least answer question 1) below?
I believe the question to be a simple clarification on the product specification, and its usage.
Question 1) Does the RB2011 fully support 802.1Q VLAN tags?
Because I don't understand why I'd need to let the RB2011 know about the subnets on the VLANs.
Thank you,
Martin Politick.
I believe the question to be a simple clarification on the product specification, and its usage.
Question 1) Does the RB2011 fully support 802.1Q VLAN tags?
Because I don't understand why I'd need to let the RB2011 know about the subnets on the VLANs.
Thank you,
Martin Politick.
Re: VLAN trunking between RB2011 and Netgear GS724T
I use VLAN trunking between my RB600 and My Netgear GS724T, while the RB600 does not have the switch chip that the RB2011 does, the configuration is the same. For some of my VLANs, I do have IPs assigned, as I want to reach the MT router on that address/vlan, if you only want to bring the vlans to their desk (which is what it sounds like you want to do), an IP is not required.
For Question 2, I would do the following:
Because the 2011 uses two separate switch chips but you want all trunking to happen on a single port, the CPU has to be involved, which is why I have bridges in my solution rather than native switch vlan configuration. In your use, you cannot fully offload all traffic from the CPU. If you wanted to do a hybrid solution, you could configure the intranet ports to use native switch vlan commands and only have to bridge the test and VoIP ports, but realistically, I don't think you'll have any performance problems with your desired use.
For Question 2, I would do the following:
Code: Select all
/interface ethernet
set ether10 master-port=ether9
set ether2,ether3,ether4 master-port=ether1
set ether7,ether8 master-port=ether6
/interface vlan
add interface=ether5 name=vlan2 vlan-id=2
add interface=ether5 name=vlan7 vlan-id=7
add interface=ether5 name=vlan8 vlan-id=8
/interface bridge
add name=VoIP
add name=Intranet
add name=Test
/interface bridge port
add bridge=VoIP interface=vlan2
add bridge=VoIP interface=ether9
add bridge=Intranet interface=vlan7
add bridge=Intranet interface=ether1
add bridge=Test interface=vlan8
add bridge=Test interface=ether6
Re: VLAN trunking between RB2011 and Netgear GS724T
Thanks,
I've tried but hit a wall pretty fast with the master-port.
according to : http://forum.mikrotik.com/viewtopic.php?f=2&t=58143
I can only have 2 master-port because the RB2011LS has 2 physical switches. So when I try :
I get an error code:
I believe you're trying to create 3 separate "Virtual switches"
(eth1, eth2, eth3, eth4) - (eth6,eth7,eth8) - (eth9,eth10)
Then I think you're creating "Virtual ethernet ports" called vlan2, vlan7 and vlan8,
which at the same time it tells that ether5 should expect VLAN tags (802.1q) on port #5
Then you bridge the "virtual ethernet ports" vlans with the master-port of each virtual switch.
QUESTIONS:
Q1) what is the purpose of a master-port
Q2) Since there are no vlan statements on anyother port than ether5, does that imply that all VLAN ID will be strip from all other ports (which is what I want)
Q3) On other switches I need to tell what should be the default VLAN ID of none-VLAN trunking ports.
Is this accomplished by the bridge command?
So it then knows that any ethernet frame "routed" out of ether9 to ether 5 should be tagged with VLAN ID 2 ?
Thanks.
Martin Politick.
I've tried but hit a wall pretty fast with the master-port.
according to : http://forum.mikrotik.com/viewtopic.php?f=2&t=58143
I can only have 2 master-port because the RB2011LS has 2 physical switches. So when I try :
Code: Select all
/interface/ethernet/
set ether10 master-port=ether9
set ether2,ether3,ether4 master-port=ether1
set ether7,ether8 master-port=ether6
ros code
only one master port in switch group allowedSince I'm new to RouterOS, I don't get all the concepts so I can't figure out a way to fix this.
I believe you're trying to create 3 separate "Virtual switches"
(eth1, eth2, eth3, eth4) - (eth6,eth7,eth8) - (eth9,eth10)
Then I think you're creating "Virtual ethernet ports" called vlan2, vlan7 and vlan8,
which at the same time it tells that ether5 should expect VLAN tags (802.1q) on port #5
Then you bridge the "virtual ethernet ports" vlans with the master-port of each virtual switch.
QUESTIONS:
Q1) what is the purpose of a master-port
Q2) Since there are no vlan statements on anyother port than ether5, does that imply that all VLAN ID will be strip from all other ports (which is what I want)
Q3) On other switches I need to tell what should be the default VLAN ID of none-VLAN trunking ports.
Is this accomplished by the bridge command?
Code: Select all
add interface=ether5 name=vlan2 vlan-id=2
add bridge=VoIP interface=vlan2
add bridge=VoIP interface=ether9 Thanks.
Martin Politick.
Re: VLAN trunking between RB2011 and Netgear GS724T
My apologies, I do not have a 2011 to verify against.
The master-port is to setup switch groups in the hardware switch chip. Doing so will offload switching functions from the CPU. The "master-port" is the only one that needs to be further used in configuration settings when referencing that switch group.
Since there are less switch groups available than what you require, some of your switched traffic *must* go through the CPU. This is not a big deal, as the CPU can handle over 1GBps in bridging mode and you already are required to use the CPU since your trunk is on one chip and some of the ports are on another (as previously mentioned).
So we drop the switch-chip stuff and lengthen our bridge port section. The full config would now read:
The master-port is to setup switch groups in the hardware switch chip. Doing so will offload switching functions from the CPU. The "master-port" is the only one that needs to be further used in configuration settings when referencing that switch group.
Since there are less switch groups available than what you require, some of your switched traffic *must* go through the CPU. This is not a big deal, as the CPU can handle over 1GBps in bridging mode and you already are required to use the CPU since your trunk is on one chip and some of the ports are on another (as previously mentioned).
So we drop the switch-chip stuff and lengthen our bridge port section. The full config would now read:
Code: Select all
/interface vlan
add interface=ether5 name=vlan2 vlan-id=2
add interface=ether5 name=vlan7 vlan-id=7
add interface=ether5 name=vlan8 vlan-id=8
/interface bridge
add name=VoIP
add name=Intranet
add name=Test
/interface bridge port
add bridge=VoIP interface=vlan2
add bridge=VoIP interface=ether9
add bridge=VoIP interface=ether10
add bridge=Intranet interface=vlan7
add bridge=Intranet interface=ether1
add bridge=Intranet interface=ether2
add bridge=Intranet interface=ether3
add bridge=Intranet interface=ether4
add bridge=Test interface=vlan8
add bridge=Test interface=ether6
add bridge=Test interface=ether7
add bridge=Test interface=ether8
Re: VLAN trunking between RB2011 and Netgear GS724T
OP, since you're mainly looking to do L2 switching, you might be better served by an L2 switch than a Routerboard. Given that you already use Netgear "smart" switches in your network, it might be worthwhile to look at the GS108T, which is similar in price to the RB2011, and has an interface/management features similar to your existing switches.
Re: VLAN trunking between RB2011 and Netgear GS724T
Yes thank you, I've looked at them.OP, since you're mainly looking to do L2 switching, you might be better served by an L2 switch than a Routerboard. Given that you already use Netgear "smart" switches in your network, it might be worthwhile to look at the GS108T, which is similar in price to the RB2011, and has an interface/management features similar to your existing switches.
But I have 2 reasons to use the RB2011
1- We already use this model for other purposes so I prefer to always re-use the same components as much as I can (easier for long term support)
2- Gives me a reason to start understanding concepts behind RouterBoard (learning exercise)
But your proposition could be very useful for other users.
Thx,
Martin Politick.
Re: VLAN trunking between RB2011 and Netgear GS724T
J. Gellis
Code: Select all/interface vlan add interface=ether5 name=vlan2 vlan-id=2 add interface=ether5 name=vlan7 vlan-id=7 add interface=ether5 name=vlan8 vlan-id=8 /interface bridge add name=VoIP add name=Intranet add name=Test /interface bridge port add bridge=VoIP interface=vlan2 add bridge=VoIP interface=ether9 add bridge=VoIP interface=ether10 add bridge=Intranet interface=vlan7 add bridge=Intranet interface=ether1 add bridge=Intranet interface=ether2 add bridge=Intranet interface=ether3 add bridge=Intranet interface=ether4 add bridge=Test interface=vlan8 add bridge=Test interface=ether6 add bridge=Test interface=ether7 add bridge=Test interface=ether8
Yes I've verified and it works at 95%.
I can't bridge ether6 because it's already used and if I remove it I loose my connectivity to 192.168.88.1
So I've done this (which leaves ether6 as the configuration port) and added an extra VLAN-1:
Code: Select all
/interface ethernet
set ether10 master-port=none
set ether9 master-port=none
set ether8 master-port=none
set ether7 master-port=none
/interface vlan
add interface=ether5 name=vlan1 vlan-id=1
add interface=ether5 name=vlan2 vlan-id=2
add interface=ether5 name=vlan7 vlan-id=7
add interface=ether5 name=vlan8 vlan-id=8
/interface bridge
add name=VoIP
add name=Intranet
add name=Mine
add name=Pit
/interface bridge port
print
remove 0
remove 1
remove 2
remove 3
add bridge=Intranet interface=vlan1
add bridge=Intranet interface=ether1-gateway
add bridge=Intranet interface=ether2
add bridge=VoIP interface=vlan2
add bridge=VoIP interface=ether9
add bridge=VoIP interface=ether10
add bridge=Mine interface=vlan7
add bridge=Mine interface=ether3
add bridge=Mine interface=ether4
add bridge=Pit interface=vlan8
add bridge=Pit interface=ether7
add bridge=Pit interface=ether8
Martin Politick
Who is online
Users browsing this forum: fadelliz78, nichky and 67 guests