MikroTik

Posted: **Sat Jan 25, 2014 10:42 pm**

I'm a bit confused with the trunk and access configurations on RouterOS. I've seen at least couple of ways of configuring VLANs and trunks. It's kind of confusing. That's why I start this thread, because on the CCR1036 platform I find it even more confusing...

So let me summarize what confuses me:
1. For every VLAN I would like to create - I create a vlan interface - /interface vlan add Correct?
2. Once the VLAN is created and associated with a particular port in step 1., How do I associate other ports to that VLAN? do I add them to the newly created VLAN interface? Do I have to create a Bridge and associate all access ports from that particular VLAN? Shall I be able to ping my /interface vlan IP address without the bridge configuration?
3. How do I create a trunk port? This actually confuses me the most... Some sources say I should use again the VLAN association, other sources say I should use the /interface ethernet switch menu... But I don't actually have /interface ethernet switch menu in CCR1036?!

If you could give me a short example to illustrate a typical configuration:
VLANs 10, 20, 30
Access ports ether1, ether2, ether3
Port associations ether1 access port in VLAN 10, ether2 access port in VLAN 20, ether3 access port in VLAN 30.
Trunk ports ether4 and ether5

Posted: **Sat Jan 25, 2014 10:52 pm**

Create 3 bridges, one for each Vlan. Create three Vlan interfaces on both port 4 and 5.
Bridge the correct port (ether1/2/3) with the two correct Vlan interfaces.

Another option is to bridge port 4 and 5 and create the Vlan interfaces on that bridge. Then bridge only one Vlan interface with the right ether interface.

Posted: **Sun Jan 26, 2014 10:15 am**

Create 3 bridges, one for each Vlan. Create three Vlan interfaces on both port 4 and 5.
Bridge the correct port (ether1/2/3) with the two correct Vlan interfaces.

Another option is to bridge port 4 and 5 and create the Vlan interfaces on that bridge. Then bridge only one Vlan interface with the right ether interface.

So if I got you correct, the configuration should look like this:

/interface bridge add name=br-vlan10 
/interface bridge add name=br-vlan20
/interface bridge add name=br-vlan30

/interface vlan
add interface=ether4 name=vlan10 vlan-id=10
add interface=ether4 name=vlan20 vlan-id=20
add interface=ether4 name=vlan30 vlan-id=30
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan20 vlan-id=20
add interface=ether5 name=vlan30 vlan-id=30

/interface bridge port add bridge=br-vlan10 interface=vlan10
/interface bridge port add bridge=br-vlan10 interface=ether1
/interface bridge port add bridge=br-vlan20 interface=vlan20
/interface bridge port add bridge=br-vlan20 interface=ether2
/interface bridge port add bridge=br-vlan30 interface=vlan30
/interface bridge port add bridge=br-vlan30 interface=ether3

/ip address add address=10.0.10.1/24 interface=vlan10
/ip address add address=10.0.20.1/24 interface=vlan20
/ip address add address=10.0.30.1/24 interface=vlan30

Correct?

Posted: **Sun Jan 26, 2014 10:35 am**

Correct?

Yes, that should work.

Btw. This works on all RBs. You've been told to use the Switch Interface on other Platforms because they don't thave not enought CPU power to bridge at wirespeed. So using the Switch chip is more CPU fiendly. As you may know the CCR doesn't have a Switch chip, so using a Bridge is the only option on these devices.

- Mat

Posted: **Sun Jan 26, 2014 11:35 am**

Correct?
Yes, that should work.

Btw. This works on all RBs. You've been told to use the Switch Interface on other Platforms because they don't thave not enought CPU power to bridge at wirespeed. So using the Switch chip is more CPU fiendly. As you may know the CCR doesn't have a Switch chip, so using a Bridge is the only option on these devices.

- Mat

CCR is fast enough to do wirespeed in Software. So a switching chip would add no benefit. Devices like 2011 would get speed problems without switch chip.

Posted: **Sun Jan 26, 2014 12:04 pm**

So if I got you correct, the configuration should look like this:

/interface bridge add name=br-vlan10 
/interface bridge add name=br-vlan20
/interface bridge add name=br-vlan30

/interface vlan
add interface=ether4 name=vlan10 vlan-id=10
add interface=ether4 name=vlan20 vlan-id=20
add interface=ether4 name=vlan30 vlan-id=30
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan20 vlan-id=20
add interface=ether5 name=vlan30 vlan-id=30

/interface bridge port add bridge=br-vlan10 interface=vlan10
/interface bridge port add bridge=br-vlan10 interface=ether1
/interface bridge port add bridge=br-vlan20 interface=vlan20
/interface bridge port add bridge=br-vlan20 interface=ether2
/interface bridge port add bridge=br-vlan30 interface=vlan30
/interface bridge port add bridge=br-vlan30 interface=ether3

/ip address add address=10.0.10.1/24 interface=vlan10
/ip address add address=10.0.20.1/24 interface=vlan20
/ip address add address=10.0.30.1/24 interface=vlan30

Correct?

Not quite correct. Here - look, what you need to correct:

/interface bridge add name=br-vlan10
/interface bridge add name=br-vlan20
/interface bridge add name=br-vlan30

/interface vlan
add interface=ether4 name=vlan10e4 vlan-id=10
add interface=ether4 name=vlan20e4 vlan-id=20
add interface=ether4 name=vlan30e4 vlan-id=30
add interface=ether5 name=vlan10e5 vlan-id=10
add interface=ether5 name=vlan20e5 vlan-id=20
add interface=ether5 name=vlan30e5 vlan-id=30

/interface bridge port add bridge=br-vlan10 interface=vlan10e4
/interface bridge port add bridge=br-vlan10 interface=vlan10e5
/interface bridge port add bridge=br-vlan10 interface=ether1
/interface bridge port add bridge=br-vlan20 interface=vlan20e4
/interface bridge port add bridge=br-vlan20 interface=vlan20e5
/interface bridge port add bridge=br-vlan20 interface=ether2
/interface bridge port add bridge=br-vlan30 interface=vlan30e4
/interface bridge port add bridge=br-vlan30 interface=vlan30e5
/interface bridge port add bridge=br-vlan30 interface=ether3

/ip address add address=10.0.10.1/24 interface=br-vlan10
/ip address add address=10.0.20.1/24 interface=br-vlan20
/ip address add address=10.0.30.1/24 interface=br-vlan30

I know it's quite confusing, when you have any experience with vlans... As a trainer I've been thinking about it for a long time, how to explain it - and I have one possible way of thinking:
MikroTik is a router, not a switch. It doesn't transparently "pass" any ethernet frames. Configuring vlan is configuring an "entry point" on a physical interface, telling: "those frames will have 802.1q tag on that one physical interface". Now any packet sent to that interface - will have vlan tag added to the ethernet frame.
If we want to do this (trunk) on any other physical interface - we need to create the "entry points" to the vlans on that interface separately. Now we will have many virtual interfaces, each one saying "send/receive frames with this specific vlan tag on this specific physical interface".
And as MikroTik is a router - it doesn't switch anything. It has many of those "entry points" (for every combination of vlan and trunk port). And NOW we can add the virtual interfaces with the same vlan tag on different physical interfaces - to one bridge - and this is how we start "switching" the vlan. We can, of course, add to the bridge also some physical interfaces - making them "access" ports.

Look at your br-vlan10 bridge. It says, that it should connect all frames with vlan tag 10 on ether4, all frames with vlan tag 10 on ether5 and all frames on ether1 (without any tag) - ports vlan10e4, vlan10e5 and ether1.

Posted: **Sun Jan 26, 2014 5:00 pm**

So if I got you correct, the configuration should look like this:
Code: Select all
/interface bridge add name=br-vlan10 
/interface bridge add name=br-vlan20
/interface bridge add name=br-vlan30

/interface vlan
add interface=ether4 name=vlan10 vlan-id=10
add interface=ether4 name=vlan20 vlan-id=20
add interface=ether4 name=vlan30 vlan-id=30
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan20 vlan-id=20
add interface=ether5 name=vlan30 vlan-id=30

/interface bridge port add bridge=br-vlan10 interface=vlan10
/interface bridge port add bridge=br-vlan10 interface=ether1
/interface bridge port add bridge=br-vlan20 interface=vlan20
/interface bridge port add bridge=br-vlan20 interface=ether2
/interface bridge port add bridge=br-vlan30 interface=vlan30
/interface bridge port add bridge=br-vlan30 interface=ether3

/ip address add address=10.0.10.1/24 interface=vlan10
/ip address add address=10.0.20.1/24 interface=vlan20
/ip address add address=10.0.30.1/24 interface=vlan30
Correct?
Not quite correct. Here - look, what you need to correct:
/interface bridge add name=br-vlan10
/interface bridge add name=br-vlan20
/interface bridge add name=br-vlan30

/interface vlan
add interface=ether4 name=vlan10e4 vlan-id=10
add interface=ether4 name=vlan20e4 vlan-id=20
add interface=ether4 name=vlan30e4 vlan-id=30
add interface=ether5 name=vlan10e5 vlan-id=10
add interface=ether5 name=vlan20e5 vlan-id=20
add interface=ether5 name=vlan30e5 vlan-id=30

/interface bridge port add bridge=br-vlan10 interface=vlan10e4
/interface bridge port add bridge=br-vlan10 interface=vlan10e5
/interface bridge port add bridge=br-vlan10 interface=ether1
/interface bridge port add bridge=br-vlan20 interface=vlan20e4
/interface bridge port add bridge=br-vlan20 interface=vlan20e5
/interface bridge port add bridge=br-vlan20 interface=ether2
/interface bridge port add bridge=br-vlan30 interface=vlan30e4
/interface bridge port add bridge=br-vlan30 interface=vlan30e5
/interface bridge port add bridge=br-vlan30 interface=ether3

/ip address add address=10.0.10.1/24 interface=br-vlan10
/ip address add address=10.0.20.1/24 interface=br-vlan20
/ip address add address=10.0.30.1/24 interface=br-vlan30
I know it's quite confusing, when you have any experience with vlans... As a trainer I've been thinking about it for a long time, how to explain it - and I have one possible way of thinking:
MikroTik is a router, not a switch. It doesn't transparently "pass" any ethernet frames. Configuring vlan is configuring an "entry point" on a physical interface, telling: "those frames will have 802.1q tag on that one physical interface". Now any packet sent to that interface - will have vlan tag added to the ethernet frame.
If we want to do this (trunk) on any other physical interface - we need to create the "entry points" to the vlans on that interface separately. Now we will have many virtual interfaces, each one saying "send/receive frames with this specific vlan tag on this specific physical interface".
And as MikroTik is a router - it doesn't switch anything. It has many of those "entry points" (for every combination of vlan and trunk port). And NOW we can add the virtual interfaces with the same vlan tag on different physical interfaces - to one bridge - and this is how we start "switching" the vlan. We can, of course, add to the bridge also some physical interfaces - making them "access" ports.

Look at your br-vlan10 bridge. It says, that it should connect all frames with vlan tag 10 on ether4, all frames with vlan tag 10 on ether5 and all frames on ether1 (without any tag) - ports vlan10e4, vlan10e5 and ether1.

All right... I think now I'm starting to get a hang of it. Having to configure so many bridge interfaces is probably the part that is the trickiest. If I only need a trunk port between two MikroTik routers, considering that I'll be using the same VLANs I used in the above example, will I still need the bridge interfaces?
Will it work only with:

/interface vlan
add interface=ether4 name=[b]vlan10e4[/b] vlan-id=10
add interface=ether4 name=[b]vlan20e4[/b] vlan-id=20
add interface=ether4 name=[b]vlan30e4[/b] vlan-id=30
add interface=ether5 name=[b]vlan10e5[/b] vlan-id=10
add interface=ether5 name=[b]vlan20e5[/b] vlan-id=20
add interface=ether5 name=[b]vlan30e5[/b] vlan-id=30

/ip address add address=10.0.10.1/24 interface=vlan10
/ip address add address=10.0.20.1/24 interface=vlan20
/ip address add address=10.0.30.1/24 interface=vlan30

Posted: **Sun Jan 26, 2014 6:42 pm**

You probably need bridges to link Vlan to ether interfaces.

Posted: **Sat Feb 22, 2014 1:07 pm**

I would like to just finish this thread as resolved. The issue turned out to be with the provider. So here's the config that worked for me...

Site A
/interface vlan
add interface=sfp1 l2mtu=1586 mtu=1590 name=vlan2705 vlan-id=2705
/ip address
add address=10.27.5.100/24 interface=vlan2705 network=10.27.5.0

Site B
/interface vlan
add interface=ether3 l2mtu=1586 mtu=1590 name=vlan2705 vlan-id=2705
/ip address
add address=10.27.5.101/24 interface=vlan2705 network=10.27.5.0

So I have a trunk with only one vlan running over it.

Thanks for all the suggestions to everyone.

Posted: **Sun Feb 23, 2014 1:56 am**

I think you want your l2 MTU to be bigger than your l3

Posted: **Tue May 10, 2016 9:45 am**

Hey everyone.
I have problems with mikrotik ccr-1036.
So:
1. VRRP1-UP level 3 (IP) raised at the sfp-1 (This is gateway) working fine.
2. VRRP2-Down level 2 (Vlan's). Vlan's all in bridge. VRRP2 in interface ether10 witches all vlan's comming from that port.
3. For vlan interface given VRRP2.
4. IP on bridge.

In the issue half of IP working, half not. At that not see the same IP, but diffrent network IP working.
I am so confused and do not know what the problem is.
May be Mikrotik ccr-1036 not working fine with level 2 (vlan's) or may be bridge.
Can anyone help me.
Thank's for advance.

Posted: **Mon Jun 27, 2016 12:14 am**

Hey everyone.
I have problems with mikrotik ccr-1036.
......
Can anyone help me.
Thank's for advance.

Hi nasimjontohirov, did you find a solution? I have the same problem now.... thank you.

MikroTik

Trunk port on a CCR1036 router

Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: AW: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router

Re: Trunk port on a CCR1036 router