Community discussions

MikroTik App
  4. Other topics
  5. RouterBOARD hardware

HW Switching/VLAN on PowerBox Pro / Find my fault

Post Reply
 
ste
Forum Guru
Forum Guru
Topic Author
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

HW Switching/VLAN on PowerBox Pro / Find my fault

Thu Jul 19, 2018 12:25 pm

What I want to do is access the Powerbox Pro from ethernet1 untagged and get all untagged Traffic from Port 2,3,4 tagged with VLAN3 on port1.

The Box could be accessed from port1 but Traffic from Port2,3,4 is not forwarded to Port1 at all.


# jul/19/2018 11:12:19 by RouterOS 6.42.6
# software id = MGUA-0S1T
#
# model = 960PGS
# serial number = XXXXXX
/interface bridge
add fast-forward=no name=bridge1
/interface vlan
add interface=bridge1 name=VLAN1 vlan-id=1
/interface ethernet switch port
set 0 default-vlan-id=1 vlan-mode=secure
set 1 default-vlan-id=3 vlan-mode=secure
set 2 default-vlan-id=3 vlan-mode=secure
set 3 default-vlan-id=3 vlan-mode=secure
set 5 default-vlan-id=1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 disabled=yes interface=ether5
add bridge=bridge1 disabled=yes interface=sfp1
/ip firewall connection tracking
set enabled=no
/interface ethernet switch vlan
add independent-learning=no ports=ether1,ether2,ether3,ether4 switch=switch1 vlan-id=3
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=1
/ip firewall filter
add action=drop chain=input disabled=yes log=yes
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11598
Joined: Thu Mar 03, 2016 10:23 pm

Re: HW Switching/VLAN on PowerBox Pro / Find my fault

Thu Jul 19, 2018 11:39 pm

I have similar configuration on my RB951G: port ether5 is hybrid ... untagged and VID 3999. THe untagged packets are translated to VID=2 and sent over trunk port to other devices. Port configuration which works for me is this:
Code: Select all
/interface ethernet switch port
set 4 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
If I understood manuals correct, then option "vlan-header=always-strip" means that tags will get stripped on egress if VID is equal to default-vlan-id, else tags will stay.

The rest of configuration is similar to yours.
Top
 
ste
Forum Guru
Forum Guru
Topic Author
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: HW Switching/VLAN on PowerBox Pro / Find my fault

Fri Jul 20, 2018 2:12 pm

I have similar configuration on my RB951G: port ether5 is hybrid ... untagged and VID 3999. THe untagged packets are translated to VID=2 and sent over trunk port to other devices. Port configuration which works for me is this:
Code: Select all
/interface ethernet switch port
set 4 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
If I understood manuals correct, then option "vlan-header=always-strip" means that tags will get stripped on egress if VID is equal to default-vlan-id, else tags will stay.

The rest of configuration is similar to yours.
Thanks. I tried this and as described by Mikrotik wiki this has no effect:
'In Gigabit switch chips when "vlan-mode=secure", it ignores switch port "vlan-header" options. VLAN table entries handle all the egress tagging/untagging and works as "vlan-header=leave-as-is" on all ports.'
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 13 guests
  4. Other topics
  5. RouterBOARD hardware