Community discussions

MikroTik App
 
matgreg91
just joined
Topic Author
Posts: 9
Joined: Mon Jul 24, 2017 7:07 pm
Location: Italy

VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 10:40 am

Hi all,

we have a problem with all the CRS112 in our network.
They generally work but, sometimes, they stop forwarding all VLANS and wewe have to reboot them.
Can it be a MTU problem? LTU is set to 1500 and L2 MTU to 1588

I post here the config, the VLAN 255 is for management, other VLANS are for users:
#RouterOS 6.44.5
# software id = PK4Y-FSHB
#
# model = CRS112-8P-4S

/interface bridge
add name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] poe-out=off
set [ find default-name=ether2 ] poe-out=off
set [ find default-name=ether3 ] poe-out=forced-on
set [ find default-name=ether4 ] poe-out=forced-on
set [ find default-name=ether5 ] poe-out=forced-on
set [ find default-name=ether6 ] poe-out=off
set [ find default-name=ether7 ] poe-out=forced-on
set [ find default-name=ether8 ] poe-out=forced-on
/interface vlan
add interface=bridge1 name=vlan255 vlan-id=255
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=\
    ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 \
    forward-unknown-vlan=no

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
/interface ethernet switch egress-vlan-tag
add tagged-ports=\
    switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 \
    vlan-id=255
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether8 \
    vlan-id=255
add ports=switch1-cpu,ether1,ether2 vlan-id=29
add ports=switch1-cpu,ether1,ether2 vlan-id=30
add ports=switch1-cpu,ether1,ether2 vlan-id=31
add ports=switch1-cpu,ether2,ether7 vlan-id=32
add ports=switch1-cpu,ether1,ether2 vlan-id=33
add ports=switch1-cpu,ether5,ether7 vlan-id=34
add ports=switch1-cpu,ether3,ether7 vlan-id=35
add ports=switch1-cpu,ether1,ether2 vlan-id=38
add ports=switch1-cpu,ether1,ether2 vlan-id=45
add ports=switch1-cpu,ether1,ether2 vlan-id=46
add ports=switch1-cpu,ether1,ether2 vlan-id=47
add ports=switch1-cpu,ether1,ether2 vlan-id=48
add ports=switch1-cpu,ether1,ether2 vlan-id=55
add ports=switch1-cpu,ether1,ether2 vlan-id=56
add ports=switch1-cpu,ether1,ether2 vlan-id=60
add ports=switch1-cpu,ether1,ether2 vlan-id=61
add ports=switch1-cpu,ether1,ether2 vlan-id=83
add ports=switch1-cpu,ether1,ether2 vlan-id=84
add ports=switch1-cpu,ether1,ether2 vlan-id=94
add ports=switch1-cpu,ether1,ether2 vlan-id=121
add ports=switch1-cpu,ether1,ether2 vlan-id=126
add ports=switch1-cpu,ether1,ether2 vlan-id=127
add ports=switch1-cpu,ether1,ether2 vlan-id=128
add ports=switch1-cpu,ether1,ether2 vlan-id=129
add ports=switch1-cpu,ether1,ether2 vlan-id=132
add ports=switch1-cpu,ether4,ether7 vlan-id=133
add ports=switch1-cpu,ether1,ether2 vlan-id=136
add ports=switch1-cpu,ether1,ether2 vlan-id=137
add ports=switch1-cpu,ether1,ether2 vlan-id=139
add ports=switch1-cpu,ether1,ether2 vlan-id=140
add ports=switch1-cpu,ether1,ether2 vlan-id=141
add ports=switch1-cpu,ether1,ether2 vlan-id=142
add ports=switch1-cpu,ether1,ether2 vlan-id=168
add ports=switch1-cpu,ether6,ether7 vlan-id=180
add ports=switch1-cpu,ether1,ether2 vlan-id=197
add ports=switch1-cpu,ether1,ether2 vlan-id=198
add ports=switch1-cpu,ether1,ether2 vlan-id=202
add ports=switch1-cpu,ether4,ether7 vlan-id=223

/ip address
add address=172.16.4.2/22 interface=vlan255 network=172.16.4.0
/ip route
add distance=1 gateway=172.16.4.1
/snmp
set enabled=yes
Thank you in advance for sharing your experience
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 11:20 am

I hope none of CRS112 have public access, because on 6.44.5 are present some bugs...
I suggest you to update all at least to 6.46.8,
but this is another question.


it's desired the absence of ether7?
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,?????,ether8 vlan-id=255

it's desired the absence of vlan-filtering=yes?
/interface bridge
add name=bridge1 protocol-mode=none ?????
 
matgreg91
just joined
Topic Author
Posts: 9
Joined: Mon Jul 24, 2017 7:07 pm
Location: Italy

Re: VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 11:33 am

I hope none of CRS112 have public access, because on 6.44.5 are present some bugs...
I suggest you to update all at least to 6.46.8,
They are not exposed and under firewall but yes, they will be updated soon.
it's desired the absence of ether7?
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,?????,ether8 vlan-id=255
Yes, the vlan cannt be propagated on port 7
it's desired the absence of vlan-filtering=yes?
/interface bridge
add name=bridge1 protocol-mode=none ?????
no, this is default configuration. The Manual does not tell nothing about it on CRS1xx:
https://wiki.mikrotik.com/wiki/Manual:C ... ith_Trunks
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 11:36 am

I hope someone can find problem inside better than me,
I do not find anything strange.
Probably some bug on software?

I ask about ether7 because on this are considered:
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-id=255

Ah, I forget:
MTU must be at least 1500 standard ethernet packet + 4 VLAN tag = 1504
{
/int bridge set [find] mtu=1504
/int ethernet set [find] mtu=1504
}
Last edited by rextended on Wed Jun 09, 2021 12:15 pm, edited 1 time in total.
 
matgreg91
just joined
Topic Author
Posts: 9
Joined: Mon Jul 24, 2017 7:07 pm
Location: Italy

Re: VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 11:51 am

MTU must be at least 1500 standard ethernet packet + 4 VLAN tag = 1504
thank you, I changed the configuration, let's see if this can bring us to the solution
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: VLAN problem with CRS112-8P-4S  [SOLVED]

Wed Jun 09, 2021 6:27 pm

Default L2MTU is 1588 so it should be fine.
There is a lot of VLANs going into the switch1-cpu. That might cause much broadcast/multicast to reach the CPU. I only include switch1-cpu in VLAN1 and VLAN-MGMT.
I don't see any ingress-taggning? Not used?

Example from mine:
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,ether1 vlan-id=39
add tagged-ports=ether1 vlan-id=31

/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=31 ports=ether5
add customer-vid=0 new-customer-vid=31 ports=ether6
add customer-vid=0 new-customer-vid=31 ports=ether7

/interface ethernet switch vlan
add comment=LAN ports=ether1,ether5,ether6,ether7 vlan-id=31
add comment=Management ports=switch1-cpu,ether1 vlan-id=39
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN problem with CRS112-8P-4S

Wed Jun 09, 2021 9:37 pm

As @mada3k wrote: remove switch1-cpu from all vlan pirt grouos under /interface ethernet switch vlan except for VLAN 255. That's only necessary for VLANs with which ROS interacts and it interacts through appropriate vlan interface. Admitting otger VLANs to CPU only alliws broadcasts to flood the CPU.

Also upgrade ROS to latest long-term (at time of writing this post it's 6.47.10).

MTU setting on ports doesn't matter at all, only L2MTU matters. The only place where MTU setting matters is on tge interface which has IP address set and sets maximum packet size which can be dealt with by ROS when using that interface (in your case that's interface vlan255).

And: when dealing with VLANs using /interface ethernet switch configuration subtree one should not set anything related to VLANs on bridge. While mixing settings is not rejected by ROS they interfere with each other.
 
matgreg91
just joined
Topic Author
Posts: 9
Joined: Mon Jul 24, 2017 7:07 pm
Location: Italy

Re: VLAN problem with CRS112-8P-4S

Thu Jun 10, 2021 11:29 am

There is a lot of VLANs going into the switch1-cpu. That might cause much broadcast/multicast to reach the CPU. I only include switch1-cpu in VLAN1 and VLAN-MGMT.
I try to leave only VLAN 255 under the switch1-cpu.
I don't see any ingress-taggning? Not used?
no need to tag/untag on this device, only trunk ports.

Thank you dude, you help is very useful
 
matgreg91
just joined
Topic Author
Posts: 9
Joined: Mon Jul 24, 2017 7:07 pm
Location: Italy

Re: VLAN problem with CRS112-8P-4S

Thu Jun 10, 2021 11:34 am

MTU setting on ports doesn't matter at all, only L2MTU matters. The only place where MTU setting matters is on tge interface which has IP address set and sets maximum packet size which can be dealt with by ROS when using that interface (in your case that's interface vlan255).
mmh, when VLANS don't work and i need to rebboot the switch, the only available interface is the upstream one, i cannot figure why and how. Maybe this should be related with MTU/L2MTU
And: when dealing with VLANs using /interface ethernet switch configuration subtree one should not set anything related to VLANs on bridge. While mixing settings is not rejected by ROS they interfere with each other.
the IP address is set on the VLAN, so I must set VLAN 255 under the bridge, in order to assign the IP address.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: VLAN problem with CRS112-8P-4S

Thu Jun 10, 2021 8:51 pm

The vlan225 bridge interface looks correct to me

Who is online

Users browsing this forum: biomesh and 15 guests