I have one cvlan Vlan20 and one svlan 2100(outer)
https://imgur.com/a/DBcuEu8
Vlan 20 gives out 192.168.20.x at both locations (no overlap)
The currently uploaded config works, but I'm seeing 1svlan and 2cvlans come across the provider network.
If I send tagged vlan 20 traffic down vlan2100-QinQ20 for vlan 20, it works but has 3 vlan headers (1svlan 2cvlan)
If i send untagged vlan 20 traffic down vlan2100-QinQ20 it doesn't work but the headers are correct (1svlan 1cvlan)
Also, if i add eth1-vlan2100 to the bridge and send tagged vlan 20 traffic down it, it has the correct headers but doesn't work.
The only config I can get working is if it double tags the cvlan by sending tagged 20 down vlan2100-QinQ20 (which tags it again) and then it gets outer service tagged by eth1-vlan2100
See the working config below that has the duplicate cvlan headers.
Code: Select all
# 2023-07-26 17:19:15 by RouterOS 7.10.2
# software id = XFZ0-5LYE
#
# model = RB750Gr3
# serial number = HEC08V9AWMB
/interface bridge
add admin-mac=48:A9:8A:A9:85:6B auto-mac=no comment=defconf name=bridge \
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1-provider
/interface vlan
add interface=bridge name=main-vlan20 vlan-id=20
add interface=bridge name=main-vlan21 vlan-id=21
add interface=eth1-provider name=vlan2100 use-service-tag=yes vlan-id=2100
add interface=vlan2100 name=vlan2100-QinQ20 vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=Vlan20 ranges=192.168.20.10-192.168.20.20
add name=Vlan21 ranges=192.168.21.10-192.168.21.20
/ip dhcp-server
add address-pool=Vlan20 interface=main-vlan20 lease-time=10m name=Vlan20
add address-pool=Vlan21 interface=main-vlan21 lease-time=10m name=Vlan21
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 pvid=20
add bridge=bridge comment=defconf interface=ether3 pvid=21
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge interface=vlan2100-QinQ20
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=bridge,vlan2100-QinQ20 untagged=ether2 vlan-ids=20
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=21
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=eth1-provider list=LAN
add interface=ether5 list=LAN
add interface=main-vlan20 list=LAN
add interface=main-vlan21 list=LAN
add interface=*9 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether5 network=\
192.168.1.0
add address=192.168.20.1/24 interface=main-vlan20 network=192.168.20.0
add address=192.168.21.1/24 interface=main-vlan21 network=192.168.21.0
/ip dhcp-client
add comment=defconf disabled=yes interface=eth1-provider
/ip dhcp-server network
add address=192.168.20.0/24 comment=defconf gateway=192.168.20.1
add address=192.168.21.0/24 comment=defconf gateway=192.168.21.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward connection-state=\
established,related,untracked
add action=accept chain=input connection-state=established,related,untracked
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/system clock
set time-zone-name=America/Detroit
/system identity
set name=Lab_A
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set file-name=pcapA.pcap filter-interface=eth1-provider filter-ip-protocol=\
icmp
Code: Select all
# 2023-07-26 19:29:08 by RouterOS 7.10.2
# software id = Y4LK-Y9I9
#
# model = RB750Gr3
# serial number = HEC08PP06KE
/interface bridge
add admin-mac=48:A9:8A:A9:88:76 auto-mac=no comment=defconf \
ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1-Provider
/interface vlan
add interface=eth1-Provider name=eth1-vlan2100 use-service-tag=yes vlan-id=\
2100
add interface=bridge name=main-vlan20 vlan-id=20
add interface=bridge name=main-vlan21 vlan-id=21
add interface=eth1-vlan2100 name=vlan2100-QinQ20 vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=Vlan20 ranges=192.168.20.30-192.168.20.40
add name=Vlan21 ranges=192.168.21.30-192.168.21.40
/ip dhcp-server
add address-pool=Vlan20 interface=main-vlan20 lease-time=10m name=Vlan20
add address-pool=Vlan21 interface=main-vlan21 lease-time=10m name=Vlan21
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 pvid=20
add bridge=bridge comment=defconf interface=ether3 pvid=21
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge interface=vlan2100-QinQ20 pvid=20
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=bridge,vlan2100-QinQ20 untagged=ether2 vlan-ids=20
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=21
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=eth1-Provider list=LAN
add interface=ether5 list=LAN
add interface=main-vlan20 list=LAN
add interface=main-vlan21 list=LAN
add interface=*9 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.20.254/24 comment=defconf interface=main-vlan20 network=\
192.168.20.0
add address=192.168.1.1/24 interface=ether5 network=192.168.1.0
add address=192.168.21.254/24 comment=defconf interface=main-vlan21 network=\
192.168.21.0
/ip dhcp-client
add comment=defconf interface=eth1-Provider
/ip dhcp-server network
add address=192.168.20.0/24 comment=defconf gateway=192.168.20.254
add address=192.168.21.0/24 comment=defconf gateway=192.168.21.254
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5 vrf=\
main
/system clock
set time-zone-name=America/Detroit
/system identity
set name=LAB_B
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set file-name=pcap.pcap filter-interface=eth1-Provider filter-ip-protocol=\
icmp