Hi,

I need a bridge with vlan1 and ether2. Vlan1 is over ether2.

(Yes it's a strange config, but I have equipment which boots
without vlan, get it's vlan via tftp and then runs with vlan.
So I need the Router with the same IP with and without vlan
on the same etherport).

Everytime I enable port ether2 the bridge fails (no ping to a device
on vlan1). Even if I filter all in and out packets to ether2 with
bridge filtering this happens.

Any Idea??

Stefan

PLease post configuration with ether2 enabled

/Henrik

Ok. Appended a dump. Please ignore the wlan-stuff.

I've tested further:
added ether3 via a hub to ether2 and build bridge
with ports:
1. vlan1 on ether2
2. plain ether3.
Additionally I added a bridge filter to drop MacProto=Vlan to and
from ether3.
This would work, but it needs an additional hub and blocks
an ethernetport on the router.

Stefan


# jan/03/2000 03:07:10 by RouterOS 2.9.32
# software id = CQB3-3TT
#
/ interface vlan
add name="vlan2" mtu=1500 arp=enabled vlan-id=2 interface=ether2 comment="" \
disabled=no
add name="vlan1" mtu=1500 arp=enabled vlan-id=1 interface=ether2 comment="" \
disabled=no
add name="vlan77" mtu=1500 arp=enabled vlan-id=77 interface=ether2 comment="" \
disabled=no
add name="vlan5" mtu=1500 arp=enabled vlan-id=5 interface=ether2 comment="" \
disabled=no
/ interface ethernet
set ether1 name="ether1" mtu=1500 mac-address=00:0C:42:0A:43:7A arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default mdix-enable=yes speed=100Mbps comment="" \
disabled=no
set ether2 name="ether2" mtu=1500 mac-address=00:0C:42:0A:43:7B arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
set ether3 name="ether3" mtu=1500 mac-address=00:0C:42:0A:43:7C arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment="" disabled=no
/ interface wireless
set wlan1 name="wlan1" mtu=1500 mac-address=00:0C:42:0C:6E:BF arp=enabled \
disable-running-check=no radio-name="000C420C6EBF" mode=station \
ssid="MikroTik" area="" frequency-mode=manual-txpower \
country=no_country_set antenna-gain=0 frequency=5180 band=5ghz \
scan-list=default rate-set=default \
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 \
ack-timeout=dynamic tx-power-mode=default noise-floor-threshold=default \
periodic-calibration=default periodic-calibration-interval=60 \
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled \
wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 \
wds-ignore-ssid=no update-stats-interval=disabled \
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 \
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no \
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms \
preamble-mode=both compression=no allow-sharedkey=no comment="" \
disabled=yes
set wlan2 name="wlan2" mtu=1500 mac-address=00:0C:42:0C:6E:BE arp=enabled \
disable-running-check=no radio-name="000C420C6EBE" mode=station \
ssid="MikroTik" area="" frequency-mode=manual-txpower \
country=no_country_set antenna-gain=0 frequency=5180 band=5ghz \
scan-list=default rate-set=default \
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 \
ack-timeout=dynamic tx-power-mode=default noise-floor-threshold=default \
periodic-calibration=default periodic-calibration-interval=60 \
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled \
wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 \
wds-ignore-ssid=no update-stats-interval=disabled \
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 \
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no \
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms \
preamble-mode=both compression=no allow-sharedkey=no comment="" \
disabled=yes
/ interface wireless nstreme
set wlan1 enable-nstreme=no enable-polling=yes framer-policy=none \
framer-limit=3200
set wlan2 enable-nstreme=no enable-polling=yes framer-policy=none \
framer-limit=3200
/ interface wireless manual-tx-power-table
set wlan1 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
set wlan2 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
/ interface wireless security-profiles
set default name="default" mode=none authentication-types="" \
unicast-ciphers="" group-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key="" eap-methods=passthrough tls-mode=no-certificates \
tls-certificate=none static-algo-0=none static-key-0="" static-algo-1=none \
static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none \
static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none \
static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no \
audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 ssid-all=no \
frames-per-second=25 audio-min=-100 audio-max=-20
/ interface wireless snooper
set multiple-channels=yes channel-time=200ms receive-errors=no
/ interface wireless sniffer
set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no \
memory-limit=10 file-name="" file-limit=10 streaming-enabled=no \
streaming-server=0.0.0.0 streaming-max-rate=0
/ interface bridge
add name="bridge1" mtu=1500 arp=enabled stp=no priority=32768 ageing-time=5m \
forward-delay=15s garbage-collection-interval=5s hello-time=2s \
max-message-age=20s comment="" disabled=no
/ interface bridge port
add interface=ether2 bridge=bridge1 priority=128 path-cost=10 comment="" \
disabled=no
add interface=vlan1 bridge=bridge1 priority=128 path-cost=10 comment="" \
disabled=no
add interface=vlan5 bridge=bridge1 priority=128 path-cost=10 comment="" \
disabled=yes
add interface=ether3 bridge=bridge1 priority=128 path-cost=10 comment="" \
disabled=yes
/ interface bridge filter
add chain=input in-interface=ether3 mac-protocol=vlan action=drop comment="" \
disabled=no
add chain=output out-interface=ether3 mac-protocol=vlan action=drop comment="" \
disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 \
authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
keepalive-timeout=30 default-profile=default-encryption
/ ip pool
add name="pool1" ranges=192.168.0.0/24
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=0.0.0.0 secondary-dns=0.0.0.0 allow-remote-requests=no \
cache-size=2048KiB cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m \
inactive-flow-timeout=15s
/ ip address
add address=213.185.129.215/27 network=213.185.129.192 \
broadcast=213.185.129.223 interface=ether1 comment="" disabled=no
add address=192.168.101.1/24 network=192.168.101.0 broadcast=192.168.101.255 \
interface=bridge1 comment="" disabled=no
add address=192.168.99.1/24 network=192.168.99.0 broadcast=192.168.99.255 \
interface=ether2 comment="" disabled=no
/ ip proxy
set enabled=no src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-disk-cache-size=none \
max-ram-cache-size=unlimited cache-only-on-disk=no \
maximal-client-connections=1000 maximal-server-connections=1000 \
max-object-size=4096KiB max-fresh-time=3d
/ ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set wlan1 discover=yes
set wlan2 discover=yes
set vlan2 discover=yes
set vlan1 discover=yes
set vlan77 discover=yes
set bridge1 discover=yes
set vlan5 discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=213.185.129.195 scope=255 target-scope=10 \
comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade comment="" \
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=no
/ ip dhcp-relay
add name="relay1" interface=bridge1 dhcp-server=213.185.129.141 \
delay-threshold=none local-address=192.168.101.1 disabled=no
/ ip dhcp-server
add name="server1" interface=ether2 lease-time=3d address-pool=pool1 \
bootp-support=static disabled=yes
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
add address=192.168.0.254 mac-address=00:40:45:20:E5:D6 \
client-id="1:0:40:45:20:e5:d6" server=server1 comment="" disabled=yes
/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24 \
dns-server=213.185.129.133 dhcp-option=file,ifcp-code,tftp-server \
comment=""
/ ip dhcp-server option
add name="file" code=18 value="master.conf"
add name="ifcp-code" code=120 value="0x00000000"
add name="tftp-server" code=66 value="213.185.129.140"
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
check-interval=1d user=""
/ system clock manual
set time-zone=+00:00 dst-delta=+00:00 dst-start="jan/01/1970 00:00:00" \
dst-end="jan/01/1970 00:00:00"
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes \
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term="" disabled=no
/ system identity
set name="a7"
/ system note
set show-at-login=yes note=""
/ system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
enter-setup-on=any-key cpu-mode=power-save memory-test=no \
cpu-frequency=264MHz boot-protocol=bootp enable-jumper-reset=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ port
set serial0 name="serial0" baud-rate=auto data-bits=8 parity=none stop-bits=1 \
flow-control=hardware
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default \
use-encryption=default only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" use-compression=default \
use-vj-compression=default use-encryption=yes only-one=default \
change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name="default-small" kind=pfifo pfifo-limit=10
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" \
disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!f\
tp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password\
,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
x,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=ether2 only-headers=no memory-limit=10 file-name="" \
file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 \
filter-stream=yes filter-protocol=all-frames \
filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no \
redistribute-static=no redistribute-rip=no redistribute-bgp=no \
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate \
authentication=none prefix-list-import="" prefix-list-export="" \
disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no \
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no \
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 \
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

bump

Hi,

I need a bridge with vlan1 and ether2. Vlan1 is over ether2.

(Yes it's a strange config, but I have equipment which boots
without vlan, get it's vlan via tftp and then runs with vlan.
So I need the Router with the same IP with and without vlan
on the same etherport).

Everytime I enable port ether2 the bridge fails (no ping to a device
on vlan1). Even if I filter all in and out packets to ether2 with
bridge filtering this happens.

Any Idea??

Stefan

Stefan,

As i see it you cannot get VLAN1 traffic out of Ehter2? If this is right, i guess all you need to do is to tag the Bridge with the VLAN1 ID and untag Ether2 unless the device there wants a VLAN tag.. And of course add Ether2 to that bridge.. You only tag what is carrying the VLAN ID.

/Henrik

is there any way for WDS vlan tagging

plaese suggest thanks in advance

It is possible to tag vlans over WDS. Just make the WDS interface the VLAN parent interface. You might want to use a different bridge interface pr vlan-id. It is also possible to bridge vlan tagged packets without configuring a single vlan interface on the unit.

Hi,

I need a bridge with vlan1 and ether2. Vlan1 is over ether2.

(Yes it's a strange config, but I have equipment which boots
without vlan, get it's vlan via tftp and then runs with vlan.
So I need the Router with the same IP with and without vlan
on the same etherport).

Everytime I enable port ether2 the bridge fails (no ping to a device
on vlan1). Even if I filter all in and out packets to ether2 with
bridge filtering this happens.

Any Idea??

Stefan

Stefan,

As i see it you cannot get VLAN1 traffic out of Ehter2? If this is right, i guess all you need to do is to tag the Bridge with the VLAN1 ID and untag Ether2 unless the device there wants a VLAN tag.. And of course add Ether2 to that bridge.. You only tag what is carrying the VLAN ID.

/Henrik

Thanks. This works, but I had strange effects. Seems that for a couple
of seconds packets looped before it works stable.
I've found a solution with the devices so I do not need this bridging
solution.

Stefan

Hi,

I need a bridge with vlan1 and ether2. Vlan1 is over ether2.

(Yes it's a strange config, but I have equipment which boots
without vlan, get it's vlan via tftp and then runs with vlan.
So I need the Router with the same IP with and without vlan
on the same etherport).

Everytime I enable port ether2 the bridge fails (no ping to a device
on vlan1). Even if I filter all in and out packets to ether2 with
bridge filtering this happens.

Any Idea??

Stefan

Dear all,

Now I also have this strange configuration on my wish list.
Can anyone look into this, and see if one can find a solution.??
So one ethernet interface with both untagged and tagged traffic in a bridge.
Perhaps I should disable arp on the vlan interface?
TIA

I solved it with hardware
Just configured 2 accessports on the
switch with both vlans and bridged them with a
patchcable. Never understood why MT-Bridge
does not work in this scenario.

Stefan

because the bridge code would see the vlan tagged packets before the vlan specific code does?
meaning no untagging would be done and bridging based only on destination mac-address would occur.

because the bridge code would see the vlan tagged packets before the vlan specific code does?
meaning no untagging would be done and bridging based only on destination mac-address would occur.

It looked like that. But it was no stable behavior.

Stefan

Hi
On the my network has two Cisco Call Manager, which IP address: 1.2.3.4, 4.3.2.1
Mikrotik DHCP Server how do I set the option 150 so that it will receive from the DHCP IPphones as TFTP1 and TFTP2 value(1.2.3.4, 4.3.2.1). If you specify option 66 more, just use a TFTP server address. If you give the 150 option, then the phones, and the DHCP server IP address TFTP1 server is not good! Thank You! My Router OS 3.30

Hi
On the my network has two Cisco Call Manager, which IP address: 1.2.3.4, 4.3.2.1
Mikrotik DHCP Server how do I set the option 150 so that it will receive from the DHCP IPphones as TFTP1 and TFTP2 value(1.2.3.4, 4.3.2.1). If you specify option 66 more, just use a TFTP server address. If you give the 150 option, then the phones, and the DHCP server IP address TFTP1 server is not good! Thank You! My Router OS 3.30

I am trying to solve this problem here http://forum.mikrotik.com/viewtopic.php?f=2&t=29769

Did you find an answer?