Simple VLAN config doesn't work on a virtualized x86 routeros

stigger · Sat Jan 01, 2022 10:29 pm

I'm currently evaluating a virtualized x86 routeros and trying to set up a connection to my ISP, which requires a pppoe connection over a VLAN.

So, starting with the simplest configuration (ether1 is a real Intel I210 NIC connected via PCI-passthrough):

# jan/01/2022 19:56:49 by RouterOS 7.2rc1
#
/interface vlan
add interface=ether1 name=vlan1 vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ip cloud
set update-time=no

After that I'm doing

/interface/pppoe-client/scan vlan1

and sniffing ether1 locally, as well as monitoring a mirrored port on the switch. In the local capture I see PADI requests sent over the VLAN, but no response. In the capture from the switch there's absolutely nothing.

OK, instead of a simple VLAN let's try a bridge VLAN filtering config:

/interface bridge
add name=bridge1 pvid=40 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=40

/interface/pppoe-client/scan bridge1

works perfectly and shows responses, which are visible in the both captures as well.

Let's try a configuration with a tagged vlan on the bridge interface:

/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=40
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=40

Trying

/interface/pppoe-client/scan vlan2

, doesn't work, same as the first config: requests are visible in the local capture, but not visible on the switch.

So, why untagged bridge VLAN filtering works, but nothing else does? I need to set up multiple VLANs, so the working config with the untagged bridge is not an option.

emunt6 · Sun Jan 16, 2022 3:41 pm

Hi!

This workaround maybe helps you,
Create a bridge interface and assign the vlan interface to it, use the bridge interface for the pppoe service.
( The bridge interface dont need any filtering, pvid, ... simple bridge ).

Example:
> bridge2
> member eth1.100

pppoe client interface=bridge2

sindy · Sun Jan 16, 2022 4:11 pm

So, why untagged bridge VLAN filtering works, but nothing else does? I need to set up multiple VLANs, so the working config with the untagged bridge is not an option.

It may be a matter of settings of the virtualisation platform, and these differ significantly between platforms. On Hyper-V, you need to permit use of individual VLANs on the interfaces of the virtual switches using Powershell (GUI is not sufficient) and also in RouterOS, vlan-filtering must be set to yes, but that's what you already do.

stigger · Sun Jan 16, 2022 5:27 pm

It may be a matter of settings of the virtualisation platform, and these differ significantly between platforms. On Hyper-V, you need to permit use of individual VLANs on the interfaces of the virtual switches using Powershell (GUI is not sufficient) and also in RouterOS, vlan-filtering must be set to yes, but that's what you already do.

No, it's something else. I use KVM and the ethernet adapter is attached to the VM as PCI-passthrough: routeros uses its own Intel driver and fully manages the device. Besides, pfsense works fine with the identical configuration.

Simple VLAN config doesn't work on a virtualized x86 routeros

Simple VLAN config doesn't work on a virtualized x86 routeros

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Re: Simple VLAN config doesn't work on a virtualized x86 routeros

Who is online