Community discussions

MikroTik App
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Wed Jan 12, 2022 12:42 pm

Hello, we recently purchased at the distribution level, CRS326-24 S+2 Q+.
I thought I could handle the task of configuring Mikrotik, but unfortunately I didn't succeed.

The thing is, all vlans are created on Cisco. And are forwarded via the Port-channel (2 interface).
Cisco
----------------------------------------------
int Port-channel4
switchport trunk allowed vlan 1,5,11-13,21-23,31-33,41-43,172,200,300
switchport mode trunk
---------------------------------------------
All interfaces are in up.

In Mikrotik, I only learned that it is necessary to connect 2 interfaces via Bonding. With the settings: in Figure 1.
The connection appears and works.
But then I couldn't make friends with Mikrotik and set up interface forwarding through the rest of the interfaces, I need them all to be in trunk.
And so that traffic goes to D-Link.

It might be worth switching to SwOS, but I couldn't set up work there either.
HELP!
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Wed Jan 12, 2022 8:39 pm

Suggest you move to the latest stable 6.X firmware as 6.47 is getting a bit stale.

Take a look at this excellent reference. Post number two describes a switch file.
viewtopic.php?t=143620

Rules of thumb,
All smart devices should be given IPs on trusted vlan subnet.
For the MT device, the trusted vlan is part of the trunk traffic, even if just to carry that to the next smart device.

Seems easy peasy, one bridge
identify all the vlans passing through with interface bridge
two trunk ports in use
not much else..........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Thu Jan 13, 2022 2:21 pm

Thank you for your answer, I don't know English well, so I'm sorry if I misunderstood something.

Based on your recommendation, I have updated Mikrotik to version 6.49.2.
I will attach 1 more file for clarity.
Now my interfaces are turned off because they block dgs-1510.

I need to create vlan interfaces for all vlans and assign them ip addresses on the bridge-trunk?
Next, in the VLANs tab, you need to enable all interfaces and vlans in tagged?
And enable filtering vlan on bridge-trunk?

And in DGS-1510 I need to change the gateways for each vlan to ip Mikrotik.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Thu Jan 13, 2022 3:15 pm

I can help with both types of setups........
The first will be bridge vlan filtering........ the second swos.

First I have to understand you have TWO connections from the cisco side to the MT side and they are supposed to be bonded?
This is a trunk port where multiple vlans are coming through the bonded port correct?
What is the standard of bonding used (as I understand the settings have to be the same on each equipment)?

For the connection(s) to the DLINK switch, bit confusing was your intention to use ONE port from the MT switch to the DLINK switch carrying all the vlans?
OR
Port based vlan on the dlink where each port is VLAN specific and thus a one to one mapping of MT switch port to Dlink switch port... ??.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Fri Jan 14, 2022 4:42 am

Thank you, it would be great if you could help, because I have already tried many ways and could not solve my problem.

I think it's best to use SwOS, since it will be easier to understand what and how, especially since Mikrotik in this case I need only to distribute 10GB over D-Link.

Yes, I have 2 cisco in stack and each with an spf in Mikrotik.
The picture shows the Cisco trunk configuration.
cisco interface.png
And come on SFP-SFP plus 23 and SFP-SFP plus 24 ports.
Related bonding with settings:
settings bonding-cisco.png
On such settings, I can connect to vlan1 Mikrotik to ip 10.50.50.253, but further on, for example, on D-Link with ip 10.50.50.70 or any other, I cannot reach.

Due to the fact that you are thinking about connecting to 1 interface Mikrotik all D-Link, sorry, I have so briefly listed 9 spf interfaces. Of course I connected them to different interfaces.

And the ports that are connected from Mikrotik to D-link must also be trunk with the same vlan as on cisco.

Sorry, maybe I may have a bad English translation.

I will be glad if you and I get to the end and overcome this problem, and I will learn more new things.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Fri Jan 14, 2022 2:31 pm

The issue is I dont put any data on vlan1
It is the default vlanid that should be left alone (it works behind the scenes as a sort of glue)
If and when you want to move the subnet to a different vlan then I can be of help.

Otherwise someone else will have to help.

Also do you have a management or trusted vlan which all devices get their lanip from ??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
aesmith
Member Candidate
Member Candidate
Posts: 260
Joined: Wed Mar 27, 2019 6:43 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Fri Jan 14, 2022 3:27 pm

First I have to understand you have TWO connections from the cisco side to the MT side and they are supposed to be bonded?
This is a trunk port where multiple vlans are coming through the bonded port correct?
What is the standard of bonding used (as I understand the settings have to be the same on each equipment)?

At the Cisco end you should be using LACP, this is controlled by the channel-group line on the member interface for example ..
interface GigabitEthernet1/0/16
 description *** Member of Interface Port Channel 4 ***
 channel-protocol lacp
 channel-group 4 mode active
Obviously configure Mikrotik to match.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sat Jan 15, 2022 4:40 am

I changed it in Cisco to lacp, and tried to connect it, but it didn't help, so far I left it like that.

Regarding the question about vlan 1, yes, I would also like to get rid of it, but I can't configure it so that I can go to the equipment or something else on D-Link.

Vlan 1, I use only for MGMT.

I will be glad if you help me get rid of it.

Vlan 1 is MGMT. Only for me, and the rest of the subnets in the screenshots above are all users, with the exception of vlan5, this is an administrative vlan.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sat Jan 15, 2022 1:51 pm

Okay so vlan 1 carries no data, thats good!
So create another vlan like 99 if you want to use it for managment
OR
A trusted vlan, that your computer or your trusted computer if on another vlan, that you use all the time CAN be your management vlan.

Plus did you ever answer the question between the MT switch and the dlink, is it port mapping or vlans.
In other words is there one trunk port between them as it should, but not clear as your diagram is confusing.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 1:40 am

Sorry for the misunderstanding, all the connections shown in the diagram are physical and they should have a trunk with all the vlans specified above.
If I understood correctly what is "port mapping".

I have created vlan 60 for MNGM. I configured it everywhere and moved Mikrotik and D-Link to this vlan.

I tried to turn on the link again, but it still doesn't work =(, I don't understand what can interfere
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 4:45 pm

Assumptions: Vlan1 is no longer carrying data so vlan 60 is now associated with 10.50.50.253

Sfp1-9 are going to SFP51-59 on the DLINK
Each SFP will carry one or more vlans.

PORTS
NAMES
spf23 - FROM CISCO MAIN
spf24 - FROM CISCO 2
SFP1 - TO DLINK SFP51
SFP2 - TO DLINK SFP52
SFP3 - TO DLINK SFP53
etc...

VLAN
ALL PORTS ARE TRUNK PORTS............... ( valid for 1-9 and 23,24 )
VLAN MODE - ENABLED
VLAN RECEIVE - ANY
DEFAULT VLAN ID - 1
EGRESS - Leave as is.

VLANS
PER ID
Vlan1 - LEAVE AS IS all ports
Vlan 66 - LEAVE AS IS TO SPF51 Not a member for rest........ (management vlan)
VLAN5 - LEAVE AS IS to SPF52 Not a member for rest
VLANS11-13 - Leave as is for SPF53 Not a member for rest...
etc.......


LAG Setting, never used it before so this is the tricky part for me,
Assuming using the same standard as CISCO?
Try setting both to active on the MT, if that doesn work make one active and the other passive etc...
Your guess is as good as mine here......

Good luck.............
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 4:55 pm

DLINK................
802.1q VLAN
Need to define vlans 5,11-13, etc. and dont forget 60!
(Note: vlan1 is there by default)

VLAN INTERFACE
Etherports spf51-59 apply
ALL TRUNKS
ALL INGRESS CHECKING enabled
Acceptable frame types - ADMIT ALL (safer for now, should work with only tagged)
Later test if works if change type to admit tagged only for ONE of the ports and if okay make change to all ports..............

VLAN DETAIL
Etherport sfp51
Vlan mode - Trunk
Native VLAN - 1
trunk Allowed Vlans - 66
ingress checking enabled
Acceptable frame type - admit all

Etherport spf52 - same as above except
trunk allowed vlans - 5

Etherport spf53 - same as above except
trunk allowed vlans - 11,12,13

etc..........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 10:13 pm

Thank you for your answer, let's start with the fact that I already have it set up, sorry I didn't tell you about it right away.

Firstly, from Cisco to Mikrotik, as I understand it, there is full access to all vlans, the connection is fully working, because I can log on to Mikrotik over the network.

Next, I would like to correct you a little, I use interfaces a little differently:

Mikrotik-spf-01 -> D-Link-01-spf54 | trunk
Mikrotik-spf-02 -> D-Link-02-spf54 | trunk
Mikrotik-spf-03 -> D-Link-03-spf54 | trunk
Mikrotik-spf-04 -> D-Link-04-spf54 | trunk
Mikrotik-spf-05 -> D-Link-05-spf54 | trunk
Mikrotik-spf-06 -> D-Link-06-spf54 | trunk
Mikrotik-spf-07 -> D-Link-07-spf54 | trunk
Mikrotik-spf-08 -> D-Link-08-spf54 | trunk
Mikrotik-spf-09 -> D-Link-09-spf54 | trunk

Something like that.
And the same vlans must pass through these connections 1,5,11-13,21-23,31-33,41-43,60,172,200,300
First I will attach screenshots from the Mikrotik development:

settings bridge
settings bridge.png
settings vlan
settings vlan.png
settings-bonding
settings-bonding.png
settings-ports
settings-ports.png
settings-vlans-bridge
settings-vlans-bridge.png
settings-msti
settings-msti.png
interface mikrotik
interface-mikrotik.png
I use MSTI for VLAN. Since in college conditions it is necessary to use more than 2000 VLANs.

Next, D-Link, there I also configured MMS, configured the vlan 60 network interface, made a standard gateway (0.0.0.0)

I configured the interface to trunk, skipping all packets, and also allowed all vlans.

settings-vlan-D-link
settings-vlan-D-link.png
settings-port-trunk D-link
settings-port-trunk D-link.png
settings-mstp-d-link
settings-mstp-d-link.png
settings-msti-vid D-link
settings-msti-vid D-link.png
settings-int-vlan60-ip D-link
settings-int-vlan60-ip D-link.png
default-gateway D-link
default-gateway D-link.png
route D-link
route D-link.png
mtu D-link
mtu D-link.png
If I didn't notice something, please unsubscribe, I just work mainly with Cisco, everything seems easier there somehow.
I remind you that my interfaces are now turned off because they block access.
You do not have the required permissions to view the files attached to this post.
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 10:26 pm

Why does the switch have 18 different /interface vlans? Does it really need to have an IP address on all 18 VLANs? Normally a switch used in a layer 2 scenario will only need an IP on one VLAN. It is the same as vlan interfaces on Cisco, where you define vlans for all VLANs that will carry traffic but only define a VLAN interface for those VLANs that the switch itself needs to have an IP on.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11816
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 10:27 pm

Sorry, WAY WAY over my head, not a beginner thread LOL.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Sun Jan 16, 2022 10:32 pm

Under bridge->VLANs the normal configuration is to have a separate entry for each VLAN and not have all VLANs crammed into one entry like that. Putting all VLANs into one single entry can work but it doesn't give you any control over which VLANs get passed to which ports, you are stuck dealing with all VLANs as a single unit. It also doesn't give you control over which VLANs are tagged or untagged - everything is either tagged or everything is not tagged. In your case you've told it to tag all VLANs including VLAN 1.

Also on the D-Link you seem to have VLAN 1 configured as native VLAN so it is untagged, but on the MikroTik you have configured VLAN 1 to be tagged on all ports? This seems a little strange - it is unusual to have VLAN 1 tagged as many switches expect VLAN 1 to be always untagged, especially if it is set as the native VLAN.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 1:29 pm

Why does the switch have 18 different /interface vlans? Does it really need to have an IP address on all 18 VLANs? Normally a switch used in a layer 2 scenario will only need an IP on one VLAN. It is the same as vlan interfaces on Cisco, where you define vlans for all VLANs that will carry traffic but only define a VLAN interface for those VLANs that the switch itself needs to have an IP on.
I only use vlan 60 on D-link with an ip address, sorry for the Russian interface.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 1:32 pm

Under bridge->VLANs the normal configuration is to have a separate entry for each VLAN and not have all VLANs crammed into one entry like that. Putting all VLANs into one single entry can work but it doesn't give you any control over which VLANs get passed to which ports, you are stuck dealing with all VLANs as a single unit. It also doesn't give you control over which VLANs are tagged or untagged - everything is either tagged or everything is not tagged. In your case you've told it to tag all VLANs including VLAN 1.

Also on the D-Link you seem to have VLAN 1 configured as native VLAN so it is untagged, but on the MikroTik you have configured VLAN 1 to be tagged on all ports? This seems a little strange - it is unusual to have VLAN 1 tagged as many switches expect VLAN 1 to be always untagged, especially if it is set as the native VLAN.
I wrote in this post above that I changed MGMT VLAN 1 to VLAN 60.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 1:39 pm

Under bridge->VLANs the normal configuration is to have a separate entry for each VLAN and not have all VLANs crammed into one entry like that. Putting all VLANs into one single entry can work but it doesn't give you any control over which VLANs get passed to which ports, you are stuck dealing with all VLANs as a single unit. It also doesn't give you control over which VLANs are tagged or untagged - everything is either tagged or everything is not tagged. In your case you've told it to tag all VLANs including VLAN 1.

Also on the D-Link you seem to have VLAN 1 configured as native VLAN so it is untagged, but on the MikroTik you have configured VLAN 1 to be tagged on all ports? This seems a little strange - it is unusual to have VLAN 1 tagged as many switches expect VLAN 1 to be always untagged, especially if it is set as the native VLAN.
I understand that I can split VLANs into different bridges, but I don't need it right now and the problem is that I can't push traffic from cisco to D-Link, via Mikrotik. Even with such a simple and open setup. I do this on purpose because I don't see the point in configuring further if I can't link 3 switches to each other. And this makes me very sad. I really don't understand why traffic just isn't shifted to Mikrotik interfaces, and when I log on to Mikrotik, it sees vlans and hosts from other switches.
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 3:58 pm

I understand that I can split VLANs into different bridges,
No, no no. You are completely misunderstanding me. You should never have more than one bridge on a MikroTik switch as only the first bridge will be hardware offloaded.

I think you wanted to define 18 different VLANs. Instead what you have done is created a single VLAN that has 18 different VLAN IDs. This is an oversimplification, but I do not think you would understand the more complex answer given that you have not understood anything I have said so far.

Under bridge->VLANs you should have 18 different entries, one for each of your VLANs. Instead you have just one. It can work but you lose all control over what VLANs are allowed to which ports and also you are forced to connect all VLANs to the router CPU.
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 4:00 pm

I only use vlan 60 on D-link with an ip address, sorry for the Russian interface.
I'm not talking about the D-Link! I'm talking about the MikroTik. You've created 18 different VLAN interfaces. The only reason you would ever want to do this is if the MikroTik switch needs 18 IP addresses, one on each VLAN. Does the MikroTik switch need 18 IP addresses??? It is a simple yes or no answer. Do not answer with "The Dlink is on VLAN 60".
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Mon Jan 17, 2022 4:09 pm

I see a problem in your MSTP configuration above. The region name and region revision should exactly match on all switches on your network (Cisco, Dlink, MikroTik)

On the D-Link you have configured an MSTP region name of D-Link-07 with a revision of 1 and on the MikroTik you've configured a region name of "vlan1" with a revision of 1. This won't work because the region names don't match. You have to change the MST region name of all of the D-Links to "D-Link-07" and the Ciscos also to "D-Link-07" and the MikroTik to "D-Link-07". If you want "D-Link-07" to be your region name for the entire company, it has to be set the same on all switches, and you have to make sure they are all set for revision 1.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Tue Jan 18, 2022 9:29 am

Thanks for your messages, I changed the MSTI. Name "CORE", revision "1".
msti-cisco.png
I also changed bridge->vlans to different ones.
bridge-vlans.png
Also changed everything to the standard bridge.
bridge-ports.png
I created vlan interfaces because I thought it was necessary, and so I use only vlan 60 to log in to mikrotik. If they are not needed for routing, I can delete them.
You do not have the required permissions to view the files attached to this post.
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Tue Jan 18, 2022 6:37 pm

That configuration is much better.

If this is intended to be a layer 2 switch (access layer), there is generally not a good reason to give the switch an IP on other VLANs besides the one that will be used for management of the switch, and in that case the extra VLAN interfaces are unnecessary.

If this is intended to be a layer 3 switch (distribution layer), meaning it will perform inter-VLAN routing between your VLANs, then of course this will need a VLAN interface for each VLAN, except for your native VLAN (normally VLAN 1). However, this will not result in satisfactory performance unless you are running RouterOS v7 which can do hardware offloaded layer 3 switching. On RouterOS v6 this will be handled by the very weak CPU of the device and it will easily become overwhelmed.

If VLAN 1 is your native VLAN on Cisco and D-Link, you should delete the Bridge->VLANs entry for VLAN 1. You will find once you delete it, you get a dynamically created VLAN 1 entry in its place due to the PVID setting for both the bridge and the bridge ports.

Also, you should only need to have "bridge" as a tagged port for those VLANs that have VLAN interfaces added. Adding "bridge" itself as tagged is how you tell the router "I want to connect this bridge vlan with the VLAN interface matching the same ID". On Cisco this connection between VLANs and VLAN interfaces is automatic, on MikroTik you add bridge as tagged for the VLANs that need to be connected up to certain VLAN interfaces. Again on a layer 2 switch scenario, you will generally only need one VLAN interface (for your management VLAN) and therefore only that bridge->VLAN needs to have "bridge" itself as a tagged port.

You should also add your D-Link ports (sfp-D-link-xx) as tagged probably for those VLANs and then you should find that you have proper traffic passing from Cisco<-->MikroTik<-->Dlink as long as your MST region name and region revision number are matching on all devices.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Wed Jan 19, 2022 5:46 am

This switch will not route, so it would probably be correct to say that it will work for access.

According to the last paragraph, should I do this? for each vlan.
bridge VLANs.png
I'm sorry I didn't really understand paragraph 4, correct it if it's not. I need to do as shown in the screenshot above for L2 switch.
I already had it set up like this, it still doesn't work. Sorry.
You do not have the required permissions to view the files attached to this post.
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Wed Jan 19, 2022 10:33 pm

According to the last paragraph, should I do this? for each vlan.
Yes, except for one thing. Under "tagged" you have "bridge" as a port. This is necessary for VLAN 60 on which the device will have an IP, but should be avoided on all other VLANs. Having "bridge" itself as "tagged" for a VLAN means that it creates a pathway from that VLAN to the router CPU, and this pathway is only needed for access to the IP (i.e. the VLAN interface). Having "bridge" added as a "tagged" port for VLANs that do not need it increases the chances of some kind of packet storm (like a broadcast storm) overwhelming the router CPU as you are creating a pathway to the CPU for VLANs that do not require this pathway if the device doesn't have an IP on that VLAN.

Also you should delete the bridge->VLANs entry for VLAN 1 as it will be created dynamically with the correct settings anyway (if you haven't already deleted it).

If you do all of this and it still doesn't work, the issue is almost certainly on the Cisco or Dlink side and not the MikroTik. If you do an /export hide-sensitive from the command line and paste the result in here we can look at the entire configuration in some case some weird setting was changed somewhere, but I doubt this will be the case.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Thu Jan 20, 2022 4:37 am

Unfortunately, it didn't work, I tried to reboot and so on. Previously, I just had connections from cisco to D-Link. And it worked, but we were not satisfied with the speed up to D-Link, for scanning OS images, because of this we bought Mikrotik. If everything is fine here, I will go to the D-Link forum. I think it's still something with D-Link.

# jan/20/2022 07:30:38 by RouterOS 6.49.2
# software id = JJ57-1PR5
#
# model = CRS326-24S+2Q+
# serial number = D84E0F08A6E8
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-01
set [ find default-name=sfp-sfpplus2 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-02
set [ find default-name=sfp-sfpplus3 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-03
set [ find default-name=sfp-sfpplus4 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-04
set [ find default-name=sfp-sfpplus5 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-05
set [ find default-name=sfp-sfpplus6 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-06
set [ find default-name=sfp-sfpplus7 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-07
set [ find default-name=sfp-sfpplus8 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-08
set [ find default-name=sfp-sfpplus9 ] advertise="10M-half,10M-full,100M-half,\
100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
disabled=yes l2mtu=9198 name=sfp-D-link-09
set [ find default-name=sfp-sfpplus23 ] advertise="10M-half,10M-full,100M-half\
,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
l2mtu=9198
set [ find default-name=sfp-sfpplus24 ] advertise="10M-half,10M-full,100M-half\
,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" \
l2mtu=9198
set [ find default-name=qsfpplus1-1 ] disabled=yes name=zqsfpplus1-1
set [ find default-name=qsfpplus1-2 ] disabled=yes name=zqsfpplus1-2
set [ find default-name=qsfpplus1-3 ] disabled=yes name=zqsfpplus1-3
set [ find default-name=qsfpplus1-4 ] disabled=yes name=zqsfpplus1-4
set [ find default-name=qsfpplus2-1 ] disabled=yes name=zqsfpplus2-1
set [ find default-name=qsfpplus2-2 ] disabled=yes name=zqsfpplus2-2
set [ find default-name=qsfpplus2-3 ] disabled=yes name=zqsfpplus2-3
set [ find default-name=qsfpplus2-4 ] disabled=yes name=zqsfpplus2-4
set [ find default-name=sfp-sfpplus10 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus10
set [ find default-name=sfp-sfpplus11 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus11
set [ find default-name=sfp-sfpplus12 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus12
set [ find default-name=sfp-sfpplus13 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus13
set [ find default-name=sfp-sfpplus14 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus14
set [ find default-name=sfp-sfpplus15 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus15
set [ find default-name=sfp-sfpplus16 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus16
set [ find default-name=sfp-sfpplus17 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus17
set [ find default-name=sfp-sfpplus18 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus18
set [ find default-name=sfp-sfpplus19 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus19
set [ find default-name=sfp-sfpplus20 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus20
set [ find default-name=sfp-sfpplus21 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus21
set [ find default-name=sfp-sfpplus22 ] disabled=yes l2mtu=9198 name=\
zsfp-sfpplus22
/interface bridge
add admin-mac=DC:2C:6E:4D:FD:FA auto-mac=no comment=defconf name=bridge \
priority=0x9000 protocol-mode=mstp region-name=CORE region-revision=1 \
vlan-filtering=yes
add name=bridge-eth
/interface vlan
add interface=bridge name=VLAN-60 vlan-id=60
/interface bonding
add mode=802.3ad name=bonding-cisco slaves=sfp-sfpplus24,sfp-sfpplus23
/interface list
add name=WAN
add name=LAN
/interface bridge msti
add bridge=bridge identifier=1 priority=0x9000 vlan-mapping=\
1,5,11-13,21-23,31-33,41-43,60,172,200,300
/interface bridge port
add bridge=bridge-eth comment=defconf interface=ether1
add bridge=bridge interface=bonding-cisco
add bridge=bridge interface=sfp-D-link-01
add bridge=bridge interface=sfp-D-link-02
add bridge=bridge interface=sfp-D-link-03
add bridge=bridge interface=sfp-D-link-04
add bridge=bridge interface=sfp-D-link-05
add bridge=bridge interface=sfp-D-link-06
add bridge=bridge interface=sfp-D-link-07
add bridge=bridge interface=sfp-D-link-08
add bridge=bridge interface=sfp-D-link-09
/interface bridge vlan
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=5
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=11
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=12
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=13
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=21
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=22
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=23
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=31
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=32
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=33
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=41
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=42
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=43
add bridge=bridge tagged="bonding-cisco,bridge,sfp-D-link-01,sfp-D-link-02,sfp\
-D-link-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-l\
ink-08,sfp-D-link-09" vlan-ids=60
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=172
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=200
add bridge=bridge tagged="bonding-cisco,sfp-D-link-01,sfp-D-link-02,sfp-D-link\
-03,sfp-D-link-04,sfp-D-link-05,sfp-D-link-06,sfp-D-link-07,sfp-D-link-08,\
sfp-D-link-09" vlan-ids=300
/interface list member
add interface=ether1 list=WAN
add interface=sfp-D-link-01 list=LAN
add interface=sfp-D-link-02 list=LAN
add interface=sfp-D-link-03 list=LAN
add interface=sfp-D-link-04 list=LAN
add interface=sfp-D-link-05 list=LAN
add interface=sfp-D-link-06 list=LAN
add interface=sfp-D-link-07 list=LAN
add interface=sfp-D-link-08 list=LAN
add interface=sfp-D-link-09 list=LAN
add interface=zsfp-sfpplus10 list=LAN
add interface=zsfp-sfpplus11 list=LAN
add interface=zsfp-sfpplus12 list=LAN
add interface=zsfp-sfpplus13 list=LAN
add interface=zsfp-sfpplus14 list=LAN
add interface=zsfp-sfpplus15 list=LAN
add interface=zsfp-sfpplus16 list=LAN
add interface=zsfp-sfpplus17 list=LAN
add interface=zsfp-sfpplus18 list=LAN
add interface=zsfp-sfpplus19 list=LAN
add interface=zsfp-sfpplus20 list=LAN
add interface=zsfp-sfpplus21 list=LAN
add interface=zsfp-sfpplus22 list=LAN
add interface=sfp-sfpplus23 list=LAN
add interface=sfp-sfpplus24 list=LAN
add list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge-eth network=\
192.168.88.0
add address=10.60.60.253/24 interface=VLAN-60 network=10.60.60.0
/ip dns
set servers=10.14.206.251
/ip ipsec policy
set 0 disabled=yes
/ip route
add distance=1 gateway=10.60.60.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set winbox disabled=yes
/system clock
set time-zone-name=Asia/Yekaterinburg
/system routerboard settings
set baud-rate=9600 boot-os=router-os
/system swos
set address-acquisition-mode=static allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,\
p9,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27\
,p28,p29,p30,p31,p32" allow-from-vlan=1 identity=it-ktk-sw-port-0 \
static-ip-address=10.50.50.6
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Thu Jan 20, 2022 4:11 pm

Everything is correct and standard with that configuration. To troubleshoot further at this point, I would try doing ping tests on VLAN 60 to the Cisco and Dlink from the MikroTik to help narrow down where the problem is.
 
laitsss
just joined
Topic Author
Posts: 14
Joined: Wed Jan 12, 2022 12:22 pm

Re: CRS326-24S+2Q+; Cisco 9300; D-Link DGS-1510-52X; TRUNK VLANs

Fri Jan 21, 2022 5:19 am

I'll start with the fact that now the traffic goes directly from Cisco to D-Link. And when the interfaces from Mikrotik to D-Link are disabled, the ping goes.

But as soon as I turn off the traffic from Cisco to D-Link, and turn on the interfaces on Mikrotik, even restarting them, D-Link does not connect and there is no traffic.

I have suspicions that the D-Link interface is not working correctly, or the sfp module.

Who is online

Users browsing this forum: Bing [Bot] and 22 guests