Community discussions

MikroTik App
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

hAP ac² Switch VLAN not working correctly

Fri Nov 26, 2021 4:17 pm

I have noted that on any of the rOS v7.1 the function of the switch vlan is not woking.
I'm unable to make a specific port(eth3) untagged for a vlan (88).
When I try I still get all the vlans tagged on that port

Config below:
/interface bridge
add name=br-lan
/interface bridge port
add bridge=br-lan interface=ether1
add bridge=br-lan edge=yes interface=ether3
add bridge=br-lan interface=ether4
...
add bridge=br-lan interface=ether2
/interface ethernet switch vlan
...
add independent-learning=no ports=ether1,ether2,ether3,switch1-cpu switch=switch1 vlan-id=88
...
/interface ethernet switch port
set 2 default-vlan-id=88 vlan-mode=secure
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Nov 26, 2021 8:41 pm

/interface ethernet switch port has property vlan-header. Its setting is not shown in your config export meaning it's set to default value. Documentation states that default value is "leave-as-is" which is suitable setting for hybrid port. But default may have changed in v7 ... so do /interface ethernet switch port export verbose (/interface ethernet switch port print detail) or to verify actual setting (behaviour you described corresponds to setting vlan-header=add-if-missing).
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Nov 26, 2021 9:38 pm

Using the verbose, the default is "vlan-header=leave-as-is" as you can see below:
/interface ethernet switch port
...
set 2 default-vlan-id=88 vlan-header=leave-as-is vlan-mode=secure
...
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: hAP ac² Switch VLAN not working correctly

Sun Nov 28, 2021 6:35 pm

I have noted that on any of the rOS v7.1 the function of the switch vlan is not woking.
If i remember correctly ... cpu port need to be set to "secure" to switch start to work
at least in v6

but maybe i am wrong
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Dec 03, 2021 1:27 am

I tried your suggestion, and notthing, it still ignores any configuration on the switch menu.
this also applies to the "new" 7.1-testing released on 02/12
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Dec 03, 2021 9:21 am

Do you have any configuration related to VLANs done under /interface bridge? In ROSv6 it was possible to mix things, but sometimes things broke in some random ways so it's better not to mix settings.
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Dec 03, 2021 1:38 pm

I've tried both with config there and not. it does not change anything...
 
rplant
Member Candidate
Member Candidate
Posts: 287
Joined: Fri Sep 29, 2017 11:42 am

Re: hAP ac² Switch VLAN not working correctly

Sun Dec 05, 2021 7:57 am

I tried this on 7.1RC4 and it seemed to work ok.
A bit of effort to figure this out though...

There are some issues.

You need to have a vlan with the correct vlan id (and an ip address) eg. vlan88 attached somewhere, if you want
the router to be able to communicate with devices on vlan 88. br-lan is likely the best place.
If you attach it direct to a port, you can only communicate with devices on that port.

port 3 will seen untagged stuff from 2 vlans, but can only connect to one of them (88)

** PROBABLY DONT DO THIS BELOW **
An option to remove 2nd untagged vlan stuff from port3:
(But causes high CPU when putting traffic through it) :(
Remove port 3 from bridge.

Create a new bridge, bridge 88
Assign vlan 88 address, dhcp server, etc to this bridge (Removing from above vlan object)
Connect above vlan object as a port on bridge88. (Other end remains attached to bridge)
Create a new vlan object also with vlan id of 88 (vlan88-2)
Attach vlan88-2 to ethernet port 3
Connect vlan88-2 as a port on bridge88
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Sun Dec 05, 2021 8:38 pm

Maybe you misunderstood me,

I need to use the hAP ac2 as two things:
- Switch: tagged traffic from ether1, needs to go to ether20, but I need one untagged vlan 88 port e.g. ether3.
- AP: multiple SSIDs, each on one vlan.

What I get on ether3 is all vlans, still tagged, and no untagged traffic works. bridge vlan filtering does not work for me, as it kills the ability to switch at line rate, I cannot get gigabit speeds within my LAN and my IPTV starts to drop packets and artefacts are presented on the TV's. From Mikrotik's documentation, the switch on the hAP ac2 is capable of doing vlan "filtering" in hardware, by using the "Switch" menu.

P.S. I'm not doing any routing on the hAP ac2.
 
rplant
Member Candidate
Member Candidate
Posts: 287
Joined: Fri Sep 29, 2017 11:42 am

Re: hAP ac² Switch VLAN not working correctly

Mon Dec 06, 2021 12:07 am


What I get on ether3 is all vlans, still tagged, and no untagged traffic works. bridge vlan filtering does not work for me, as it kills the ability to switch at line rate, I cannot get gigabit speeds within my LAN and my IPTV starts to drop packets and artefacts are presented on the TV's. From Mikrotik's documentation, the switch on the hAP ac2 is capable of doing vlan "filtering" in hardware, by using the "Switch" menu.
Hi, I did similar to this (but only 1 other vlan, vlan 19), and was getting untagged packets (ex vlan 88, and bridge native) and tagged packets from vlan 19 on the port I marked
with vlan 88 as default vlan id. Note: you cannot use the hap ac2 to (correctly) view the ethernet packets.
It maybe all seems a bit fragile though. (Maybe more vlans breaks it, I don't know)
My vlan 88 is setup as follows;

bridge88 with attached ip address for vlan88 + dhcp for vlan88
bridge88 port -> vlan88 (vlan interface)
bridge88 port -> wifi ssid
vlan88 (vlan interface) attached to (main) bridge

Then switch rules much as per your example.
 
rplant
Member Candidate
Member Candidate
Posts: 287
Joined: Fri Sep 29, 2017 11:42 am

Re: hAP ac² Switch VLAN not working correctly

Tue Dec 07, 2021 1:56 am

One other possibility.

Perhaps vlan88 traffic is somehow getting tagged twice on its way to the hapac2 ??

Sorry, nothing else.
 
ath
just joined
Posts: 18
Joined: Thu May 12, 2016 4:17 am
Location: Melbourne, VIC

Re: hAP ac² Switch VLAN not working correctly

Fri Dec 17, 2021 2:58 am

I confirm this behaviour on an RB2011.

Setting the (interface/ethernet/switch/port) vlan-header parameter to leave-as-is yields the same results as add-if-missing: VLAN tags are not removed from outgoing packets that match a port's default-vlan-id.

In addition, the (interface/ethernet/switch/vlan) independent-learning parameter does not appear to do anything.
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Fri Dec 17, 2021 12:08 pm

The RB2011 have the same switch chip on the firsts 5 ports and the sfp that the hAP ac2 have, the Atheros8327, so it may be a issue affecting all models using the same chip.
 
jookraw
Member Candidate
Member Candidate
Topic Author
Posts: 143
Joined: Mon Aug 19, 2019 3:06 pm

Re: hAP ac² Switch VLAN not working correctly

Mon Jan 10, 2022 5:38 pm

I've tested today on rOS 7.2rc1 and it seems to work correctly.

P.S. the trunk ports are configured as vlan mode= secure
 
accarda
Member Candidate
Member Candidate
Posts: 208
Joined: Fri Apr 05, 2019 4:06 pm
Location: Italy

Re: hAP ac² Switch VLAN not working correctly

Sat Jan 22, 2022 8:58 am

I can tell you that the switch chip VLAN setup works also on ros v7.1.1 as I’m using it on both hAP AC2/AC3 with Ethernet ports and WLAN virtual ssid.

Who is online

Users browsing this forum: No registered users and 17 guests