Community discussions

MikroTik App
 
jbfavre
just joined
Topic Author
Posts: 20
Joined: Mon Mar 17, 2014 11:10 am

VLAN configuration & management access

Sat Jan 22, 2022 3:09 pm

Hello,
I've a working setup with one CCR2004 as core router and several RB4011.
Both are linked on sfpplus interfaces, and are running RouterOS 6.49.2.

I also have several vlans I want to propagate on every RB4011
Currently, my setup uses the old way of building vlans, meaning for trunk:
sfpplus1 -> vlanXX -> bridgeXX
         -> vlanXX -> bridgeXX
         -> vlanXX -> bridgeXX
For access port, it's as simple as adding the port into the relevant bridgeXX.
Finally, all traffic goes to CCR2004 which handles inter-VLANs traffic. In my case I want vlan10 to have full access everywhere.

This setup do works, but it requires creating a lot of vlan interfaces (one for each trunk interfaces) without forgetting to add them into relevant bridge.
I wanted to explore the "new" VLAN filtering way.

On the RB4011 I tried:
/interface bridge add name=bridge1 vlan-filtering=no
/ip address add address=172.16.0.2/28 interface=bridge1
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 comment="Trunk port - Uplink to core"
add bridge=bridge1 interface=ether1 pvid=10 comment="Access port - My own Laptop"
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether1 vlan-ids=10 comment="My own vlan"
add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=6666 comment="Router management vlan"
/interface bridge set bridge1 vlan-filtering=yes
Once vlan-filtering is enable, I can:
  • ping any IP on the Internet
  • ping my CCR2004 (which still uses the old way to create vlans, but I'm not sure this is of any importance here)
  • ping everything on my network, BUT the RB4011 own IP address.
I'm for sure missing something, but I can't find what.
I've had a look at https://wiki.mikrotik.com/wiki/Manual:I ... figuration, but this makes me think I can't have both vlan10 & vlan666 on ether1, can I ?

Any advice appreciated,
Best,
JB
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN configuration & management access  [SOLVED]

Sat Jan 22, 2022 3:14 pm

Read through this excellent article.
viewtopic.php?t=143620
 
jbfavre
just joined
Topic Author
Posts: 20
Joined: Mon Mar 17, 2014 11:10 am

Re: VLAN configuration & management access

Sat Jan 22, 2022 4:00 pm

Read through this excellent article.
viewtopic.php?t=143620
Thanks @anav
Will do !
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLAN configuration & management access

Sat Jan 22, 2022 4:35 pm

The only question I have at this point is are you going to use the RBs as routers or simply switches???
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLAN configuration & management access

Sat Jan 22, 2022 7:03 pm

Notice that RB4011 can only use hardware Offloading along with VLANs and VLAN filtering enabled on ROS v7 only ...
I would use CRS3xx as switches for setups with VLANs...
 
jbfavre
just joined
Topic Author
Posts: 20
Joined: Mon Mar 17, 2014 11:10 am

Re: VLAN configuration & management access

Sat Jan 22, 2022 8:56 pm

Read through this excellent article.
viewtopic.php?t=143620
Indeed, this article is simply excellent.
I managed to migrate all my RB4011 & cAPs with very small interruption.
Now will work to migrate my core router the same way :)
Thanks @anav for the link !
 
jbfavre
just joined
Topic Author
Posts: 20
Joined: Mon Mar 17, 2014 11:10 am

Re: VLAN configuration & management access

Sat Jan 22, 2022 8:58 pm

The only question I have at this point is are you going to use the RBs as routers or simply switches???
As routers: I have cAP ac plugged on them, and plan to extend the network a bit further.
So, at some point, vlans won't be propagated everywhere anymore and RB4011 are likely to do some OSPF and something like that.
 
jbfavre
just joined
Topic Author
Posts: 20
Joined: Mon Mar 17, 2014 11:10 am

Re: VLAN configuration & management access

Sat Jan 22, 2022 8:59 pm

Notice that RB4011 can only use hardware Offloading along with VLANs and VLAN filtering enabled on ROS v7 only ...
I would use CRS3xx as switches for setups with VLANs...
Strange, I'm running ROS 6.49.2 and VLAN filtering seems to work.
Will see how it goes.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VLAN configuration & management access

Sun Jan 23, 2022 7:37 pm

Notice that RB4011 can only use hardware Offloading along with VLANs and VLAN filtering enabled on ROS v7 only ...
I would use CRS3xx as switches for setups with VLANs...
Strange, I'm running ROS 6.49.2 and VLAN filtering seems to work.
Will see how it goes.
VLANs sure do work...
Although they are not hardware offloaded to the switch... They are handled by the CPU only...

Who is online

Users browsing this forum: Amijani, CoMMyz, PhillipPer, uxertxo and 81 guests