Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Bridge VLAN egress does not strip tag RB5009 7.1.1  [SOLVED]

Post Reply
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

Bridge VLAN egress does not strip tag RB5009 7.1.1

Fri Jan 28, 2022 10:53 pm

Hi!

I've been trying to get my RB5009 configured properly for many days now and I'm so close but there is still a problem.
I would greatly appreciate any pointers about what to try next.


Configuration:
Bridge with VLAN 20 as my WAN
Bridge Port ether2 belongs to VLAN 20 as untagged

Problem:
Egress on ether2 has the VLAN 20 tag, even though ether2 is displayed as "Currently Untagged" in Bridge VLANs.
Ingress to ether2 does not have a VLAN tag and it is received properly.

If I disable strict VLAN filtering on the next switch connected to ether2 my system works properly.
When the next switch only allows untagged traffic my system does not work.

I enabled Packet Sniffer on ether2 and using Wireshark I can see that all egress packets are VLAN tagged.
Screenshots below.


Bridge, Bridge Port ether2 and Bridge VLAN 20 configuration:
bridge bridge port and bridge vlan.jpg

Packet Sniffer on ether2 opened with Wireshark shows egress packet is VLAN tagged:
wireshark ether2 tagged egress.jpg

Untagged response to the previous packet:
wireshark ether2 untagged ingress.jpg


Please let me know if there is a setting I'm still missing.
To rule out 7.1.1 bugs, I have also tested on 7.2rc1 and now 7.2rc3.
Both rc releases mention bridges and vlans, but the do not fix my issue.

-Mikko
You do not have the required permissions to view the files attached to this post.
Top
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sat Jan 29, 2022 8:47 pm

I have many questions, but to begin with, why your WAN port is inside the Bridge interface ? Maybe your ether2 is your Trunk port ? But you name it as WAN ? If it is your Trunk port why you need to pass untagged traffic and not tagged ? How is the port on the switch where ether2 is connected to configured ?
Maybe if you provide a network diagram would help first understand what the topology is... and then we could see the configuration ....
Top
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sat Jan 29, 2022 10:42 pm

Thank you for trying to understand my problem.
I now see how it is very difficult to understand without a diagram. Here is my network in three situations. My previous network, what I'm trying to achieve with the new router and what works now. I have highlighted the current problem in red.
Network diagram.png
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sat Jan 29, 2022 11:21 pm

First forget vlan1, dont use it, its the default vlan id of the bridge and should be left alone (not carry any data etc.).

Add bridge
Add vlans assign to bridge
Set bridge ports
Set Bridge vlans
associated firewall rules
done

As per this link; viewtopic.php?t=143620
Top
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sun Jan 30, 2022 10:12 pm

Thank you.
I reset the configuration and started from scratch. I followed your instructions and used multiple example files from the VLAN thread.
Here are my exact steps. I used the default configuration as a base.

Code: Select all
#Change to my subnet and disable DHCP
/ip/address/
add address=10.10.10.4/24 network=10.10.10.0 interface=bridge
remove numbers=0
/ip/dhcp-server/disable defconf

#Add VLANs and assign to bridge
/interface/vlan/
add interface=bridge name=VLAN10_LAN vlan-id=10
add interface=bridge name=VLAN20_WAN vlan-id=20

#Set bridge ports
/interface/bridge/port/
set bridge=bridge interface=ether2 pvid=20 numbers=0
set bridge=bridge interface=ether8 pvid=10 numbers=6

#Set bridge VLANs
/interface/bridge/vlan/
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=20
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10

#Set interface list WAN to VLAN20_WAN
/interface/list/
#This I messed up with command line but fixed in WinBox
add interface=VLAN20_WAN list=WAN

#Change WAN DHCP client from ether1 to VLAN20_WAN
/ip/dhcp-client/
set ether1 interface=VLAN20_WAN

#Enable VLAN filtering on the bridge
/interface/bridge/set bridge vlan-filtering=yes

#Enabled DHCP server for VLAN10_LAN to make packet capture easier

#Configure packet sniffer
/tool/sniffer/
set filter-interface=ether2 streaming-enabled=yes streaming-server=10.10.88.254
start

#Ping public IP and capture in WireShark
/tool/ping 8.8.8.8

Result is same behavior as before. Packets exiting ether2 are tagged with VLAN20, even though bridge VLANs lists ether2 as "Currently Untagged".
I tried to disable fasttrack in the firewall but it had no effect.
Any idea what the problem could be?

wireshark egress packet.jpg

bridge interface port and vlan.jpg
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11582
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sun Jan 30, 2022 10:22 pm

The last comnand is missing:
Code: Select all
/interface/bridge
set [ find name=bridge ] vlan-filtering=yes

Without it bridge doesn't do anything about VLAN tags.
Top
 
mike7
just joined
Posts: 12
Joined: Sun Oct 28, 2018 12:20 am

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1  [SOLVED]

Sun Jan 30, 2022 10:40 pm

Thank you.
I reset the configuration and started from scratch. I followed your instructions and used multiple example files from the VLAN thread.
Here are my exact steps. I used the default configuration as a base.
Try to disable hardware offload on all bridge ports. With this you can check you config in software mode.
I have some issues with the switch in RB5009 (still investigating).
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Sun Jan 30, 2022 11:46 pm

Why is your WAN on the bridge (aka vlan20)?
Top
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Tue Feb 01, 2022 9:20 pm

Try to disable hardware offload on all bridge ports. With this you can check you config in software mode.
I have some issues with the switch in RB5009 (still investigating).

Great, disabling hardware offloading did resolve the issue!
I was not able to find this exact issue in the "RouterOS beta and rc versions" forum.
As it looks like I have discovered reproduceable steps for this bug I will post them there.

I will disable hardware offloading until then if it doesn't affect my performance too much.
Thank you to all for the help!

Why is your WAN on the bridge (aka vlan20)?

Check "what i'm trying to achieve" in my diagram. I need to pass on WAN into my proxmox host as a VLAN as I have VMs that need it.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Tue Feb 01, 2022 9:44 pm

Got it thanks!
Top
 
miksu103
just joined
Topic Author
Posts: 10
Joined: Fri Jan 28, 2022 10:01 pm

Re: Bridge VLAN egress does not strip tag RB5009 7.1.1

Tue Feb 01, 2022 10:07 pm

Great and thanks for the help!

Here is a link to the bug report incase anyone wants to follow up:
viewtopic.php?t=182839
Top
Post Reply

Who is online

Users browsing this forum: gery, StupidProgrammer and 42 guests
  4. RouterOS
  5. Beginner Basics