Community discussions

MikroTik App
 
washdogg87
just joined
Topic Author
Posts: 7
Joined: Thu Nov 14, 2019 2:58 pm

RB2011 Switch VLAN Romon connectivity

Thu May 19, 2022 12:23 pm

Hello,
I have vlans setup on my RB2011's switch by following the guide in "VLAN Example #2" here: https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering

All seems to be working fine, and device on access ports get the correct addresses/connectivity from the router, but I cannot connect over Romon to this device any longer (had to configure another port not on the bridge for accessing the device directly). Is there something extra which needs configuring to get Romon working again?

This is the first device I have setup using VLANs on the switch chip rather than just using a bridge with vlan filtering activated.

Thanks!

Image
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: RB2011 Switch VLAN Romon connectivity

Thu May 19, 2022 12:28 pm

Definitely have a look at this great topic as well:
viewtopic.php?f=23&t=143620
 
washdogg87
just joined
Topic Author
Posts: 7
Joined: Thu Nov 14, 2019 2:58 pm

Re: RB2011 Switch VLAN Romon connectivity

Thu May 19, 2022 2:17 pm

Hello,
Thanks for your reply - I have read that previously to help me understand vlans in general.

I think I'm struggling to convert my knowledge over from doing all the vlan config on the bridge (vlan-filtering=yes) to doing it on the switch itself.

If I set the vlan mode to 'fallback' on the trunk ports, I get romon working OK. Using torch I can see that traffic appears to be arriving on vlan ID 99.

But this doesn't make sense to me since vlan ID 99 definitely is in my vlan table on the switch. The manual says:
fallback - the default mode - handle packets with VLAN tag that is not present in vlan table just like packets without VLAN tag. Packets with VLAN tags that are present in VLAN table, but incoming port does not match any port in VLAN table entry does not get dropped.
secure - drop packets with VLAN tag that is not present in VLAN table. Packets with VLAN tags that are present in VLAN table, but incoming port does not match any port in VLAN table entry get dropped.
So what am I not understanding? :) I guess romon traffic somehow doesn't have a vlan id and so gets dropped in 'secure' mode?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: RB2011 Switch VLAN Romon connectivity

Thu May 19, 2022 4:19 pm

Romon by default operates on L2 directly on the connection, so it is untagged traffic. When you drop untagged traffic, it will not work.
But, you can add ports to Romon and when you add a VLAN subinterface there, it should work on that tagged VLAN as well.

Who is online

Users browsing this forum: cmmike, kolinsmk, PBondurant and 50 guests