Community discussions

MikroTik App
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

VLAN Issues - Failure

Wed Jul 06, 2022 2:34 pm

Hello,
I have now adjusted all bridges to VLAN and have massive problems.
Does anyone know why?
# jul/06/2022 13:26:38 by RouterOS 7.3.1

/interface bridge
add name=BRIDGE
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full \
    auto-negotiation=no comment="UPLINK"
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no comment=\
    "UPLINK"
set [ find default-name=sfp-sfpplus4 ] advertise="10M-half,10M-full,100M-half,\
    100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full" \
    auto-negotiation=no comment="UPLINK"
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2

add bridge=BRIDGE ingress-filtering=no interface=ether1 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether2 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether3 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether4 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether5 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether6 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether7 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether8 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether9 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether10 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether11 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether12 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus1
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus2
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus3
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus4
add bridge=BRIDGE ingress-filtering=no interface=ether13 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether14 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether15 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether16 pvid=200
add bridge=BRIDGE ingress-filtering=no interface=ether17 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether18 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether19 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether23 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether24 pvid=100
add bridge=BRIDGE interface=ether20 pvid=100
add bridge=BRIDGE interface=ether21 pvid=100
add bridge=BRIDGE interface=ether22 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=BRIDGE comment=TELEFON tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE untagged=\
    ether16 vlan-ids=200
add bridge=BRIDGE comment=DMZ tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=800
add bridge=BRIDGE comment=MGT tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE vlan-ids=99
add bridge=BRIDGE tagged=\
    BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 untagged="ether\
    1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,\
    ether12,ether13,ether14,ether15,ether17,ether18,ether19,ether20,ether21,et\
    her22,ether23,ether24" vlan-ids=100
/ip dhcp-client
add interface=BRIDGE
und diesem Switch
# jul/06/2022 13:26:18 by RouterOS 7.3.1
# model = CRS354-48P-4S+2Q+
/interface bridge
add ingress-filtering=no name=BRIDGE vlan-filtering=yes
/interface ethernet
set [ find default-name=ether27 ] poe-out=off
set [ find default-name=ether31 ] 
set [ find default-name=ether44 ] 
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\
    "UPLINK"
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no comment=\
    "UPLINK"
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no comment=\
    "UPLINK"
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no comment=\
    "Uplink"
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface vlan
add interface=*3E name=vlan99 vlan-id=99
/interface bridge port
add bridge=BRIDGE ingress-filtering=no interface=ether1 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether2 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether3 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether4 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether5 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether6 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether7 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether8 pvid=200
add bridge=BRIDGE ingress-filtering=no interface=ether9 pvid=200
add bridge=BRIDGE ingress-filtering=no interface=ether10 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether11 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether12 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether13 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether14 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether15 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether16 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether17 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether18 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether19 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether20 pvid=200
add bridge=BRIDGE ingress-filtering=no interface=ether21 pvid=200
add bridge=BRIDGE ingress-filtering=no interface=ether22 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether23 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether24 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus1
add bridge=BRIDGE ingress-filtering=no interface=ether26 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether27 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether28 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether30 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether31 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether32 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether33 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether34 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether35 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether36 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether37 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether38 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether39 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether40 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether41 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether42 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether43 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether44 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether45 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether46 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=ether47 pvid=800
add bridge=BRIDGE ingress-filtering=no interface=ether48 pvid=800
add bridge=BRIDGE ingress-filtering=no interface=ether49 pvid=100
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus2
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus3
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus4
add bridge=*3E interface=ether29
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=BRIDGE comment=TELEFON tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE untagged=\
    ether8,ether9,ether20,ether21 vlan-ids=200
add bridge=BRIDGE comment=DMZ tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=800
add bridge=BRIDGE comment=MGT tagged=\
    sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE vlan-ids=99
add bridge=BRIDGE tagged=\
    BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 untagged="ether\
    1,ether2,ether3,ether4,ether5,ether6,ether7,ether10,ether11,ether12,ether1\
    3,ether14,ether15,ether16,ether17,ether18,ether19,ether22,ether23,ether24,\
    ether25,ether26,ether27,ether28,ether29,ether30,ether31,ether32,ether33,et\
    her34,ether35,ether36,ether37,ether38,ether39,ether40,ether41,ether42,ethe\
    r43,ether44,ether45,ether46,ether49" vlan-ids=100
/ip dhcp-client
add interface=*3E
add disabled=yes interface=*46
add add-default-route=no disabled=yes interface=*4B
add add-default-route=no interface=vlan99 use-peer-dns=no use-peer-ntp=no
add interface=BRIDGE
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLAN Issues - Failure

Wed Jul 06, 2022 3:12 pm

The upper config doesn't do vlan filtering on the bridge.
The lower config contains a "*3E" interface (which is a second bridge but isn't created). Why more than one bridge?

Perhaps start with the beginning (too lazy to read all your other topics): how does the network diagram look like?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Wed Jul 06, 2022 3:32 pm

I have now activated VLAN filtering. I have now deleted the old bridge. Now there is only one bridge left.
I set the PVID to 1 again on all ports.
Now everything works.
I'll do a network diagram later when I have time.

How can I ping from VLAN A to VLAN B?
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLAN Issues - Failure

Wed Jul 06, 2022 3:35 pm

How can I ping from VLAN A to VLAN B?
InterVLAN traffic is allowed by default (if the router is a MikroTik device).

Check your router.
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Wed Jul 06, 2022 3:39 pm

how do I configure that?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Wed Jul 06, 2022 3:48 pm

ok i found it myself.
But how do I configure that with a C3XXX model?
/interface ethernet switch ingress-vlan-translation
add ports=ether6 customer-vid=0 new-customer-vid=200

here is my config. And i cant ping from vlan 100 zu vlan 200
/interface bridge port
add bridge=BRIDGE ingress-filtering=no interface=ether23
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus3
add bridge=BRIDGE ingress-filtering=no interface=ether1
add bridge=BRIDGE ingress-filtering=no interface=ether11
add bridge=BRIDGE ingress-filtering=no interface=ether12
add bridge=BRIDGE ingress-filtering=no interface=ether13
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus2
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus4
add bridge=BRIDGE comment="Uplink Router" ingress-filtering=no interface=ether2
add bridge=BRIDGE ingress-filtering=no interface=ether3
add bridge=BRIDGE ingress-filtering=no interface=ether4
add bridge=BRIDGE ingress-filtering=no interface=ether5
add bridge=BRIDGE ingress-filtering=no interface=ether6
add bridge=BRIDGE ingress-filtering=no interface=ether7
add bridge=BRIDGE ingress-filtering=no interface=ether8
add bridge=BRIDGE ingress-filtering=no interface=ether22
add bridge=BRIDGE ingress-filtering=no interface=ether9
add bridge=BRIDGE ingress-filtering=no interface=ether10
add bridge=BRIDGE ingress-filtering=no interface=ether19
add bridge=BRIDGE ingress-filtering=no interface=ether15
add bridge=BRIDGE ingress-filtering=no interface=ether16
add bridge=BRIDGE ingress-filtering=no interface=ether17
add bridge=BRIDGE ingress-filtering=no interface=ether18
add bridge=BRIDGE ingress-filtering=no interface=ether24
add bridge=BRIDGE ingress-filtering=no interface=ether20
add bridge=BRIDGE ingress-filtering=no interface=ether21
add bridge=BRIDGE ingress-filtering=no interface=sfp-sfpplus1

/interface bridge vlan
add bridge=BRIDGE comment=TELEFON tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE,ether2 untagged=ether10,ether11 vlan-ids=\
    200
add bridge=BRIDGE comment=DMZ tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether2 vlan-ids=800
add bridge=BRIDGE comment=MGT tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE,ether2 vlan-ids=99
add bridge=BRIDGE comment=FIRMA tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE,ether2 untagged=\
    ether1,ether16,ether3,ether4,ether5,ether6,ether7,ether24,ether12,ether13,ether14,ether15,ether17,ether18,ether19,ether22,ether23 \
    vlan-ids=100
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLAN Issues - Failure

Wed Jul 06, 2022 4:03 pm

ok i found it myself.
But how do I configure that with a C3XXX model?
What did you find?
You don't configure that on your switches, only on the router.
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Wed Jul 06, 2022 4:10 pm

I found the Manual.
We have a 3011
This is my configuration.
/interface bridge port
add bridge=bridge_FIRMA disabled=yes ingress-filtering=no interface=vlan99
add bridge=bridge_FIRMA disabled=yes ingress-filtering=no interface=ether7
add bridge=bridge_FIRMA ingress-filtering=no interface=ether6
add bridge=bridge_FIRMA comment=Starface ingress-filtering=no interface=ether5
add bridge=bridge_FIRMA ingress-filtering=no interface=ether9
add bridge=bridge_FIRMA disabled=yes ingress-filtering=no interface=vlan99
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_e7
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_e7
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_sfp1
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_sfp1
add bridge=bridge_FIRMA ingress-filtering=no interface=sfp1
add bridge=bridge_FIRMA interface=vlan100_e7
add bridge=bridge_FIRMA interface=vlan100_sfp1

/interface vlan
add interface=ether1 name=VLAN_ether1.200_PPPoE vlan-id=200
add interface=bridge_FIRMA name=vlan99 vlan-id=99
add comment=FIRMA interface=ether5 name=vlan100_e5 vlan-id=100
add interface=ether6 name=vlan100_e6 vlan-id=100
add interface=ether7 name=vlan100_e7 vlan-id=100
add comment="Telefon VLAN" interface=sfp1 name=vlan100_sfp1 vlan-id=100
add comment="Telefon VLAN" interface=ether7 name=vlan200_e7 vlan-id=200
add comment="Telefon VLAN" interface=sfp1 name=vlan200_sfp1 vlan-id=200
add comment="DMZ VLAN" interface=ether7 name=vlan800_e7 vlan-id=800
add comment="DMZ VLAN" interface=sfp1 name=vlan800_sfp1 vlan-id=800

/interface bridge
add name=bridge_DMZ
add fast-forward=no mtu=1500 name=bridge_FIRMA priority=0x7000
add fast-forward=no mtu=1500 name=bridge_GAST
add disabled=yes fast-forward=no name=bridge_HOTSPOT
add name=bridge_HAUS
add fast-forward=no mtu=1500 name=bridge_PPPOE protocol-mode=none
add name=bridge_TELEFON priority=0x7000
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Wed Jul 06, 2022 5:38 pm

I still have problems with the switch.
What is wrong here? The switch does not see the other switches.
/interface bridge
add name=BRIDGE
/interface vlan
add interface=BRIDGE name=MGMT vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,sfpplus2,sfp-sfpplus1 vlan-id=100
add tagged-ports=switch1-cpu,sfpplus2,sfp-sfpplus1 vlan-id=200
add tagged-ports=sfpplus2,sfp-sfpplus1 vlan-id=800
add tagged-ports=switch1-cpu,sfpplus2,sfp-sfpplus1 vlan-id=99
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=100 ports=ether1
add customer-vid=0 new-customer-vid=100 ports=ether2
add customer-vid=0 new-customer-vid=100 ports=ether3
add customer-vid=0 new-customer-vid=100 ports=ether4
add customer-vid=0 new-customer-vid=100 ports=ether5
add customer-vid=0 new-customer-vid=100 ports=ether6
add customer-vid=0 new-customer-vid=100 ports=ether7
add customer-vid=0 new-customer-vid=100 ports=ether8
add customer-vid=0 new-customer-vid=200 ports=ether9
add customer-vid=0 new-customer-vid=100 ports=ether10
/interface ethernet switch vlan
add ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether10,sfpplus2,sfp-sfpplus1 vlan-id=100
add ports=switch1-cpu,ether9,sfpplus2,sfp-sfpplus1 vlan-id=200
/ip dhcp-client
add interface=BRIDGE
/lcd interface pages
set 0 interfaces=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: VLAN Issues - Failure

Thu Jul 07, 2022 8:42 am

Is PVID urgently needed at Bridge? or when do i need it?
A few devices do not receive an IP address in the bridge.
I do not know why
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN Issues - Failure

Thu Jul 07, 2022 11:23 am

Is PVID urgently needed at Bridge? or when do i need it?

Bridge has roughly two personalities:
  1. switch-like entity which passes frames between member ports
  2. interface, which allows ROS to interact with traffic passing the switch-like entity. This one is implicitly created with every bridge, some of configuration in /interface bridge is actually about interface personality (properties are named same or similar to those on traditional interfaces, e.g. pvid, frame-types, ...).
More complete explanation by @sindy here: viewtopic.php?t=173692

So when you want to have bridge interface set up as access (or hybrid) port to bridge switch-like entity, it needs PVID set. If you don't need interaction with bridge for a particular VLAN ID, you don't make bridge interface member of that VLAN on bridge switch-like at all. If you construct a vlan interface on top of bridge interface, you have to configure bridge interface as tagged member that VLAN on bridge switch-like.

It does sound a tad complicated, but when you wrap your head around the concept, the pieces fall into their places naturally.

Who is online

Users browsing this forum: No registered users and 13 guests