Community discussions

MikroTik App
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Help needed to configure VLANs using switch features

Fri Jul 29, 2022 6:25 pm

I'd like to configure VLANs using switch features (rather than bridge) for performance reasons. Configuration using bridge is pretty easy and straightforward, however, I find it extremelly difficult to configure using switch features.

Here is switch ports description:
eth1 - traffic ingoing from the router
eth2 - traffic outgoing to another switch

Here is the definition of "traffic" and it's the same on both eth1 and eth2. Same untagged traffic and same tagged traffic need to pass between eht1 and eth2:
  • Untagged traffic
  • VLAN ID 10
There are a lot of examples on the internet, but none of them covers passing both untagged and tagged. As soon as I enable VLAN filtering, untagged traffic stops flowing, so basically I need someone to guide me to the right direction.

Any help is apprechiated!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Help needed to configure VLANs using switch features

Fri Jul 29, 2022 6:50 pm

P. SWITCH CHIP VLANS
https://help.mikrotik.com/docs/display/ ... p+Features
https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: Help needed to configure VLANs using switch features

Fri Jul 29, 2022 7:09 pm

P. SWITCH CHIP VLANS
https://help.mikrotik.com/docs/display/ ... p+Features
https://help.mikrotik.com/docs/display/ ... switchchip

other refs:
https://www.youtube.com/watch?v=Rj9aPoyZOPo - Vlans using the Switch Chip
https://www.youtube.com/watch?v=rvQ6o4RfnoU - Configure Vlan on Switch Chip
https://www.youtube.com/watch?v=YLtGQAQ8iS0 - CRS3XX Step by Step
This does not answer the question. Show me which link shows how to pass both untagged and tagged traffic? :)
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: Help needed to configure VLANs using switch features

Fri Jul 29, 2022 7:32 pm

This does not answer the question. Show me which link shows how to pass both untagged and tagged traffic? :)
Maybe this - https://wiki.mikrotik.com/wiki/Manual:S ... rid_Ports)
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: Help needed to configure VLANs using switch features

Fri Jul 29, 2022 7:37 pm

This does not answer the question. Show me which link shows how to pass both untagged and tagged traffic? :)
Maybe this - https://wiki.mikrotik.com/wiki/Manual:S ... rid_Ports)
Nope, I've tried this already. This example shows 3 tagged VLANs via ether2 and I would need both tagged and untagged traffic. Can't get this to work...
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: Help needed to configure VLANs using switch features

Fri Jul 29, 2022 7:47 pm

Nope, I've tried this already. This example shows 3 tagged VLANs via ether2 and I would need both tagged and untagged traffic. Can't get this to work...
Apparently I don't understand something. :D Isn't that what you need?
Screenshot_hybrid.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Help needed to configure VLANs using switch features

Sat Jul 30, 2022 5:49 am

I'd like to configure VLANs using switch features (rather than bridge) for performance reasons. Configuration using bridge is pretty easy and straightforward, however, I find it extremelly difficult to configure using switch features.
...
There are a lot of examples on the internet, but none of them covers passing both untagged and tagged. As soon as I enable VLAN filtering, untagged traffic stops flowing, so basically I need someone to guide me to the right direction.
See Getting Answers and How to Report Bugs Effectively
@anav's NEW USER POSTING FOR ASSISTANCE

You evidently think that configuration will be the same on any device running any version of firmware. That isn't the case. Please tell us what device you have, and what version of firmware you are running. Then we can provide better suggestions.

You also haven't shared anything you have done. Or even what problem you are trying to solve, because as stated, a generic dumb vlan-transparent switch from a big-box store will do what you want. There is no need to use vlan filtering unless you want the switch to do something that requires vlan-aware features, like the ability to untag traffic on an access port..

You have been directed to documentation and videos that demonstrate using the switch method. Depending on what device you have, this video may be useful. Mikrotik VLANs - CRS1xx & CRS2xx - Mikrotik Tutorial It's the companion to the CRS3XX Step by Step link @anav posted. Here's another one that @anav didn't list. Mikrotik Bridge VLAN Filtering which was made with v6.47.x on several different devices. Some devices have better bridge and switch support in v7.
Nope, I've tried this already. This example shows 3 tagged VLANs via ether2 and I would need both tagged and untagged traffic. Can't get this to work...
Again, without knowing exactly what you tried, how can anyone point our what is wrong?

In the example with 3 tagged VLANS on ether2 trunk port, if you want to extend a "hybrid" trunk link through two switch ports that you want to pass tagged 10 and untagged (some other vlan, which one you choose doesn't really matter in this case, it just has to be something that isn't used on any other ports you want to be isolated from), then you just need to configure the trunk port with pvid or for the VLAN you want untagged on the hybrid trunk link. Both switch ports need to be configured in the same way, e.g. both ports should have the same pvid configured (for the untagged traffic), and be tagged for vlan 10.
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: Help needed to configure VLANs using switch features

Fri Nov 11, 2022 10:07 pm

After a while I am back to this problem again. Let me upload a chart this time. What I am trying to achieve is quite simple:
Image

For CRS3xx switches (guide) it's fairly easy and I got it working just fine, but I am using CRS1xx/2xx series switches (guide) and I need to configure using
/interface ethernet switch
features for hardware accelerated filtering...

However, I do not understand how to implement it using this guide: This is the configuration I've built following those examples that does not work:
/interface ethernet switch ingress-vlan-translation add ports=ether1,ether2,ether3 customer-vid=0

/interface ethernet switch egress-vlan-tag add tagged-ports=ether1,ether3 vlan-id=10

/interface ethernet switch vlan add ports=ether1,ether2,ether3 vlan-id=0 learn=yes
/interface ethernet switch vlan add ports=ether1,ether3 vlan-id=10 learn=yes

/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3

The most confusing part is how to forward untagged traffic from one port to another without tagging it? Once I enable last rule (to enable vlan filtering), router becomes inaccessible. How do I do it?
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: Help needed to configure VLANs using switch features  [SOLVED]

Fri Nov 11, 2022 10:27 pm

I've got it to work. Very confusing, but I guess it's always like that for a first timers lol.

So today I learned:
  • Untagged traffic in Mikrotik switch is considered as VLAN 0.
  • You need to specify switch1-cpu (or whatever your switch has) to let the traffic reach the device itself, so you can access it remotely.

Here is a working code:
/interface ethernet switch egress-vlan-tag add tagged-ports=ether1,ether3 vlan-id=10

/interface ethernet switch vlan add ports=ether1,ether2,ether3,switch1-cpu vlan-id=0 learn=yes
/interface ethernet switch vlan add ports=ether1,ether3 vlan-id=10 learn=yes

/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3

Here is a scheme for above configuration:

Image

More information was explained here.

Who is online

Users browsing this forum: NetTecture and 33 guests